Aite-Novarica Group

How are banks changing the way they manage risk?

This blog features the major findings from a research commissioned by Bloomberg on the Total Cost of Ownership (TCO) of risk technology solutions. For the full results, please download the report.

Globally, banks have historically chosen to deploy third-party risk technology on premises, largely a reflection of the vendor landscape up until the past few years. In recent years, the landscape has shifted toward greater availability of Software-as-a-Service (SaaS) third-party risk management solutions. Despite many banks keeping up maintenance and investment in legacy on-premises risk platforms, banks increasingly recognize the merits of SaaS-based risk technology. In this model, banks largely delegate the responsibility for the infrastructure, management, and development of the risk applications to vendors.

Aite-Novarica Group expects banks’ risk technology infrastructure to look quite different by 2030, with cloud-based SaaS technology more common. A combination of factors drives the change in deployment preference, from business factors such as faster time to market, on-demand resource allocation, disaster recovery, and uptime of services to costs of hardware and maintenance and compliance pressures. Zooming in on the total cost of ownership (TCO) in particular, Aite-Novarica Group finds that on-premises risk platforms have significantly higher “hidden costs” when compared with SaaS risk platforms. The hidden costs, such as data-integration-related costs, hardware costs, and developer costs, are difficult to estimate and are additional to the visible upfront license and implementation fees.

Find out how banks are changing the way they manage risk

Download the report

SaaS license pricing is mostly inclusive of these hidden costs, and banks note that the absolute license costs for SaaS-only risk vendors still are generally lower than those of on-premises or hybrid counterparts. This makes the TCO for banks with SaaS-based risk platforms also lower, which helps make the case for migration to SaaS solutions.

This paper explores the technology decisions banks face and the merits and hurdles of SaaS migration, and breaks down the TCO equation using direct feedback from surveyed banks, with key findings highlighted in Figure 1.

Risk technology and legacy systems at banks
  • Third-party solutions dominate regional and local banks: All banks in the study use at least one third-party solution to manage enterprise-level or specific risks, with most relying entirely on third parties for all risk management needs.
  • The majority of banks still deploy on-premises technology, but this will change: Aite-Novarica Group estimates that around 80% of banks deploy third-party risk management technology on premises, but the pipeline of new implementations from leading vendors is estimated to be around 40% SaaS/cloud deployments.
  • Banks with SaaS risk solutions report a lower absolute TCO compared with banks with on-premises installations: This is driven by two major factors, the first being that SaaS headline fees already incorporate several costs that include hosting infrastructure and performing upgrades, resulting in less “hidden cost.” The second factor is that, remarkably, even SaaS vendors’ absolute headline license or subscription costs are reported to be lower than legacy on-premises risk solutions.
  • Visible upfront costs for SaaS risk systems capture a greater portion of TCO for banks compared with the license costs of on-premises solutions: License and implementation costs represented about 63% of TCO for SaaS compared to onpremises deployments, at 43% of TCO. This partially reflects the greater hidden costs of on-premises systems, which include data management and integration costs.
  • The major cost component for on-premises risk solutions is data management and integration: The largest cost burdens for on-premises solutions are the data management and integration efforts. These are estimated to be 34% of TCO for onpremises risk systems.
  • Staffing requirements to maintain and develop an on-premises risk system are significantly higher than they are for SaaS deployments: Banks that deploy onpremises in many cases have over 15 full-time employees (FTEs) to support the day-to-day operations in addition to risk system maintenance, development, and customization efforts. Additional costs are also accumulated over time due to external consultants’ implementation and maintenance fees. For SaaS, between two and three FTEs support other solutions for day-to-day management, while the risk system maintenance and development is largely in the hands of the vendor.

This paper highlights the current market and regulatory conditions facing banks of all sizes and how they have brought banks to a crossroads at which they must consider alternative technology deployment models and greater outsourcing of risk technology to third parties. This paper then lays out the arguments for migration and common objections, following up with a spotlight on TCO. Finally, the paper highlights a bank case study that documents SaaS migration.

Bloomberg commissioned Aite-Novarica Group to better understand the current state of banks’ risk technology infrastructure and the cost implications in relation to supporting capital markets businesses. Learn more about Bloomberg’s risk solutions or read the full report.

Recommended for you

Request a Demo

Bloomberg quickly and accurately delivers business and financial information, news and insight around the world. Now, let us do that for you.