Purchasing an on prem solution can be costly and pose a security risk.
In Part 1 we looked at the total cost of ownership (TCO) for building your own system. In this post we will look at the likely costs you will incur if you purchase a solution from a vendor which needs to be installed & implemented on your own hardware (so called “on premises” or “on prem” solutions).
Up until the 2000s, on prem was the only option for running software provided by a vendor to do the compliance monitoring function. Fast forward to 2020 and while on prem is slowly being replaced by SaaS, there are still a large number of old vendors who require running their software inside a financial institution.
Part 2: Buying, installing and implementing on prem software from a vendor
The process is generally thus - once agreement with the vendor has been signed, get technical / infrastructure requirements from the vendor. Generally this will be:
- Purchasing 1-5 servers: Depending on the nature of the service, the software could be installed on existing servers, but could lead to performance degradation. Otherwise one server at an absolute minimum, most likely two (one for production and one for testing) but depending on the institution could be up to 5, with 2nd test environments, fail-overs, backups, disaster recovery etc.
- Purchasing [additional] database licenses: Every compliance service will need a database, generally this will be Oracle or SQL Server. If you already have Oracle or SQL Server licensed then adding licenses can be straightforward. If you do not then navigating which license type you need and how many licenses can be a minefield. As an example, Oracle’s database price list is 15 pages long.
One Off License / Hardware / Software Costs
| Item |
Description |
# |
Unit Cost |
Potential Cost Min Max |
|
| License for the vendor’s software |
Vendor licenses can be very confusing, but there are two general models: |
1 |
£100k-£2M |
£100k |
£2M |
| Servers |
To run the compliance engine on. At least one, but possibly many (test, pre-prod, backup etc.) |
1-5 |
£5k |
£5k |
£25k |
| Operating System (OS) Licenses |
If the servers run on Windows, OS licenses are required. |
8-100s |
£1k (per core) |
£8k |
£100k |
| Database Licenses |
Generally Oracle or SQL Server |
1-5 |
£45k |
£45k |
£225k |
|
|
|
|
|
£158k |
£2,350k |
Either once the hardware has been purchased & installed or in parallel, the actual implementation project will commence. The vendor will generally need to send multiple staff on-site (or the slightly more modern ones might be able to do it remotely).
The duration of an implementation project can vary wildly, depending on the complexity of the financial institution. A small hedge fund with a handful of portfolios operating one entity and trading in a few jurisdictions can go live in a matter of months. An investment bank with thousands of accounts / portfolios and hundreds of legal entities, with complex corporate hierarchies can take 2 years to be 100% live.
Tasks that the vendor may / will be required to do can generally be categorised thus:
| Task |
Description |
| Project Management |
Communicating with all stakeholders, ensuring resources are available, escalating issues on both sides etc. Smaller projects might not need a dedicated PM, but larger ones certainly will. |
| Software Customisation |
The vendor’s software will need to be customised to work in your environment. The larger / more complex a project the more customisation will be required. |
| Data Mapping (ETL) |
The mapping and transforming of data from your internal systems into the vendor’s system. |
| Coding / Customising rules |
Depending on what the vendor advertises, some will require rules to be coded from scratch, others will require customisation of some / most / all rules. |
| Training & Documentation |
Ensuring your staff know how to operate the system on a daily basis and can deal with issues in a timely manner. |
Broken down into financial costs, we can predict likely implementation costs:
One-Off Implementation Costs
| Item |
Description |
# |
Unit Cost |
Potential Cost Min Max |
|
| Implementation - Vendor |
Vendor staff to do items mentioned above. |
1-5 people 6 - 24 months |
£800-£1500 / a day |
£96k |
£720k |
| Implementation - Internal |
Internal staff to do items such as: Consult with vendor, Testing, Documentation. |
0.5-? people 6 - 24 months |
Internal / Opportunity cost |
? |
? |
| > £96k |
> £720k |
||||
As mentioned in Part 1:
“Predicting the duration & likely cost of a project in advance is extremely difficult. It's a well known fact that people tend to underestimate (“Planning Fallacy”), sometimes wildly”.
When you are implementing an on prem vendor solution however a new level of complexity arises. With a “build your own” solution you alone are in charge of the project and requirements, with an external vendor unexpected issues easily occur. Common examples include - vendor requires version 11 of Oracle and you are currently only operating version 10, all desktop PCs need to be updated to Windows 2016 SP 4 to access the client software etc.
But presuming everything goes to plan, an implementation project is likely to take 6 months to 2 years and cost anywhere from £250k to £3M (not including internal costs). Crack open the champagne and have the go-live party!
Unfortunately, going live is only half the story of on prem TCO - you still have large annual costs to factor into any decision of whether you should build, buy on prem or subscribe to SaaS:
Yearly Operating Costs
| Item |
Description |
Potential Cost |
|
| Compliance Analyst |
To encode the updated regulations into rules. In 2019 FundApps received ca. 200 regulatory updates from our Legal Information Provider aosphere - ca. 1 every working day. |
£50k |
£150k |
| IT Support |
Ensuring databases, servers etc. are working |
£30k |
£120k |
| Hardware & Licenses |
Database + Operating system licenses. Annualise cost to upgrade licenses & hardware every 3 years. |
£20k |
£100k |
| Vendor Costs |
As mentioned in the one off costs, some vendors sell a perpetual license and then charge a yearly % fee for support and charge for upgrades separately. |
||
| Vendor Training |
Training your staff in new functionality and best practises. |
£5k |
£20k |
| Vendor Support |
It is fairly standard for a Vendor to charge 20% of the initial license fee as a yearly charge for bug fixing and hotline support. |
£10k |
£400k |
| Vendor Upgrades |
It is still common practise for vendors to charge for major upgrades to the software (so called “Dot O” releases, e.g. 9.0). They might not be every year, but as a minimum one should budget for every 3 years. |
£30k |
£200k |
| £145k |
£990k |
||
So a total of between £145k and £1M p.a. should be factored in for yearly running costs. You may remember from Part 1 that at a conference in Barcelona a large Investment Bank said their yearly operating costs were "2 Million Euro, of which 1 Million was purely IT Costs.”
This gives us a 5 year TCO of:
| Initial spend before live | Yearly spend once live | 5 year TCO | |
| Minimum | £250k | £145k * 5 | £975k |
| Maximum | £3M | £1M * 5 | £8M |
Security
While not directly linked with TCO, one must also consider how secure an on prem solution is. For small to medium sized financial institutions, maintaining dedicated server rooms with bio-metric access, full offsite disaster recovery + backup and 24x7 support can be prohibitively expensive / unfeasible. One only has to read the press to hear of cleaning personnel with USB sticks stealing data, or buildings hit by catastrophic events & weather (which will unfortunately happen with more frequency and certainty as the climate crisis escalates). So the risk and financial implications of a security breach or disaster event must be weighed in any decision to host data in-house.
Summary
The Total Cost of Ownership numbers over 5 years are in the same ballpark as if you were to “build your own”. However, one of the advantages of choosing a vendor is reducing the element of risk - if the vendor’s solution is tried & tested in the market (and you do reference calls with a similar institution to yourselves) then it’s also likely to work for you, although as mentioned above it's not 100% guaranteed due to technical compatibility issues.
Again, as with “build your own”, you must be clear about your appetite to host sensitive data in-house and be very aware of the implications if that data were to be compromised.
Hopefully this is some food for thought about potential hidden costs and risks when purchasing an on prem solution, please feel free to reach out to sales@fundapps.co if you’d like a copy of our TCO Calculator.
If you'd like to automate your compliance processes and reduce the element of risk associated with choosing a software vendor then get in touch!
In part 3 of this series we look at the potential TCO for subscribing to a Compliance-as-a-Service monitoring solution.
