Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

AML/CFT Asset/Liability Fraud Prevention Lending & Credit Risk Portfolio Risk & CECL

Hosted vs. On-Premise Solutions for Financial Institutions

Mary Ellen Biery
February 3, 2020
Read Time: 0 min

Key Takeaways

  1. At many financial institutions, a substantial share of the IT budget is tied up in technology infrastructure and maintenance and cannot be used for new initiatives.
  2. Financial institutions generally are moving away from self-managed, on-premise technology and are finding hosted solutions that provide the security and scalability they need.
  3. Conducting proper due diligence and working with a vendor that has the appropriate resources for implementation and ongoing monitoring can allay concerns about the transition.

Technology spending priorities

Creating more efficient operations and improving customer experiences are the goals driving technology strategies and investments at many U.S. financial institutions, according to Bank Director magazine’s latest survey of CEOs, executives and directors for its 2019 Technology Survey.

One challenge at a lot of banks and credit unions, however, is that a substantial chunk of the IT budget is tied up in technology infrastructure and maintenance and therefore, cannot be used for those new initiatives. Indeed, for many banks, over 40 percent of IT spending goes toward such expenses as data centers, servers, and networking equipment, according to a 2016 estimate by PwC’s financial services advisory group. 

Dollars for innovation tied up in IT infrastructure

This spending on infrastructure and maintenance is one way that traditional financial institutions are getting “left behind” in the competition from technology-oriented entrants to financial services, says consulting firm McKinsey in its recent report, “The last pit stop? Time for bold late-cycle moves.” Banks spend about 7 percent of revenues on information technology, the report’s authors estimate.

While so-called fintechs “devote more than 70 percent of their budget to launching and scaling up innovative solutions, banks end up spending just 35 percent of their budget on innovation with the rest spent on legacy architecture,” according to the report. McKinsey cautions that institutions not yet focused on innovation will probably be limited in the amount of capital “that can be put to work on change” amid pressures from increased competition and the resulting decline in margins and returns – pressures that are likely to intensify amid slowing growth and lower rates typical of late-cycle macroeconomics.

The trend away from on-premise technology

Historically, financial institutions have been reluctant to shift from on-premise technology, largely due to security concerns about having data in the cloud (data centers available to many users via the Internet). But research firm Gartner estimates that through 2025, 99% of cloud security failures will be the customer’s fault. In addition, assuming on-premises capabilities are more secure can lead to a false sense of security, especially at smaller institutions, the firm says. Some of the largest data breaches in history have been either inside jobs or malware planted on internal company networks.

Certainly, many institutions are expressing confidence in the security provided by a third-party technology vendor. Financial institutions in general are moving away from technology that is self-managed and deployed on their own premises, Gartner said in a recent report on financial services technology modernization.

Hosted solutions can react dynamically

Hosted solutions, or software-as-a-service (SaaS) systems hosted and maintained by a third-party vendor, are an increasingly popular option because they offer the ability to react dynamically to business conditions. The host can add computing, storage, and memory resources quickly as needed without additional infrastructure spending by the financial institution. That leaves resources – in terms of both capital and staffing – available for other needs.

Emily Larkin, Abrigo’s Chief Information Security Officer, says that even though financial institutions are becoming more comfortable with the security of hosted solutions and cloud-based providers, they can best protect themselves against security risks through due diligence and management of the hosting or cloud provider and through the service-level agreements in the contracts.

See why over 2,500 financial institutions rely on our software and services

learn more

Due diligence can allay transition concerns

“Financial institutions should establish a shared responsibility model with the hosting vendor that clearly lays out expectations and who is responsible for what,” Larkin says. “The appropriate cyber protections and terms should be noted in the contract, and the vendor should highlight their cyber controls and commitment to follow regulations and laws within the contract. Ensure the vendor is willing to assume a reasonable amount of liability and provide the appropriate notification and incident management procedures in the event of a data breach. Also, depending upon the type of vendor and their risk rating, look for service-level agreements with financial implications if they are not met.” 

Similarly, Larkin says, ensuring that a hosted-solution vendor has spelled out that it has the appropriate technical controls around data can allay any concerns a financial institution might have about losing data when it is not located on its premises. “Financial institutions should ensure they are requiring data encryption, audit logging, and the appropriate perimeter controls within the hosting environment - to name a few,” Larkin says.

“The biggest message is that you cannot sign a contract with a hosting provider and walk away,” she says. “Using a hosted solution does not relieve the financial institution from the responsibility of protecting data. Make sure you have a strong relationship with the provider and hold them accountable, and be aware of who has access to your data and your environment.”

Financial institutions that do move away from on-premises technology to hosted solutions benefit from knowing that the vendor is now upgrading the software (often behind the scenes) to make sure everyone is using the correct versions, and the vendor is taking care of server requirements. The IT team is able to shift that time to other projects, perhaps on innovation that can improve the customer experience or better manage operational or credit risk, or improve efficiency.

“If a financial institution works with a hosted solution that has the appropriate resources for implementation and ongoing monitoring, and has the appropriate experience and client base, it will be able to keep the financial institution running smoothly throughout the transition – and beyond,” says Larkin.

To take advantage of the efficiencies and security tied to a hosted solution, financial institutions may simply need to reallocate spending from on-premise infrastructure to software and systems that are web-based; no increase may be necessary. This adjustment of spending and mindset makes it possible for the bank or credit union to focus on the business of banking and its critical strategic goals, whether those are growth, creating better customer experiences, or something else.

Abrigo Data Center

Abrigo software can be hosted in a state-of-the-art environment with dedicated information security and information technology teams, making it easier to keep your software running efficiently. Join over 1000 financial institutions in the Abrigo Data Center and have easier upgrades, secure data, and enhanced customer support.

Lending & Credit Risk
Automate Life-of-Loan

Learn More

BSA/AML & Fraud
Fight Financial Crime

Learn More

Portfolio Risk & CECL
Manage Portfolio-Wide Risk

Learn More

ALM
Increase Profitability

Learn More
Blog
AML/CFT Financial Crime Fraud Prevention

Bank wire fraud – How social engineering and technology perpetrate fraud losses

Learn More
Blog
AML Training AML/CFT BSA Rules and Regulation Card Fraud Check Fraud Financial Crime Fraud Prevention Fraud Trends

Reg CC: Funds availability requirements and fraud

Learn More
Blog
AML Training AML/CFT BSA Rules and Regulation Customer Due Diligence Financial Crime

Prevent ‘pig butchering’ scams: Safeguarding against investment fraud

Learn More
About the Author

Mary Ellen Biery

Senior Strategist & Content Manager
Mary Ellen Biery is Senior Strategist & Content Manager at Abrigo, where she works with advisors and other experts to develop whitepapers, original research, and other resources that help financial institutions drive growth and manage risk. A former equities reporter for Dow Jones Newswires whose work has been published in

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.