Article Outsourcing IT vs In House IT for Banks

In recent years, banks — and the financial services industry as a whole — have found it difficult to increase profitable returns on their assets. Be it increased compliance requirements or the rise of fintech firms, the financial market hasn’t been kind to traditional financial services providers.

Naturally, when the market is less-than-receptive, companies look to optimizing their operations costs as a means to achieve savings and, in turn, increase profit. The area of business process outsourcing (BPO) has drawn much interest, especially in terms of IT.

As if often does, the question of outsourcing — especially outsourcing IT — has drawn controversy on a variety of fronts, particularly security and questions of actual savings and efficiency.

In this post, we’ll examine how outsourcing IT fares against in house IT operations and whether outsourcing actually does secure substantive savings to your bank’s bottom line.

Strained Profitability in the Banking Industry

Fundamentally, this discussion stems from the trouble banks are having with generating enough profitability. For example, the graph below (from a 2016 study by Deloitte) shows us that profits for banks have generally been stagnant since 2011.

Banking Profitability

The banking industry’s profitability is being impacted from a variety of fronts.

• First, we have the reality of historically low interest-rates, which directly limit the returns banks are able to achieve on their assets.
• Second, increasingly demanding regulatory requirements. According to Deloitte, compliance costs the banking industry a staggering $270 billion per year (amounting to roughly 10% of their respective operating costs).
• Third, competition from a new generation of financial start-ups – i.e. fintech firms – that already leverage today’s technologies to provide similar services at much lower costs.
• Fourth, though it’s partly related to compliance, the need to enhance cybersecurity to protect key information (e.g. client data) and other assets from online threats.

Factors Pressuring the Financial Services Industry

Given these challenges, banks are examining their options for optimizing their operating costs, with information systems or IT being of particular interest.

The focus on IT stems from its mix of rising costs in terms of technology procurement, hiring and workforce retention and compliance (of security and privacy processes). Of these, compliance is of notable interest because it also impacts the cost and complexity of one’s IT system.

In Deloitte’s most recent Global Risk Management Survey, 56% of banks stated that aligning IT to the Basel Committee’s new market risk rules would be “very” or “extremely” challenging. 50% also noted the same for aligning data management practices, which also falls under IT. Thus, IT is a critical area of concern in terms of controlling immediate and long-term operating costs.

Reported Difficulties (by Banks) of Complying with the Basel Committee

Why In-House IT?

One of the strongest arguments for maintaining a strong in-house IT team is that you can build a workforce that’s uniquely trained and equipped to handle your bank’s specific needs. You control the training and education process, while your employees’ sole incentive will be to excel at your bank instead of trying to manage expectations of several clients.

Likewise, the IT technology as well as other elements in your system will be defined, designed and controlled by you, which could — at least in theory — guide you to guaranteeing compliance. In fact, with the bulk of your IT operations in-house, you should also be more secure (i.e. there are fewer outside parties involved managing your system).

However, the practical reality generally differs from the theory. For example, although you can control the training and education of your employees, you’re also responsible for ensuring that they’re kept up-to-date. Given that the cybersecurity and regulatory environments are evolving (and becoming more complex), talent acquisition and retention will rise in cost in tandem.

In fact, as your IT complexities – especially in security – grow, so will your difficulties in securing the necessary talent. In most cases, financial services institutions are reporting that it takes six months to hire experienced cybersecurity experts, though as many as half of those hires may not possess the exact qualifications and skills required by the financial services firm.

Financial Services Firms Reporting Hiring Difficulties

In light of these actual talent gaps, financial services institutions such as banks have reported difficulties in executing the necessary IT strategies for compliance, security and efficiency.

The Impact of Insufficient In-House Expertise

The financial messaging services provider SWIFT outlined that financial IT has trouble acquiring talent that fuses “technical, business know-how, and strategic thinking capabilities to implement cyber risk initiatives quickly and effectively.”

In contrast, managed IT services providers have generally reached a point where they can let you leverage the necessary human expertise to implement your IT strategy without the cost, risks and delay of building an equivalent internal IT team.

Why Outsourced IT?

By outsourcing your bank’s IT processes to a managed IT services provider (MSP), you’re essentially pushing the potentially time-consuming and day-to-day management of your IT to those with established expertise and processes.

This frees you from having to commit to the necessary capital expenditure as well as the associated compliance and security costs directly. Rather, your bank pays for the managed IT service with the expectation that your MSP continues adhering to the evolving landscape of the financial industry’s market, security and regulatory factors.

Returning to the cybersecurity example, you might wonder if outsourcing IT puts your bank at increased risk of non-compliance or cyber attacks. However, not only is that risk avoidable by securing the right MSP, but the financial services industry as a whole is seeking MSPs to offer specialized IT security expertise and commitment that’s not readily available to the firm.

Not only are there MSPs that provide the necessary capabilities, but these MSPs are able to leverage the fact of having multiple clients to bring a rich experience pool to the table. From threat intelligence and analytics, identity management, cybersecurity design, fixing breaches to complying with an array of regulatory requirements, an MSP is equipped to close your IT gaps.

Benefits of a Managed IT Services Provider (MSP)

Besides security, MSPs can also equip your banks with the expertise to understand emerging technologies —such as artificial intelligence and new cloud applications — and make informed decisions about implementing them. In this sense, MSPs are equalizers for banks needing to embark on new IT projects but lack the required internal expertise and technology base to organically design, implement, test and maintain them.

In its study of how the financial services industry is leveraging MSPs, Deloitte concluded:

“The rewards of the managed services operating model are potentially vast. Banks and capital market firms get scalable process expertise and, simultaneously, gain the confidence to reallocate their most critical resources to focus on top strategic priorities: core business growth, differentiation, value creation, and profitability.”

What to Seek in an IT Company?

The value your bank extracts from a MSP is contingent on selecting the right MSP. There are a range of areas to consider, but start with whether the MSP is equipped in terms of the expertise and technology access to fulfill your requirements.

For example, does this MSP draw on tier-one (e.g. Gold, Platinum, Trusted etc) partnerships with top IT vendors (e.g. Microsoft, Cisco, Adobe, etc)? Does its workforce leverage today’s certifications in security and development? Does this MSP have experience in the finance industry, especially in terms of navigating and complying with regulations?

Once you’ve settled on the baseline requirements, your bank should pursue an outcome-based, long-term service model with the MSP for financial it services, wealth management it services or insurance it services. This will ensure that your MSP is fully invested in the IT needs of your bank, especially in terms of cybersecurity and compliance. Contractually include issues such as potential staff turnover (on the part of the MSP), expectations and other critical elements that can affect your bank to avoid shock.

If you’re examining how managed IT services can enable your bank to generate savings while fully complying with its regulatory and security requirements, Insight can help you get started with building and maintaining robust IT infrastructure.