The Ripening Case for Managed Services in Risk Management
Managed services are commonly defined as a broad range of third-party business and IT services including business process as a service (BPaaS), business process outsourcing (BPO), cloud services, and hosting. Across financial services, the resounding industry theme is increased consumption of managed services over the next 12 to 18 months as a way to address budget pressures caused by the cost of regulatory compliance.
A number of trends demonstrate the impact managed services are having on risk management:
- A 2013 Chartis report projects global 2015 spend will be $31.8 billion on risk technology, but only $5.9 billion on external services. This highlights the magnitude of risk-infrastructure spend and a growing need for third-party cost efficiencies.
- Chartis has also forecast that European risk management spend will be nearly half the entire spend globally, with an expected growth rate of 12% from 2014 to 2015. Risk technology spend in the US and APAC is expected to increase 16% and 10%, respectively, confirming continued increase in risk management costs, globally.
- In Q4 2013, both the US Federal Reserve and Office of the Comptroller of the Currency (OCC) provided guidance on how to better manage outsourcing risks, a sign that managed services clearly represent more of a fundamental shift than a trend.
[Read more from Avery: A New Vision for Managed Services in Capital Markets]
Since there is no way to outsource the core responsibilities for managing risk, what managed services opportunities are available to the risk management community?
- Improved time-to-market for risk and capital management with faster analysis across more scenarios, time horizons, and model complexity by relying on third parties to scale risk infrastructure on-demand
- Reduced total cost of ownership with third party-managed risk technology and operations that provide economies of scale in the non-differentiated functions in the risk ecosystem, including data management, model control, scenario execution, and processing workflow
- Balancing the desire to outsource with the need to maintain appropriate controls by using vendor offerings tailored to the needs of the risk community and tailored to regulatory constraints for risk data and customer privacy
Risk managers must position themselves to take advantage of these opportunities by beginning to focus on the following best-practices for managed services adoption:
- Analyze standing risk technology architectures to identify where managed services can deliver benefits and make it easier to plan the transition to managed services and other more efficient third-party offerings.
- Leverage existing third-party relationships to design and tailor managed services solutions specific to the individual firm’s risk environment, requirements, and timeline.
- Develop or update vendor management strategy so it aligns with regulatory guidance and helps increase the capacity to leverage third parties to provide more of these types of services.
While this all may not be top of mind for the risk community right now, the undeniable demand on firms' budgets to achieve regulatory compliance and yet remain competitive will undoubtedly turn more attention to managed services. Risk managers must recognize, prepare, and act to implement strategies that take advantage of the opportunities delivered by managed services offerings; otherwise they risk falling behind.John Avery is head of managed services solutions, Americas, SunGard's capital markets business. View Full Bio