Introducing Catalin Sarbu, a .NET expert with over 15 years of experience in enterprise software development, specializing in fintech solutions where data integrity, security and compliance are critical. As a Tech Lead at Maxcode, he leads and mentors a high-performing development team and enjoys tackling complex financial and regulatory challenges through clean, well-architected code.
What’s different about developing software for banking and payments, compared to other industries?
Developing software for banking and payments is significantly more complex than in many other industries due to a combination of regulatory pressure, financial risk, data sensitivity and systemic interdependencies. In other domains, failures will only result in a degraded user experience, but defects in banking or payment systems can lead to direct financial loss, legal exposure, reputational damage and regulatory penalties. Therefore, successful fintech solutions require a careful balance between technical performance, regulatory compliance and user trust.
From a technical standpoint, banking systems must guarantee strong consistency, accuracy and auditability. Monetary transactions are irreversible in many cases, which means that idempotency, transactional integrity, reconciliation and precise handling of edge cases – such as partial failures, retries and concurrency – are critical. Additionally, payment flows often span multiple external systems such as payment gateways, clearing houses and core banking systems. This introduces network uncertainty, latency and complex failure modes that must be explicitly designed for.
How do you approach this complexity?
I typically rely on Domain-Driven Design (DDD) combined with Clean Architecture. This allows the core domain to be isolated from infrastructure concerns while enabling rich domain models that accurately reflect business rules. Bounded contexts are used to manage complexity by clearly defining ownership of concepts and minimizing coupling between subsystems such as payments, ledgering, fraud detection and reporting.
I also prioritize defensive design and observability. This includes explicit handling of failure scenarios, idempotent APIs, event-driven communication where appropriate and comprehensive monitoring, tracing and alerting. Automated testing plays a crucial role, with a strong focus on unit tests for domain logic, contract tests for integrations and end-to-end tests for critical transaction flows.
Ultimately, developing software in banking and payments is less about moving fast, and more about moving safely and predictably. My approach emphasizes correctness, resilience and clarity of intent, ensuring that the system can scale, comply with regulations and evolve alongside both business-related and regulatory changes.
You’ve worked on complex fintech platforms handling large volumes of sensitive financial data. Can you tell us about that experience?
I was part of the core technical team that built a fintech application designed to aggregate large volumes of complex financial data from multiple sources and present customers with a unified and secure view of their financial information.
From a technical perspective, this required careful design of efficient and scalable data-processing flows. We had to optimize performance for large datasets while ensuring the system remained responsive and reliable. Just as important was embedding security and compliance into the architecture from day one. This included encryption at rest and in transit, detailed auditing, strong access controls and GDPR-compliant data handling across the entire application.
What made this project particularly interesting was that performance, security and compliance were not separate concerns—they had to work together seamlessly. Any compromise in one area would immediately affect the others.
How has .NET evolved over the years?
When I started developing applications over 15 years ago, .NET was not as popular or as versatile as it is today. After .NET Core was released, which made it easier to introduce ground-breaking optimizations, its popularity increased because it finally became open source and cross-platform. Since then, the .NET framework has matured well and its performance, readability and extensibility have continued to improve from one release to the next. Personally, I think .NET with C# is one of the most versatile combinations of framework and language.
How do you leverage the .NET ecosystem to build secure and high-performance financial applications?
I leverage several key aspects to ensure both security and performance in financial applications. For example, dependency injection (DI) is built into .NET Core/5+ and is fundamental to creating loosely coupled, testable components for payment processing, transaction handling and audit logging. This makes it easy to swap implementations (like switching between different payment gateways) and to inject security-focused services like encryption handlers or compliance validators.
Async/await programming is critical in financial systems where you’re dealing with I/O-bound operations like database transactions, external API calls to payment processors or real-time market data feeds. By using async patterns throughout, thousands of concurrent requests can be handled without blocking threads, which is essential for high-throughput trading platforms or payment processing systems.
For cloud-native deployments, I use tools like Azure App Service, Docker containers and Kubernetes orchestration, combined with .NET’s built-in health checks, distributed tracing (OpenTelemetry) and configuration providers that work seamlessly with Azure Key Vault for secure credential management. The framework’s strong typing in C#, combined with features like records for immutable transaction data and pattern matching for complex financial logic, helps prevent entire classes of bugs that could lead to security vulnerabilities or calculation errors – both of which are catastrophic in financial contexts.
How do you stay ahead of emerging trends and technologies?
As a software developer you never stop learning; it’s a very important and enjoyable part of the job. Personally, I take a multi-layer approach to the learning process. On the first level, I watch as many conferences and videos on YouTube or other streaming platforms as possible to maintain an overview of the subject. As the next layer, I deepen my knowledge by reading books dedicated to particular topics. And I try and make time to attend live conferences and workshops that are not only inspiring but also great from a networking perspective.
