Managing the shift to SaaS in the financial services sector

Given the recent trend of financial services companies opting for Software-as-a-Service (SaaS) applications, the Financial Conduct Authority (FCA) has released advice for organisations looking to outsource IT services to third parties. The document, FG16/5: Guidance for firms outsourcing to the ‘cloud’ and other third-party IT services, outlines legal considerations, risk management and continuity plans.

[easy-tweet tweet=”What are the risks that come when outsourcing to a third party SaaS application?” hashtags=”tech, SaaS, cloud, IT”]

It is helpful to understand the risks that come when outsourcing to a third party SaaS application. Subscribing to a third-party software company often means placing critical business data in the hands of another organisation. If the service provider experiences any software outage or goes out of business, the data could be lost or certainly at risk, leaving the subscriber unable to carry out its day-to-day operations or comply with its data obligations. Although this is relatively rare, it can quickly cause irreparable reputational and financial damage, so organisations need to have a contingency plan should the worst happen.

Navigating the finer points of the FCA’s new guidelines can be difficult when beginning a new relationship, especially when considering that SaaS providers will have further links to other companies. They are likely to rely on external data centres for the storage of data, adding another layer of complexity.

Monitoring these relationships can be difficult. It is, therefore, wise to enlist a third-party to monitor the SaaS provider’s payments to its cloud service provider or data centres. This means organisations can be pre-warned if the SaaS provider isn’t making payments – a sign which could potentially signal significant financial issues.

Another risk scenario to be addressed is the access to data if the SaaS provider. For example, a system should be in place to enable access to the data centre in which it is stored, independently of the SaaS vendor.

[easy-tweet tweet=”A system should be in place to enable access to the data centre, independently of the SaaS vendor.” hashtags=”cloud, SaaS, tech”]

Since many organisations in the finance sector now rely on SaaS providers for business critical applications, they should also consider how they will restore this service if necessary following unforeseen circumstances. Having a copy of the software source code is certainly a solid foundation to this business continuity plan. Better still, firms can regularly take a snapshot of the application in its runtime environment so that it can be restored in a much more time efficient manner.

Finally, and crucially, financial firms need to check that software providers have the operational resources necessary to meet legislation and other regulations such as the Data Protection Act and to monitor and identify risks to data continuously. This could be easier said than done for smaller SaaS companies and they may need to change their working practices when dealing with a financial services firm. Any contract between an organisation in the financial sector and third-party SaaS provider should outline how the provider will make sure that the data is secure, and that access to this data is managed carefully.

Although these steps may sound time-consuming, they are necessary for financial companies to adapt to the changing technological landscape with minimal risk. With FinTech start-ups on the rise, the way that consumers interact with financial services companies is changing, but caution must still be exercised.

+ posts


Related articles

Need to reduce software TCO? Focus on people

Investing in software is undoubtedly important for enterprises to stay ahead. However, the process is rarely a simple task for CIOs and IT leaders.

The future of cloud and edge optimisation

As more enterprises use multi-cloud and hybrid infrastructures, the danger of cost overruns and loss of control increases.

Here is how to stage a public cloud migration

As the relationships between CSPs and cloud providers are deepening, CSPs need to develop a clear strategy on how they add value to customer relationships.

The future of work is collaborative

As hybrid work models continue to gain traction, businesses will need to start implementing collaborative tools and processes to meet the needs and expectations of the upcoming workforce, seamlessly integrating them into existing workflows to enhance productivity and performance. Innovations in technology, including AI and machine learning, mean that organisations are in a better position than ever to shape the collaborative future of work – and with the right support in place, they can ensure that these digital tools continue to bring out the best in their workforce for years to come.

How Business Data Can Be Protected, Even with Remote Workers

According to a study conducted by OwlLabs, approximately 69% of survey respondents worked remotely during the pandemic or are now working from home since.


Please enter your comment!
Please enter your name here

Subscribe to our Newsletter