Should firms adopt third-party RegTech solutions instead of building them in-house?


In the past, it would be common for many RegTech firms to build and run their own solutions themselves. However, changing trends and technologies mean third-party is becoming a bigger option.

With more options for companies to outsource product development arising by the day, businesses in the RegTech industry, as just one example, are considering whether it is worth the hassle to build their product and services in-house.

In the opinion of Jamie Hunter – COO of RegTech firm Aveni – the collective experience at Aveni paints a path towards the move to external suppliers.

He said, “Over the past five years there has been a fundamental shift in IT strategy, especially in larger businesses who used to build and sometimes white label solutions, who are now moving away from this approach.

“Many have recognised the power of partnerships and leveraging experts as part of an ecosystem of trusted suppliers, which allows them to focus on their intrinsic value to customers and the bottom line, rather than trying to develop IT solutions internally.”

Hunter added that at a macro level across many sectors, there is an ‘exponential’ demand for good software developers and digital experts that creates a very competitive landscape for firms hiring in-house to build and maintain bespoke systems.

This highlights one of the significant advantages for third-party suppliers – their business models are focused on hiring the right and best people from across sectors to ensure continuous improvement and boost learnings. This is an advantage, Hunter claims, over siloed or legacy views from one specific industry, organisation or customer base.

He concluded, “They emphasise innovation and agility within their teams so they can offer powerful, easy-to-use and compliant solutions to remain competitive and bring advantage to their customers, which is ultimately a win-win all round.”

Tools for building

One of the key developments surrounding the in-house and outsourcing discussion is that of differing offerings.

Hugo Veazey – financial crime compliance industry practice lead at Moody’s Analytics – explained, “If we talk in terms of FinTechs – so the disruptors and challenger banks – they will have a very different approach to the legacy banks, or the bricks and mortar banks’, traditional ‘old-fashioned’ way of doing things. That said, both are learning from the other.

“You’ve got banking giants trying to enter the UK market by acquiring, smaller, more agile start-ups, because they want the benefits that come with being a fintech. But they’ve got the infrastructure and the wherewithal to establish their own systems. So, they will have separate vendors that will come in and provide them services, but they will augment that themselves, because they’ve got the financial clout to do it.

“On the flip side, the people who you’d be more likely to expect to build their own products and services will be the FinTechs. But obviously, they don’t always have the infrastructure behind them, or the finances very often, to be able to create a system. So, they end up going with an out-of-the-box solution that will grow as they grow.”

Veazey added that he believed the argument, in the first instance, would be whether a company has the financial infrastructure to facilitate building – to this, Veazey believes that companies would not.

“The second question is, do they have the appetite? Because that’s the other issue that you’ve got that you could build something that by the time it’s actually ready and fit for purpose, will no longer be fit for purpose, because markets have changed and technology has moved on,” said Veazey.

Another potential argument of use here is whether or not firms have executive ‘buy-in’ and who is driving the necessity for change. In addition, companies should ask whether it is being driven by customer requirements, regulatory requirements or by the internal requirements of the organisation.

Veazey concluded, “So the issue that we often see from a RegTech solution perspective is it’s seen, again, as compliance generically is, as bad cost rather than seen as a smart investment, because they can’t immediately see the return on the bottom line. So that’s why very often people will have a stop gap or effectively a one size fits solution that they can then roll out and scale dependent upon the success or otherwise of the organisation.”

Third-party justification

According to Clausematch head of sales Freddie Frith, the idea of going for third-party solutions comes out of the belief that your company’s problem is unique and that an off-the-shelf solution would fail to be customisable for your specific needs or internal processes.

“Some companies believe the feature or functionality of the RegTech solution they desire isn’t even available in the marketplace. Additionally, some fear of the barriers and potential risk that come with third-party vendor management,” explained Frith.

“Recognizing those concerns, it still can be extremely advantageous to buy RegTech solutions. If you can find a tool that meets most of your requirements, whether that be to manage policies, track employee data, scan regulations for potential risks and conflict, and so on, it’s easier to justify buying that third-party solution.”

Frith said it was easier to justify buying the third-party for a number of reasons, including the fact that RegTech vendors have implementation teams that are more experienced and more efficient that in-house employees.

“In addition, there is no development risk or scope creep, and RegTech vendors have had years of research and development as well as testing to solve a businesses’

Frith noted that RegTech vendors have also had years of research and development as well as testing to solve a businesses’ problem. Based on the maturity of the RegTech vendor, the sales head also said there is a clear and predictable cost and resource structure to manage a company’s needs and expectations.

“RegTechs also have dedicated services, support, training, and resource teams and recognise and react to upgrades, iterations, and development that are all included in the license of the solution.”

Reinventing the wheel 

It can be common for some companies to believe it is their job to reinvent the wheel. This can sometimes make it harder for companies to develop the most efficient and productive technologies, as their time is spent fixing a problem that may not be necessary.

“If the tools are out there, why re-invent them? said Muinmos CEO Remonda Kirketerp-Møller. “Buying RegTech software is cheaper, faster, and the product you get should be better than the one you will produce yourself – after all, it’s been developed by a company that specialises in RegTech software.”

Kirketerp-Møller explained that financial institutions that develop technology ‘make as much sense as a RegTech company obtaining a payment institution licence in order to accept payments from its clients’.

She continued, “Another factor to consider is the ever-changing regulation. When it comes to RegTech, it’s not a matter of “develop and done”. Changing regulations can make RegTech software obsolete very quickly unless an ongoing investment is made in continual development. However, if you have only purchased an annual license for RegTech software, you can simply replace it with a different RegTech solution if you find that your provider does not meet your needs.”

The Muinmos CEO stated that another thing that makes RegTech software obsolete is advancements in technology, adding that buying RegTech software allows you ‘full flexibility’ and makes sure you always stay at the forefront of regulatory technology.

“I would say developing in-house is only worth considering if you have unique internal policies or regulatory requirements, but even then, a good RegTech provider should be able to supply you with a customisable solution,” she concluded.

Control and risk

One of the key balances between building in-house and third-party is the balance between control and risk.

According to KYCPortal business development manager Nickii Mallia, when organisations choose to develop a system in-house, they do so because they believe they will be ‘in control of everything’, however it is not as simple as that.

She said, “Choosing to go for a specialised third-party software platform will not only lower their risks but also improve security and actually cut costs. Nowadays with the use of innovative technology, IT software development companies are easily keeping up with the latest trends and client requests for more automation.

“Putting together their own in-house software development team takes up a lot of time and effort and not to mention the increase in wage costs however, before development can even start, a lot of forethought and planning is required.”

Mallia stated the organisation must research which tools to use, as well as which would work best for the solution they want to achieve. “Then these must either be developed from scratch or bought, and then integrated. Also, we must not forget about the supporting hardware required and after all this, there is still a risk that the solution will not perform well, and costs will just keep adding up.”

She continued, “Maintaining an end-to-end KYC system requires a lot of effort and human resources; constant testing needs to be done, software updates, bug fixes, support etc. It is not as simple as looking at what approach sounds best and going with it.

“You would also need to keep in mind how regulation changes affect you, the constant updating of policies; how easily would your compliance team be able to change company policies as new regulations are released? Would they need to depend on your in-house development team to hard code them into the system? This will cause delays and bottlenecks in your processes and not to mention inefficiency within their team.

“Choosing to go with an off-the-shelf RegTech solution will help organisations stay compliant with all the regulatory changes, on top of the competition, all whilst being in full control and risk exposure reduced to a minimum. Leave all the research and testing in their hands and focus on more important tasks at hand.”

Considering factors

To decide whether to build their own RegTech solution or to choose a third-party solution, many companies, MAP FinTech regulatory analyst Jonathan Hall claims, should consider a number of key factors.

First of all, this includes technology and implementation. This involves start-up costs, hardware, software, connection fees, hosting and development team and support.

There is also the important aspect of regulatory compliance. This covers multi-jurisdictions, tech standards requiring deep-dive analysis and comprehension, monitoring and reconciliation and staying up to date with amending regulatory requirements.

Hall also explained that they must consider the higher costs associated with direct reporting to a TR as opposed to the cost savings available through the synergies and aggregation offered via a trusted third-party provider.

There is also, Hall remarks, the human capital to be considered. This includes the cost of employing experienced professionals who require continued training

Hall stated, “Although the above list isn’t exhaustive, it gives a high-level overview of the many factors to consider before taking the make-or-buy decision for RegTech solutions. There are many RegTech solutions available that allow financial institutions to free up capital and resources and concentrate on their core business. In-house solutions should not be taken lightly, whereas outsourcing offers a lot more for less when compared to other options.”

Key considerations

According to Taina Tech’s CEO Maria Scott, every institution makes a decision based on their priorities. The key considerations that tend to drive these decisions including eight key areas.

Scott explained, “These include speed to implementation, trustful relationship with the vendor, one-off and ongoing costs as well as availability of resources to build, deploy and maintain an institution’s own solution.

“Other considerations include off-shelf market leading solutions providing comfort in case of an audit vs a firm’s own solution which is built specifically for the institution, taking into account any special requirements.”

Other areas suggested by Scott include the degree of confidence in quality assurance of the vendor vs internal processes, the importance of the number of permutations and use cases that the solution can cater for, and whether there is a competitive dynamic with an institution’s competitor against safety of using the consistent ‘gold standard’ across the industry.

Scott summarised, “In the last couple of years we have seen a stronger trend for buy however undoubtedly each institution will continue to make this decision in the way that is right for them.”

Pros and cons

In the opinion of Regnology, there are a number of key pros to adopting third-party solutions. These include, first of all, mutualisation of cost – in areas such as evaluation of impact, driving business analysis, data modelling and software development.

There is also adherence to a standard. The firm remarked, “As part of a community using the service of a RegTech provider, you can benefit from the standards set in that community. A large community is also more likely to identify issues earlier, thus leading overall to higher regulatory compliance within the community.”

Companies can also benefit from a larger pool of specialists through the help of the third-party, while another key pro is technological innovation. Many institutions struggle to innovate technology especially around their legacy systems. RegTech providers allow banks to benefit from technical innovation without institutions.”

The RegTech provider involved in the third-party service can also offer companies access to a whole RegTech ecosystem. In addition, there is also improved process and governance. The firm stated, “Working with a RegTech provider also forces the institution to standardize its process and thus results in improved process and data governance.  The lack of clear governance is a major concern raised by different regulators.”

However, Regnology noted that some of the key things to be managed include ensuring your RegTech provider adheres to standards and also focusing on data management and data quality.

What are the compliance trends that will stand out in 2023? Click here to find out more.

Copyright © 2023 FinTech Global

Enjoying the stories?

Subscribe to our daily FinTech newsletter and get the latest industry news & research


The following investor(s) were tagged in this article.