Gareth Saul
Chief Technology Officer — Regulated Payments & Crypto-Asset Services
Summary
Regulated-fintech CTO with end-to-end ownership of payments and crypto-asset technology in a group operating under MFSA supervision. Currently CTO of Ballista Ltd, a Maltese Virtual Financial Assets service provider (Cap. 590, Category 3) preparing for authorisation as a MiCA Crypto-Asset Service Provider, where I am the named Senior Manager / CTO in the Personal Questionnaire submitted to the MFSA and the Board-approved process owner for the Cyber Security Policies, Business Continuity Plan, ICT Risk Management Framework, and the technical sections of the Custody Policy. Across the wider group I rebuilt a barebones payment engine into a PCI DSS-certified production platform processing billions in card volume at four-nines uptime, and have launched regulated-adjacent products in crypto-backed payments, trade finance, and micro-lending. Hands-on across cryptographic architecture (HSM, Shamir SSS, key management), DORA technical compliance, secure-by-design platform engineering, and ML-driven fraud and risk. B.Sc. (Hons) Computer Science, University of Cape Town. Clean regulatory and personal record.
Regulatory Standing
- Named CTO / Senior Manager of Ballista Ltd in the MFSA Personal Questionnaire; entity supervised by the Malta Financial Services Authority under the Virtual Financial Assets Act (Cap. 590), Category 3, with a MiCA CASP application in flight.
- Board-approved process owner: Cyber Security Policies & Procedures; Business Continuity Plan; ICT Risk Management Framework; Production Environment Hardening Guide; Coding & Development Standards; technical sections of the Custody Policy.
- DORA technical-compliance lead; operational shard holder in the Secure Enclave's Shamir 3-of-5 key-recovery quorum.
- Positive declaration: no regulatory actions, sanctions, enforcement proceedings, criminal or civil proceedings, bankruptcy, or director-disqualification in any jurisdiction, at any time.
- PCI DSS Level 1 — personally architected and implemented the controls that took the group's payment platform to certification.
Top Skills
Regulated payments & PSP technology · PCI DSS · Cryptographic architecture (HSM, Shamir SSS, key management) · ICT risk management & DORA · Secure-by-design platform engineering · Cloud (Azure primary; AWS, CF, DO) · ML-driven fraud & transaction risk · .NET / C# · Engineering leadership · AI-first development & AI-Ops
Experience
Stream Innovation Ltd
Chief Technology Officer
End-to-end ownership of technology across an MFSA-supervised group operating regulated and regulated-adjacent activities in payments, crypto-asset services, trade finance and micro-lending.
Regulated-entity role · Ballista Ltd (MFSA Cat 3 VFA / MiCA CASP applicant)
- Named CTO / Senior Manager in the Personal Questionnaire submitted to the MFSA.
- Authored and own the Board-approved Cyber Security Policies, Business Continuity Plan, ICT Risk Management Framework, Production Hardening Guide, Coding & Development Standards, and the technical chapters of the Custody Policy.
- DORA technical-compliance lead: incident classification thresholds, third-party ICT register, resilience testing programme, and oversight of the pre-launch independent penetration test.
- Designed the Secure Enclave architecture — Azure Key Vault Premium (HSM-backed, FIPS 140-3 Level 3) plus Shamir 3-of-5 key-recovery quorum; hold one of the operational shards.
Group payments platform
- Rebuilt the payment engine from a barebones PoC into a PCI DSS Level 1-certified production platform delivering 99.99% uptime and billions in card transaction volume; personally architected and implemented the controls for certification.
- Built and operate ML-driven fraud and risk systems — origin validation, MCC-abuse detection, real-time transaction scoring — protecting the cascade across multiple acquiring relationships.
- Launched greenfield ventures in crypto-backed payments, trade finance, and micro-lending from concept to revenue.
Engineering leadership & AI
- Scaled and led the engineering function through a complete operational rebuild — processes, tooling, culture.
- Drive the group's AI-first transformation, delivering production AI for onboarding, risk analysis, knowledge management and operations, and setting company-wide standards for AI tooling and workflow adoption.
Senior Software Engineer · December 2021 – March 2022
20East
Founder
End-to-end product development for tourism brands. Delivered a wildlife-sighting platform for a leading safari operator and an intelligent narrative engine for Wetu's enterprise clients.
Wetu
Chief Technology Officer
Joined as first engineer. Built and scaled all technology — infrastructure, databases, back-end services, web and mobile front-ends — growing Wetu from a bootstrapped startup into the industry-leading itinerary and content platform for African tourism. Grew the development team and served on the leadership team across all business functions.
Oven Baked Software
Freelance Developer
Bespoke web applications focused on GIS and mapping. Delivered a consultant-location system for a leading insurance company and a GPS/GSM-based vehicle monitoring platform with embedded firmware and live data transmission over GPRS.
New Media Labs
Senior Developer
Led a team delivering web applications across the Microsoft stack. Scoped and shipped a flagship interactive map visualisation for tourism that later pivoted into Wetu. Introduced Agile practices and built out the company's development and hosting infrastructure.
Jam Warehouse
Developer
Analyst developer on a just-in-time stock management and foreign-currency system for a major retail chain, upgrading the platform to current frameworks as part of a wider enterprise technology programme.
Fourge
Lead Developer
Led development on an enterprise life-assurance system — feature planning through implementation across SQL databases, BizTalk middleware and web services. Managed a small team of developers and served as primary client liaison.