Hosted vs. On-Premise Solutions for Financial Institutions

Mary Ellen Biery
February 3, 2020
Read Time: min

Technology spending priorities

Creating more efficient operations and improving customer experiences are the goals driving technology strategies and investments at many U.S. financial institutions, according to Bank Director magazine’s latest survey of CEOs, executives and directors for its 2019 Technology Survey.

One challenge at a lot of banks and credit unions, however, is that a substantial chunk of the IT budget is tied up in technology infrastructure and maintenance and therefore, cannot be used for those new initiatives. Indeed, for many banks, over 40 percent of IT spending goes toward such expenses as data centers, servers, and networking equipment, according to a 2016 estimate by PwC’s financial services advisory group. 

Dollars for innovation tied up in IT infrastructure

This spending on infrastructure and maintenance is one way that traditional financial institutions are getting “left behind” in the competition from technology-oriented entrants to financial services, says consulting firm McKinsey in its recent report, “The last pit stop? Time for bold late-cycle moves.” Banks spend about 7 percent of revenues on information technology, the report’s authors estimate.

While so-called fintechs “devote more than 70 percent of their budget to launching and scaling up innovative solutions, banks end up spending just 35 percent of their budget on innovation with the rest spent on legacy architecture,” according to the report. McKinsey cautions that institutions not yet focused on innovation will probably be limited in the amount of capital “that can be put to work on change” amid pressures from increased competition and the resulting decline in margins and returns – pressures that are likely to intensify amid slowing growth and lower rates typical of late-cycle macroeconomics.

The trend away from on-premise technology

Historically, financial institutions have been reluctant to shift from on-premise technology, largely due to security concerns about having data in the cloud (data centers available to many users via the Internet). But research firm Gartner estimates that through 2025, 99% of cloud security failures will be the customer’s fault. In addition, assuming on-premises capabilities are more secure can lead to a false sense of security, especially at smaller institutions, the firm says. Some of the largest data breaches in history have been either inside jobs or malware planted on internal company networks.

Certainly, many institutions are expressing confidence in the security provided by a third-party technology vendor. Financial institutions in general are moving away from technology that is self-managed and deployed on their own premises, Gartner said in a recent report on financial services technology modernization.

Hosted solutions can react dynamically

Hosted solutions, or software-as-a-service (SaaS) systems hosted and maintained by a third-party vendor, are an increasingly popular option because they offer the ability to react dynamically to business conditions. The host can add computing, storage, and memory resources quickly as needed without additional infrastructure spending by the financial institution. That leaves resources – in terms of both capital and staffing – available for other needs.

Emily Larkin, Abrigo’s Chief Information Security Officer, says that even though financial institutions are becoming more comfortable with the security of hosted solutions and cloud-based providers, they can best protect themselves against security risks through due diligence and management of the hosting or cloud provider and through the service-level agreements in the contracts.

See why over 2,500 financial institutions rely on our software and services
learn more

Due diligence can allay transition concerns

“Financial institutions should establish a shared responsibility model with the hosting vendor that clearly lays out expectations and who is responsible for what,” Larkin says. “The appropriate cyber protections and terms should be noted in the contract, and the vendor should highlight their cyber controls and commitment to follow regulations and laws within the contract. Ensure the vendor is willing to assume a reasonable amount of liability and provide the appropriate notification and incident management procedures in the event of a data breach. Also, depending upon the type of vendor and their risk rating, look for service-level agreements with financial implications if they are not met.” 

Similarly, Larkin says, ensuring that a hosted-solution vendor has spelled out that it has the appropriate technical controls around data can allay any concerns a financial institution might have about losing data when it is not located on its premises. “Financial institutions should ensure they are requiring data encryption, audit logging, and the appropriate perimeter controls within the hosting environment - to name a few,” Larkin says.

“The biggest message is that you cannot sign a contract with a hosting provider and walk away,” she says. “Using a hosted solution does not relieve the financial institution from the responsibility of protecting data. Make sure you have a strong relationship with the provider and hold them accountable, and be aware of who has access to your data and your environment.”

Financial institutions that do move away from on-premises technology to hosted solutions benefit from knowing that the vendor is now upgrading the software (often behind the scenes) to make sure everyone is using the correct versions, and the vendor is taking care of server requirements. The IT team is able to shift that time to other projects, perhaps on innovation that can improve the customer experience or better manage operational or credit risk, or improve efficiency.

“If a financial institution works with a hosted solution that has the appropriate resources for implementation and ongoing monitoring, and has the appropriate experience and client base, it will be able to keep the financial institution running smoothly throughout the transition – and beyond,” says Larkin.

To take advantage of the efficiencies and security tied to a hosted solution, financial institutions may simply need to reallocate spending from on-premise infrastructure to software and systems that are web-based; no increase may be necessary. This adjustment of spending and mindset makes it possible for the bank or credit union to focus on the business of banking and its critical strategic goals, whether those are growth, creating better customer experiences, or something else.

About the Author

Mary Ellen Biery

Mary Ellen Biery is a Senior Writer and Content Specialist at Abrigo.

Full Bio

About Abrigo

Abrigo is a leading technology provider of compliance, credit risk, and lending solutions that community financial institutions use to manage risk and drive growth. Our software automates key processes — from anti-money laundering to fraud detection to lending solutions — empowering our customers by addressing their Enterprise Risk Management needs.

Make Big Things Happen.

 

Looking for Banker’s Toolbox? You are in the Right Place!

Banker’s Toolbox is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to Banker’s Toolbox Community Online.

Make yourself at home!