Back to all articles

Do You Know Your Total Cost of Ownership? (Part 1: BYO)

6 mins
Posted on Jun 29 2020 by Andrew White

In our experience TCO is something that financial institutions are shockingly bad at calculating/estimating. The larger the institution the more difficult it becomes.

Total Cost of Ownership, often just abbreviated to TCO, is a high falutin' term for "How much do we spend to do x". 

It's either measured yearly or over a time period (generally 5 - 10 years) and then annualised.

In our experience it is something that financial institutions are shockingly bad at calculating / estimating, and the larger the institution the more difficult it becomes. Calculating your existing spend can be tricky, but calculating your potential future spend when deciding on a vendor or to build can prove to be a minefield of hidden costs.

Total Cost of Ownership

In this series of three posts we’ll look at some methods of getting an accurate estimate for your potential spend on doing Shareholding Disclosure / Foreign Ownership / Sensitive Industries monitoring, when building, when purchasing an On-Premise solution or when subscribing to a service.

Part 1: Building your own solution

We strongly believe that hosting companies should host, software companies should build software and asset managers should manage assets. We believe the cloud is perfect for compliance and we’ve previously warned against the hazards of building rule engines as well as the risks of coding your own rules. But we’re obviously a little bit biased!

To start off with, we do not consider using Excel a viable solution. It is incredibly error prone, impossible to automate and just not fit for purpose as a compliance monitoring solution. Increasingly, regulators are taking action against companies which are using makeshift solutions and are not handling their handling regulatory duties with due care and attention.

But say you do go down the route to build your own software - predicting the duration and likely cost of a project in advance is extremely difficult. It is a well known fact that people tend to underestimate (the so called “Planning Fallacy”), sometimes wildly. Software projects in particular are renowned for overrunning - search for “Software estimates gone wrong” and you’ll find a plethora of articles such as “The dark art of software estimation”, “Why software projects take longer than you think: a statistical model” and books such as “Software Estimation: Demystifying the Black Art”.

For a small hedge fund, if all stars align, it might take a handful of people less than a year to build a compliance engine and code the rules, for a large investment bank it might take 20 - 30 people over 2 years.

One Off Costs

Role Description # Average salary Duration (years) Potential cost (min-max)
Business Analyst To work out requirements, build specifications and to pass on to engineers 1-5 £45k 0.5-2 £23k £450k
Software Engineer Code software to specification 2 2-12 £55k 1-2 £110k £1320k
Senior Legal Counsel For guidance on legal interpretation 0.25-1 £100k 1-2 £25k  £200k
Compliance Analyst To encode the regulations into rule 3 2-5 £50k 1-2 £100k £500k
QA Tester Test system works as expected 1-4 £40k 0.5 -2 £20k £320k
Project Manager Co-ordinate the entire project 1-2 £65k 1-2  £65k  £260k
            £343k £3050k

This is just for resourcing the build project. In addition there will be substantial one off hardware & software licensing costs:




Unit Cost

 Potential Cost
     Min                Max  


To run the compliance engine on. At least one, but possibly many (test, pre-prod, backup etc.)





OS Licenses

If the servers run on Windows, OS licenses are required.


£1k (per core)



Database Licenses

Generally Oracle or SQL Server












So in total it’s a ballpark £400k - £3.4 million to buy & license the required hardware + software and to design, create and test the software & rules, and hoping that everything goes to plan. At the European Compliance Conference in Barcelona in 2014 one very large Investment Bank shared openly that they had spent ca. 7-8 Million Euro to develop their internal system.

Building the system is the first part, but as opposed to a table or a chair or even a piece of software that can be considered “finished”, regulatory compliance is an ever moving goalpost. Unlike many regulations where you are only subject to the regulation of your host/domicile country, Shareholding Disclosure is mostly subject to the competent authority of the country where the company you are investing in is listed (and sometimes the country where the company is incorporated). This means in practice that you are subject to ca. 100 national regulators. In Sensitive Industries this gets multiplied further - 100 countries x ca. 10 - 20 “regulators” of the relevant industry.

The net effect of this is that regulations constantly change. In 2019 FundApps received ca. 200 regulatory updates from our Legal Information Provider aosphere - ca. 1 every working day.

So the running costs of an in-house system should be key factor in your decision:

Yearly Costs



Potential Cost

 Min       Max

Software Engineer + Testing

When regulatory change means that the underlying software has to be updated (e.g. Horizontal Aggregation in TD2), also for general bug-fixing etc.



Compliance Analyst

To encode the updated regulations into rules



IT Support

Ensuring databases, servers etc. are working (likely shared between other services / departments)



Hardware & Licenses

Database + Operating system licenses.

Annualise cost to upgrade licenses & hardware every 3 years.







Again this can vary wildly, depending if the organisation is small and only in 1 location or if very large and distributed globally. At the conference in Barcelona mentioned above, the Investment Bank said their yearly operating costs were 2 Million Euro, of which 1 Million was purely IT Costs.

If we were to calculate the TCO over 5 years we get a range of:

Minimum: £1.05M (= £400k + (£130k * 5))

Maximum: £6.00M (= £3.4M + (£520k * 5))


While not directly linked with TCO, one must also consider how secure an in-house solution is. For small to medium sized financial institutions, maintaining dedicated server rooms with bio-metric access, full offsite disaster recovery + backup and 24x7 support can be prohibitively expensive / unfeasible. In turn, the risk and financial implications of a security breach must be weighed in any decision to host data in-house.


The monetary amounts involved are probably quite eye-opening and they don’t even take the very real risks into account. What happens if the project overruns? What happens if one of the key software engineers leaves? What happens if a new regulation takes precedence and people need to be redeployed? What happens to all that sunk cost?

Another item to take into account is technical obsolescence. We live in an age where technology is changing at an unprecedented rate. Technology which was cutting edge 10 years ago is no longer used. Therefore, building in-house carries the real risk that you choose a database / operating system / programming language which becomes obsolete. Once the original team that builds the system eventually moves on, can you find engineers to maintain and enhance the code? What happens if a new regulation comes out which requires extensive modification to the system? The current issue of banks having to drag 70 year old COBOL coders out of retirement at exorbitant day rates can become a reality very easily.

Finally, opportunity costs must be taken into account. What else could these people be working on rather than building a compliance engine? Compliance is a cost centre rather than a profit centre, so if the people were redeployed to work on revenue generating projects it would seem like a much more sensible use of valuable time and effort.

Hopefully this is some food for thought about potential hidden costs and risks when building your own solution. Please feel free to reach out to if you’d like a copy of our TCO Calculator. And don't hesitate to get in touch if you'd like more information on how you can save yourselves time and money with our automated services.

Click here to read part 2 of this series where we look at the potential TCO for purchasing an off-the-shelf system that will be installed on your own servers (so called “On Premises” or “On-Prem”). In part 3 we focus on Software-as-a-Service (SaaS) providers.

TCO Calculator 

1 Average London Salary as taken from

2 For reference, FundApps employs 25 full time Software Engineers who work solely on Shareholding Disclosure

3 For reference, FundApps has a team of 7 full-time Compliance & Regulation expert