A while back “build vs. buy” was a hot topic when firms were looking to implement new or updated compliance technology. That debate has faded into the background a bit as the industry has shifted to the adoption of SaaS technology as the standard for compliance software.
But for firms that still have systems that were internally built embedded within their organization, the question of when it’s time to sunset their legacy platform and move to a more modern SaaS-based solution remains.
According to the Deloitte podcast SaaS is the future of software, and that future is now, “SaaS is the shortest path to agility, continuous innovation, and ongoing operational improvement”. By moving to SaaS, firms no longer have to worry about costly software and hardware updates on a five-year cycle. Instead, firms can get continuous updates with less complexity – a critical need in a global environment where regulatory and business changes are occurring at a fast and furious pace.
At first glance it can seem like sticking with homegrown legacy systems is the most effective and efficient solution. It costs time and money to make the switch, right? And who better knows the unique needs of the organization than the people that work there? But with regulators increasingly expecting that firms have the latest compliance technology, industry developments continuing at rapid speed, and firms continually being expected to do more with less, that decision can lead to unintended consequences.
The long-term results of outdated and separate point solutions that meet one compliance need but don’t talk to each other include excess cost, data gaps, employee turnover, and potential blind spots. When systems fail, the risk of non-compliance soars, and the firm could potentially suffer hefty fines, regulatory sanctions, and even criminal charges. Read more in the white paper Why Less is More: Consolidate Compliance Technology to Reduce Cost and Risk.
Whether looking at a new build to address an updated regulatory or business requirement, or sinking additional investment into an existing proprietary system, there are roadblocks that a firm should be aware of before moving forward. According to Deloitte’s perspectives on buy vs. build in banking technology, there are hidden costs when firms build and maintain their own technology stack. The report notes that while the approach appears to offer greater benefits like control of the process and the ability to customize, there are a host of hidden costs involved. Some of these costs involve:
Building, updating and maintaining a system involves significant hardware costs along with extensive employee hours for time spent on the planning, design, buildout, testing and other related activities. And even after the system is deployed, global support and maintenance costs must be factored in, both in terms of hardware and staffing.
With a proven SaaS compliance technology vendor, support, maintenance and upgrades are covered within a simple license fee, a much more cost-effective solution.
Time to Deployment
It can take years to build or even update a bespoke software platform, even if you have plenty of internal resources allocated to the build. But the reality of the financial services industry means that resources for compliance technology are often redirected to revenue generating applications, adding even more time to an already long process.
David Ririe, EMEA Sales Director at MCO, notes that when you choose a SaaS software like MyComplianceOffice with pre-built capabilities, all that’s needed to deploy is configuration and implementation, taking the timeline from years to just a few months.
Hiring, training and retaining IT staff is always a challenge. To build a system internally it takes a large team of developers and IT experts. Often a house-built system falls under the domain of one or two internal experts within the organization. If documentation goes by the wayside in the rush of development and deployment, when a core team member leaves the organization, much of the institutional knowledge about the system will end up leaving with them.
It’s not just IT staffing that organizations need to worry about. Compliance subject matter experts will also need to devote significant time to the process to ensure that scoping, implementation and deployment all lead to a system that effectively meets regulatory requirements.
Buying technology from a proven provider is an efficient use of budgets and internal resources. With both tech and compliance talent in high demand across the industry, it’s an effective way of allocating resources and freeing both IT and Compliance up to work on other endeavors within the firm.
Cyber security is a key priority for any system. When you go with a proven SaaS solution, features to protect the platform and the firm from malicious cyber attacks and data breaches are built into the technology. The MyComplianceOffice platform contains advanced firewall and threat management technology, and is ISO27001 and SOC2 Type II certified.
Beyond regular system maintenance, it’s inevitable that firms will need to update the system to be compliant with the latest regulatory changes or accommodate new business needs. In the tumultuous regulatory environment that we’re in right now, that means that a new build or legacy update can be at risk of obsolescence before it’s even deployed. To ensure that the system meets current regulatory requirements, significant resources from both IT and Compliance are required to keep the software up to date.
Ability to Adapt to Regulatory and Business Change
Although every firm does have both business and compliance needs that are unique to their organization, firms are still operating in the same regulatory environment and have much of the same compliance obligations. What firms really should be doing is looking for extensible technology that lays the foundation for best-in-class compliance. According to MCO EMEA Sales Director Craig Stimpson, because MCO’s solution has been designed, built and developed by seasoned compliance experts to meet the needs of leading, global clients, in an average implementation, much of the technology will fit client needs out of the box and the rest can be addressed with customizations.
There’s a middle ground between using a custom system from scratch internally and committing to a system that doesn’t fully meet your compliance needs. SaaS software that provides a best-practices framework and a modular approach to compliance that can be customized to meet the needs of the organization today and down the road hits that middle ground.
And where regulators know and have a comfort level with the major players in the compliance technology marketplace, they are going to expect hard proof from Compliance that their homegrown system actually works as it’s intended.
Take Advantage of Collective Industry Knowledge and Expertise
With compliance technology comes access to industry best practices. When you’re working with a provider like MCO that serves financial services firms of sizes across the globe, you get the benefit of the team’s combined years of experience helping organizations with the same profile as yours.
At MCO, customer success teams always have an ear out for what new functionality users are looking for, whether it’s as simple as a suggested tweak to a form or a workflow, or an entirely new module within the platform. So when you use a system that many of your peers in the marketplace as using, you also benefit from their collective knowledge along with the expertise of your provider.
You’ll also be part of an industry community, with access to live and online customer-only though leadership and events so you can learn from industry experts and connect with compliance peers.
An internally built legacy system might get the job done, but upgrading to a SaaS solution designed and implemented by industry experts can help Compliance get the job done better.
Read a white paper on with guidance on finding the right strategic technology partner to meet your compliance needs today and in the future. And when you’re ready, set up a demo to see how we help firms move away from outdated compliance and towards streamlined, integrated and effective compliance governance.