Fire-and-forget or -track? Reducing complexity with managed services
Be Shaping the Future (DE)02.07.2021
Financial technology providers have seen a sharp increase in customer demand for managed services in recent years with an exponential grow during the pandemic times. Companies are looking for alternative supporting models and outsourcing solution for the entire IT infrastructure ranging from the purely technical provisioning to functional application management. While some companies demand the complete provision of managed services others are only after selective services, which they want to subscribe to according to their business requirements and possibly only for a certain period of time. Whether fully outsourced or used as a hybrid architecture model, managed services are ideally delivered via cloud-based platforms as they offer several advantages. For a bank, they act like an app store for certain products.
Challenges and trends
Customer value and time-to-market, play an increasing role under the current regulatory environment when it comes to competing with fintechs and bigtechs. In order to achieve a quicker time to market, adjust to the market demands and provide solutions to customers as quickly as possible under aggravating regulatory conditions, financial institution rely on innovative developers and third-party providers. Artificial intelligence and intelligent automation help modernize business processes and create corresponding added value for customers in the form of cost savings and efficiency optimization. “In the back office area, for example, customers want to achieve STP rates of up to one hundred percent,” says Jörg Heidtmann, Global Head of Integration Innovation, Product, Platform and Technology at Finastra. At the same time, the cost per transaction in customer trading must be minimized through very efficient and cost-saving processes. In addition, project risks for opening up new business areas must be avoided.
What are Managed Services?
The emphasis of managed service compared to a pure service is on “managed”. “Someone obtains a service from a third party, and the third party in turn primarily ensures the necessary result,” explains Karim el Abiary, CIO Creditplus Bank AG. Managed services range from application outsourcing, the smooth delivery of applications, to product development, for example by using external developer platforms, to the integration of fintech solutions on the front end to profitably support end customers in their activities. “When a bank outsources parts of its value chain, it expects a provider that, at the end of the day, does it better than it does in terms of time-to-market, cost aspects, flexibility and scalability,” says el Abiary. As the person responsible for Creditplus Bank AG’s overall IT strategy, he has to ensure that business processes and IT are continuously optimized. Instead, a bank would never hand over services or core competencies that differentiate it to an external service provider.
“Banks expectations of an outsourcer go far beyond the actual service delivery. The bank needs to understand how the service it outsources to a provider is managed in terms of the risks that exist in service delivery,” continues el Abiary. What about data protection and information security? Does the outsourcer know about regulatory issues and can they service them? Banks are accountable to their customers and regulators for their services – making it all the more fundamental that they monitor their outsourcing processes accordingly. For an outsourced service, the principle is therefore not fire-and-forget, but fire-and-track.
Dr. Dirk Fuchs, Managing Director of Be Shaping the Future GmbH, clearly sees complexity reduction as the main driver for the use of managed services. In addition, innovation, scaling and flexibility play a role in the scope. “The trend is to run a complete application operation of an entire application landscape in the managed service,” he explains. Confidence in the cloud is growing – in the course of this development, more and more banks are moving to using a ready-made platform as a service, for example a complete treasury system. From functional to technical support via hosting, applications are provided that the customer can put into operation relatively quickly.
The conflict between cost efficiency, transition risk and disruption
The migration of an internal service to an external managed services provider creates a certain area of tension for the customer. On the one hand, there are complexity reduction and cost efficiency as advantages; on the other hand, there is the smoothest possible transition with as little risk as possible. To minimize the latter, the switch to managed services should not be too extensive and complex, especially at the beginning. At the same time, changes should be continuously incorporated for optimization. “Here it is important to find a suitable trade-off,” explains Fuchs, “it may well be useful to allow some disruptive influences during the transition if this improves service delivery in return through standardized business and IT processes.” The right mix for migrating to managed services, then, is to stabilize in the first phase, while at the same time, however, having the courage to take disruptive action as a basis for comprehensive process cleansing and standardization.
“Many organizations want to open up new business areas with the use of managed services. To achieve this goal, however, the entire organization should not be thrown overboard,” says Heidtmann. Instead, banks should adapt their organizational structure and processes to the new opportunities they now have and also optimize them, he says. Providers, such as Finastra, can provide support with best practice solutions, which on the one hand explain the processes, how other customers tackle these problems, and on the other hand also explain the system-side settings, adjustments and parameterizations that fit the transition. “We additionally provide so-called innovation environments in our projects,” explains Heidtmann, “which are basically sandbox systems that already contain all the essential parameters based on best practices and on which our customers can immediately test and create documentation to prepare for the live introduction of the new workflows.”
Efficiency and innovation through standardization
Managed service processes are generally easy to standardize. This is especially true in IT areas where standards such as COBIT and ITIL are applied. This ensures a certain degree of uniformity and transparency, which can be easily mapped and evaluated using tools. SLA reporting or the measurement of KPIs are useful for deriving optimization measures. An optimized change process with a fully automated testing procedure, such as the automated validation of reports, is a good example of how companies can benefit from the integration of a dedicated provisioning platform during the migration to managed services. “Standardization here leads directly into the topic of optimization,” Fuchs concludes.
Particularly in areas that affect the core system, standardized managed services can realize efficiency gains. For example, banks can react more quickly to changes in the market. In general, the activation and implementation of new functions is possible in a shorter time and more efficiently.
Innovation drivers that are currently providing impetus for Managed Services are tools and techniques that are summarized under the term Continuous Delivery. These include areas such as test automation and continuous integration and deployment. Analytics tools are also very much in vogue at present, for example in the area of ticket analysis and identification of recurring issues. And finally, the cloud with its offerings, with its usual reliability, because infrastructures can be provided securely and flexibly via cloud applications.
The provision of managed services via platforms creates openness for innovations. Third-party services can be connected easily and securely via open APIs. “At Finastra, we have converted our applications to microservices, so that third-party applications can also use all services, pricing and so on. We also use market standards like Kubernetes to visualize and orchestrate system processes. After all, that’s what saves costs: when you can operate a system as standardized as possible,” explains Jörg Heidtmann.
Compliance requirements: From KYC to Know-Your-Supplier
Regulatory requirements demand that banks, regardless of whether services are provided internally or externally, continue to actively manage them as their risks. As such, banks must also be accountable for managed service processes themselves. “Compliance is a key aspect,” says el Abiary. “A platform can be good and efficient, but if it doesn’t meet compliance and regulatory requirements, it’s not usable for a bank.” Customer trust also ultimately depends on it. From a managed service provider’s point of view, it is therefore a must to support banks accordingly. If a part of the processes is set up according to the compliance regulations, then an internal control system should then be defined to check the processes. Under certain circumstances, this can also be done by means of an auditor’s ISAE audit report.
Finastra pays meticulous attention to compliance with certain procedures and standards when developing software – especially when it is developed in the cloud. The development concept is based on two pillars: First, potential points of attack are analyzed in detail and documented before software development. Secondly, products and workflows are continuously tested during operation. The analysis of the notified software is carried out by the dedicated unit of an internal compliance department, which checks and evaluates both the architecture and the data model for potential weak points. If the software is not certified according to the specifications, it is not implemented. The testing procedure, in turn, consists of two parts. On the one hand, it consists of static tests, whereby the code base of the software is repeatedly checked by standard applications that already exist on the market. “More important, however, are dynamic tests,” Heidtmann knows. “Here, the system is constantly attacked during operation to check whether any weak points exist.” The new systems are also attacked specifically by contracted third-party companies to find out where there are predetermined breaking points and whether someone will succeed in hacking the system. “The tests are the decisive criterion that determines whether we can even release software and pass it on to customers,” says Heidtmann.
So for banks, not only does Know-Your-Customer (KYC) play a significant role in selecting the right managed services that also create real value for the customer, but also Know-Your-Supplier, as the latter must ensure regulatory compliance for the bank with regard to the outsourced services.
Deployment of managed services and conclusion
Deploying an application as a managed service involves the following facets: Application Management concerns the application itself or components that are deployed in addition to the application. Other purchased components or individually developed elements are added to the possible range of services, up to and including a complete infrastructure that is operated on the platform. A managed service not only includes the application itself, but also operates at the platform level and can also include full hosting in a cloud environment. In addition to front-, mid- and back-office applications, there are a number of interfaces or integrations in downstream systems – these can either come directly from the provider or from partners such as fintechs, software vendors or even banks that have developed such tools themselves and make them available to the community.
The success factors that contribute to a managed service being used purposefully at the customer’s site begin with the transition and continue through standardization to the continuous implementation of optimizations and innovations. All factors must meet compliance requirements at all times. Existing processes, legacy systems and data sets are recorded and analyzed, and then a standardized migration procedure is used to achieve an easy transition from an existing system to managed services based on the Finastra platform. “We use standard processes as part of our managed services. In addition, we increase the efficiency of the services and applications used by applying innovation drivers from the context of digital transformation,” summarizes Fuchs. The core buzzword, however, remains compliance. Compliance is the guarantor in the human service solution that ensures that the managed service can also be used successfully by the bank.