After the financial crisis and the tidal wave of new regulations that it spawned, bankers finally feel that the worst is behind them, and sunny days are ahead. With the return to health, banks are ready to invest in some sorely needed infrastructure and strategic initiatives.
However, while they were busy dealing with credit problems and Dodd-Frank, the world of enterprise software made some quantum leaps forward; namely with the meteoric rise of “The Cloud” and Software as a Service (SaaS). This is good news, but it also means that banks find themselves in the difficult position of evaluating multiple vendors that now go about solving the same problems in VERY different ways. So, what is SaaS, and why should banks care?
What is SaaS?
Wikipedia defines SaaS as “a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted.” Salesforce defines it similarly, as “a way of delivering applications over the Internet as a service.”
This is in contrast to on-premise software deployment, in which the software is purchased, installed, and maintained on local hardware. While at first blush this sounds like simple semantics, bankers are quickly finding that both the end results and the road to those results are extremely different, and require some changes to our old ways of thinking about software deployment in banks.
Maintenance Vs. Service
The differences in the two delivery methods start with the basic economics for the vendors. Selling on-premise solutions is the traditional approach that will sound familiar to bankers. The vendors sell the software, which the bank deploys locally, either on the hard drives of end users or on the network (typically with dedicated servers). The bank then pays the vendor for maintenance, support, and periodic version upgrades. The vendor’s incentive is to focus on new sales, and then provide efficient and low-cost support. They know that the banks are unlikely to leave, as changing vendors would require a substantial new investment in both upfront cost and in resources for a new deployment.
SaaS providers operate under a much different economic model. Instead of a large upfront sale, they provide customers with a periodic license, usually based on the number of users or some volume metric. The first-year revenue is rarely sufficient to cover acquisition and onboarding costs for the vendor, so they are highly dependent on the customers renewing the licenses. Therefore, compared to their on-premise counterparts, SaaS providers will focus more resources on customer support and retention and fewer resources on new sales. These resources include things such as consulting from a deep domain knowledge, proactive success management (ensuring the bank’s goals for the system are being met), and accelerated feature delivery.
Security and Controls
Banks have lagged behind the rest of the economy in the adoption of cloud-based services, and much of their reluctance has been based on security fears. After all, banks have a huge exposure to breaches of sensitive customer data, both in terms of reputation and dollars of hard costs. Obviously banks need to be careful with sensitive customer data, but this holds true for both cloud-based solutions and on-premise systems. The difference is that the bank is solely responsible for on-premise security and bank executives often have a false sense of security about how impenetrable their firewalls are. For SaaS solutions, much of the management and documentation of the security can be left to the experts. SaaS providers can provide independent audit documents under the AICPA SOC (Service Organization Control) framework, which replaced the old SAS-70 standard. These documents show the bank what protections are in place, and just as important, verify independently that the procedures are being followed in an acceptable manner.
In the same vein as security, SaaS solutions can also provide tighter controls around vital processes. These controls are handled by the vendor, and can again be documented as a part of the SOC review process. For example, any essential financial modeling, such as capital planning, asset liability management, loan loss allowances, or loan pricing can be audited by a public accounting firm under an AT-101. An AT-101 is an attestation, meaning that the accounting firm is attesting that the vendor has proper controls and procedures in place, and is following them as stipulated. Section 101 serves as the “miscellaneous bucket” and is often used for things like IT specifics or data controls.
In the case of modeling, the AT-101 typically covers the math and calculations engines. Basically, it seeks to answer these two question: Is the math right? And how does the vendor ensure they don’t break any of the math as they continually make changes and improvements to the system? As model risk management becomes an ever larger focus for regulators, banks can rely on tight control from outside parties to ensure the math is right and that they don’t fall victim to the painful (not to mention embarrassing) losses stemming from modeling or spreadsheet errors.
One of the strategic struggles most banks face is extracting value from their scattered and siloed data sets. Most data in banks still resides in the “core system” that handles general ledgers and transaction balancing. These systems were designed to balance debits and credits, tracking pennies so banks can provide the bare essential information back to customers. They were NOT designed to house, sort, retrieve, and analyze data, nor were they designed to play nice with other systems. The result has been that banks, which largely claim to differentiate themselves based on customer support and local knowledge, have great difficulty tracking simple information about their customers and using that information across platforms.
SaaS solutions were designed from the ground up to be integration friendly. Their very existence relies on being able to move data to and from the system to other platforms in a clean, safe, and seamless manner. Remember, they don’t store data locally, but must access it from a variety of databases (that are usually also in the cloud). Banks have found this central feature to be invaluable, as they now can buy “best of breed” software solutions, and move data smoothly between them to make better and faster decisions. Now they can truly know their customers, find the best ways to serve them, and properly measure and price the risk, all at the point of the transaction. In essence, banks have found they can use the cloud to house, manage, and analyze their most important data, while they only need to access the core system to update balances. We refer to this setup as the Heart and Brain of the Bank and find it in use in nearly every high performing bank we talk to.
Configuration and Customization
Finally, perhaps the most important distinction between SaaS and on-premise solutions is the ability to quickly and easily configure the solution to the bank’s specific needs. SaaS economics are designed to work at scale, meaning that instead of building a custom on-premise solution for each client, the systems are designed to be flexible, with built-in functionality that allows the bank to configure and customize the solution to meet its own specific needs.
The vendor’s responsibility is to onboard the bank to the solution, using deep domain knowledge from a consulting team, and then train and equip the bank to manage most future configuration. This approach uses fewer bank resources, because there is a greatly reduced need for the extensive testing that’s required when a highly customized on-premise solution is introduced behind the firewall into the bank’s environment. Instead, the vendor can use their own testing environment to roll out incremental system changes, and the bank simply continues to adjust configuration so that it’s optimized for their specific use case.
This is an important distinction: It allows the SaaS provider to continually roll out improvements, fixes, and new functionality. There is no longer a need to wait until some future major release date for bug fixes and new features, and the bank can get out of the business of installing and maintaining a broad network of software and hardware. Instead, those valuable resources can be spent making incremental configuration adjustments that continually align strategy with tools, taking the bank from defensive reactions to proactive solutions. In addition, the bank can avoid the long and expensive implementations that have been soaking up so many bank IT resources, and can quickly start getting a positive ROI on tech investments.
The distinctions and advantages outlined here show why SaaS is growing exponentially in the new information economy. While banks have been cautious in moving to the cloud, many are now finding that the extra education on the front end will save time and money on the back end of the projects. More importantly, this lets banks get back to focusing on what truly separates them from the competition: 1) building deep, strong relationships with their customers, and 2) properly measuring, pricing, and managing the risks on their balance sheets. That renewed focus is the essence of why more and more banks are opting for SaaS solutions instead of on-premise.