Managing the shift to SaaS in the financial services sector

Given the recent trend of financial services companies opting for Software-as-a-Service (SaaS) applications, the Financial Conduct Authority (FCA) has released advice for organisations looking to outsource IT services to third parties. The document, FG16/5: Guidance for firms outsourcing to the ‘cloud’ and other third-party IT services, outlines legal considerations, risk management and continuity plans.

[easy-tweet tweet=”What are the risks that come when outsourcing to a third party SaaS application?” hashtags=”tech, SaaS, cloud, IT”]

It is helpful to understand the risks that come when outsourcing to a third party SaaS application. Subscribing to a third-party software company often means placing critical business data in the hands of another organisation. If the service provider experiences any software outage or goes out of business, the data could be lost or certainly at risk, leaving the subscriber unable to carry out its day-to-day operations or comply with its data obligations. Although this is relatively rare, it can quickly cause irreparable reputational and financial damage, so organisations need to have a contingency plan should the worst happen.

Navigating the finer points of the FCA’s new guidelines can be difficult when beginning a new relationship, especially when considering that SaaS providers will have further links to other companies. They are likely to rely on external data centres for the storage of data, adding another layer of complexity.

Monitoring these relationships can be difficult. It is, therefore, wise to enlist a third-party to monitor the SaaS provider’s payments to its cloud service provider or data centres. This means organisations can be pre-warned if the SaaS provider isn’t making payments – a sign which could potentially signal significant financial issues.

Another risk scenario to be addressed is the access to data if the SaaS provider. For example, a system should be in place to enable access to the data centre in which it is stored, independently of the SaaS vendor.

[easy-tweet tweet=”A system should be in place to enable access to the data centre, independently of the SaaS vendor.” hashtags=”cloud, SaaS, tech”]

Since many organisations in the finance sector now rely on SaaS providers for business critical applications, they should also consider how they will restore this service if necessary following unforeseen circumstances. Having a copy of the software source code is certainly a solid foundation to this business continuity plan. Better still, firms can regularly take a snapshot of the application in its runtime environment so that it can be restored in a much more time efficient manner.

Finally, and crucially, financial firms need to check that software providers have the operational resources necessary to meet legislation and other regulations such as the Data Protection Act and to monitor and identify risks to data continuously. This could be easier said than done for smaller SaaS companies and they may need to change their working practices when dealing with a financial services firm. Any contract between an organisation in the financial sector and third-party SaaS provider should outline how the provider will make sure that the data is secure, and that access to this data is managed carefully.

Although these steps may sound time-consuming, they are necessary for financial companies to adapt to the changing technological landscape with minimal risk. With FinTech start-ups on the rise, the way that consumers interact with financial services companies is changing, but caution must still be exercised.

+ posts

Meet Stella


Related articles

The Rise of Smart Vending Machines

Smart vending machines are delivering more accessible solutions to the modern workforce by delivering replacement IT items quickly and efficiently.

Designated Driver: Why Complex Technology Environments Require a Steady Hand

While the function of monitoring software is to provide configuration and compliance assurance, in achieving these tasks, typically the solution will actually deliver much more than this.

Building the Business Case for Satellite IoT 

The door is open for SIs across the world to build on the knowledge gained over the last few years,

Using Cloud To Avoid Bloated Business Models

With the right approach, cloud computing can bring huge benefits, helping businesses become resilient, so they can adapt to any unexpected market disruptors now and in the future. Now, the promise of cloud is as strong as it has ever been.

Elevating healthcare services with cloud computing

The cloud is enabling healthcare to evolve and is helping to address the challenges of budgets, manpower and other resource shortages while treatment and expectations grow exponentially.

Subscribe to our Newsletter