Fintechs and outsourcing: what’s not to like?

March 15, 2020

cropped-tradingfloorflags1.jpg

In this article we examine some regulatory concerns associated with fintechs, and in particular the outsourcing of services. We then distinguish between outsourced services and complementary services. Having decided what is and is not outsourcing we attempt to define a terse taxonomy, then examine an example organisation to match up the categories to the opportunities. Having worked through the framework we take a quick look at some of the good, bad and downright ugly outsourced cases that have passed by financial technology over the past few years. We round it all off with a highly subjective (but very plausible) view on where fintechs are heading next; it won’t be anarchy, but it could certainly be disruptive.

Neither Fintechs Nor Outsourcing Are New – So What Is The Big Deal?

Financial services organisations have been involved in outsourcing virtually from their inception. Like most other firms their power supply, office space, telecommunications, transport and base level IT systems have always been outsourced (notwithstanding Goldman Sachs’ insistence on using Gold C in the 1980s and Slang subsequently, as far as I know they don’t build their own OS, SQL databases or hardware). Everyone’s doing it, even if they don’t outwardly advertise the fact. So anyone’s due diligence process should take into account second, third and maybe fourth order risks. Where are your datacenters, and what are their accreditations and precautions? Where are your suppliers’ datacenters, and what are their accreditations, and so on.

The most overt driver for outsourcing of late has been cost-cutting. On the sell-side challenger banks have been threatening to eat the high street banks’ market share while on the buy-side roboadvisory services have eaten into the incumbents’ margins. As a result outsourcing is A Big Deal. But it need not necessarily mean increased risk. As we will see, there is a strong argument to suggest that outsourcing is not only commercially sensible, but it can also decrease risk to your core business. Furthermore, some businesses today are increasingly only commercially tractable due to the economies of scale associated with third-party fintech services both in terms of their cost, speed to deliver and range of services that can be quickly leveraged in a rapidly changing marketplace.

Here we will look at:

  • What the regulators care about
  • The forms outsourcing can take
  • What experiences we’ve seen to date
  • What is making it all increasingly possible
  • What is coming next

The Regulators Are Not The Enemy

Regulatory bodies care about the long term viability of the marketplace over which they have jurisdiction. So anything that affects the market in any sense is going to be be of interest to them. Outsourcing in financial services is discussed in SYSC8.1, although, as the FCA document helpfully points out, ESMA has also issued guidelines under Article 16(3). Clause 5 of the latter encapsulates most of the sentiment of SYSC8.1 given that it states:

An investment firm shall ensure, when relying on a third party for the performance of operational functions which are critical for the provision of continuous and satisfactory service to clients and the performance of investment activities on a continuous and satisfactory basis, that it takes reasonable steps to avoid undue additional operational risk. Outsourcing of important operational functions may not be undertaken in such a way as to impair materially the quality of its internal control and the ability of the supervisor to monitor the firm’s compliance with all obligations.

SYSC8.1 takes a slightly more prescriptive step in stating that a firm

must retain the necessary expertise to supervise the outsourced functions effectively and to manage the risks associated with the outsourcing, and must supervise those functions and manage those risks.

These documents are guidelines and what they state can be summed up as:

Don’t Be Stupid

Getting someone else to do the heavy lifting for you does not discharge your regulatory responsibilities; you are still on the hook. This should not come as any kind of surprise. What this means is that you need to police your service providers to ensure that they know your responsibilities, or you are confident that their capabilities comfortably outstrip your responsibilities. They have to be up to the job of satisfying the Regulators on your behalf, because it they screw up then the blame, the fine and/or the sanctions are yours.

None of this negates the benefits of outsourcing, it just means there are common sense “due diligence” steps to follow when selecting a service provider, and the more of a partner they are the better. Here are some questions you can consider when evaluating a service provider or vendor:

  • Does the provider have a pedigree in the area they seek to service?
  • Do they understand financial services?
    • Do they understand the asset classes you trade?
    • Can they handle the trade types you deal with?
    • Are they aware and understanding of the regulatory requirements?
  • Do they have other clients in the same or a similar area to your business?
  • Is their business model in line with yours? Does their fee scale with your profitability?
  • Are they large enough to cope with your trade volumes/customer volumes/etc?
  • What are the sub-contractual risks (market data/compute servicing/fourth-party applications/etc)?
  • Are there any IP risks in the event of their failure (will source escrow help)?

Every firm active today will already be using third party software, everyone has carried out a due diligence exercise of some description, even if it is of the most cursory “everyone else uses Microsoft Excel so I will too” variety. The degree of due diligence you undertake is likely to be commensurate with the risk of the operation under consideration failing or the impact of that failure.  SYSC8.1 states:

…when relying on a third party for the performance of operational functions which are critical for the performance of regulated activities, listed activities or ancillary services (in this chapter “relevant services and activities”) on a continuous and satisfactory basis, ensure that it takes reasonable steps to avoid undue additional operational risk”.

Note that it does not say “reduce operational risk” (my emphasis) it says “avoid undue additional operational risk”, so it effectively says “don’t make things any worse”. But in all likelihood outsourcing to a specialist provider is more likely to improve your processes and therefore reduce your risk than to keep the risk levels the same. This is in the same way that were we to build our own telecommunication networks our service reliability is likely to be poorer and the function more expensive than if we outsource it to a specialist organisation that has a great deal of specialist experience in that area and benefits from economies of scale. I’ll reiterate, these are key factors to remember: specialist experience and economies of scale.

So we have established that there are no regulatory challenges to outsourcing provided common sense is exercised.

When Is An Outsourced Service Not An Outsourced Service?

Let us move on to attempting a broad review of what is, and what is not an outsourced service. Essentially it involves optionality. If you there’s a choice to provide a service inhouse then it can be outsourced.

Fintechs and other firms acting as suppliers to the primary and secondary markets offer many forms of engagement but two are foremost. Consider the following pair of categories where a fintech might be active in providing outsourced servicing:

A. Business improvement: Things someone else can do “better” than us.

    • A smaller-scale example might be the provision of homogenised direct market access where a vendor provides interfaces to all markets (Ion springs to mind as a firm that has been doing this for years, but there are others).
    • A large-scale example would be the replacement of a back-office trade processing function from execution to settlement.

The success of a third-party’s business model may be attributable to a variety of reasons such as economies of scale, superior intellectual property, geographical timezone, or cheaper labour. Here “better” might mean one or more of:

  • Cheaper
  • Faster
  • Richer in content or experience
  • To a timeline that we cannot achieve on our own
  • Using a delivery channel we don’t support

or any number of other qualitative measures.

Typically “business improvement” covers elements that are not core to the firm’s strategy so can be pared away as a third-party service. For example they do not involve determining investment decisions (although it may provide evidence and tooling) and it does not replace client relationships if these are the areas of your business that are key to generating wealth, i.e. the “alpha” component of your business model. In order to determine whether a particular form of business improvement outsourcing is appropriate for your firm you must first assert what the alpha is – what are the key parts of your business that dictate its profitability? Fundamentally business improvement offers a strong opportunity for outsourcing – it’s something you can do yourself, but someone else may be able to do it better saving you headaches, time and cost.

B. Business facilitation: Things we can’t do but someone else can.

    • If we represent a buy or sell-side firm then consider the case of an exchange; they intermediate between counterparties in a way we cannot (since we are a counterparty) so we interface to them and utilise their services.
    • A similar argument holds for firms like Acadiasoft for margining where their independence as an entity (notwithstanding their shareholders’ partiality) enables them to operate as arbiter.
    • A custodian holds assets separate from the trading entity specifically to safeguard the client.

Typically “business facilitation” covers elements that are outside of the remit of the firm’s business model but are functions that must work efficiently for the firm to be successful or to enter new business areas. Business facilitation is not optional, except where there are different third parties to use, you may have to use a custodian or an administrator but not a specific one. So it does not replace an existing element of a firm. Similarly the extent of the undertaking may have optionality. It is not obligatory to interface to all SEFs,  however ignoring those that host the most liquidity would be an odd decision, and trading MATable products (those mandated as “on-SEF” by MiFID2) demands the use of at least one. Neither buy-side nor sell-side firms are likely to host their own SEF so no existing function of the firm is going to be replaced. Business facilitation is not outsourcing, in general you can’t do it yourself.

So although benchmarking and due diligence must be conducted where both business improvement and facilitation are concerned we’ve established that business improvement is the area with the optionality and opportunity for outsourcing. It is also the area where the buy, build or glue decision have to be made. Where business facilitation is concerned the optionality is limited to whether you use it or not, and in many cases it is unavoidable.

A Taxonomy Of Opportunity

Now we have determined what outsourcing is and is not, let us consider the form that the outsourcing takes. It may be the replacement or extension of a range of different elements which might include:

  1. Process this may be a whole process such as outsourcing the entire back office, or partial – a firm might rely on a third party to provide its VaR, but calculate the rest of their market risk themselves.
  2. Component – I am not aware of any trading firm that sources all its own market data, they almost all use an array of vendors for the purpose. Similarly few firms build their own trade lifecycle management system, they install, tune and manage third party software for the purpose. This is contributing technology, it supports the firm’s own processes but does not necessarily dictate them. A component is a tangible “thing” like an IT system, like data, or a pricing model.
  3. Infrastructure – this category does not just cover hardware such as datacenter buildings but also the connectivity between offices, and systems. Originally it would have been confined to IaaS models but increasingly we have seen vendors creeping up the software stack to provide PaaS and SaaS models too. Note and beware of the rapid rollout of value-added services by the large cloud providers to secure vendor lock-in. As the infrastructure stack grows vertically it impinges on the Component category. Go further still and it will grow into the Process category too.
  4. Channel for a sell-side firm it is considered normal to provide prices to clients on an array of platforms. They may host swap prices on a proprietary platform of their own but also send up prices to Bloomberg and Tradeweb for electronic execution. Changing or supplementing the delivery channel can replace inhouse technology or augment it.

[As an aside there are arguments to suggest that human resource outsourcing might fall into either the process or infrastructure categories here (I have no preference, it depends on your perspective – are they representative of the processes that they conduct or part of the firm’s scaffolding – you decide).]

Typically outsourcing plans in financial services have one major theme: they don’t impinge on the purchasing firm’s secret sauce – as noted earlier: the firm’s “alpha”. This is the thing that distinguishes a firm from its competitors and fundamentally determines their competitiveness and therefore profitability. Everything else should be up for grabs.

So let’s consider an example fintech that provides outsourced services and how we would categorise their offering. I’ll use my own firm as a reference since it’s a fintech and the domain is reasonably well understood (by me at least). It offers outsourced technology and services to investment managers and financial institutions. It has a live, cloud-based portfolio management system.

  • This is cloud based because the firm’s alpha is not hosting (much) hardware (infrastructure replacement)
  • The firm provides portfolio management and a full range of supporting services (process replacement).
  • While traditional managers might operate using self-hosted applications and spreadsheets the firm delivers services via a web-portal (a React.js UI with a scalable server-side hosted on AWS if you’re interested) – so a channel replacement because the delivery mechanism is global but also a component replacement because the spreadsheets and legacy applications are rendered redundant.
  • The firm offers an entire service stack as process replacement or a pick-and-mix approach based on the component services to include any mix of Risk Analysis, Treasury, Trade Processing, Fund Accounting, Legal & Compliance Support and Investor Relations (i.e. partial process replacement).
  • The firm procures and hosts market data (component replacement) because it could be viewed as inefficient, or tortuous, to maintain contracts with a wide array of vendor platforms, banks, exchanges and brokers, so the firm does it as a service for clients. It does not however scour the world’s markets to create, measure and sell on the liquidity information – that would be inefficient so that chore is left to brokers and exchanges (and example of second-order component replacement).
  • The firm provides pricing models (component replacement) that reflect the market because it is inefficient and expensive for a client to build their own across a wide range of asset classes.
  • It also carries out trade lifecycle management (process replacement) because there is a high bar to entry to do this function effectively, so aggregation offers economies of scale. This includes essential management facilities such as portfolio compression and netting (partial process replacement).
  • Similarly we provide Treasury, Compliance and Investor Relations services (process replacement) because it is less efficient and distracting for a portfolio manager to carry out this operation themselves.

Our clients’ alpha is in executing their investment strategy efficiently and effectively, not in the processing of trades or calculation of risk. We have clients and their investors undertake due diligence investigations into our capabilities on an almost weekly basis. This process involves questionnaires and onsite visits. These processes should be Standard Operating Procedures for any outsourcing firm.

Outsourcing takes some bravery. For a firm to outsource some element of its function it must first be able to assert that a third party can do the task in a better way (functionally, economically or both) than they can themselves. This requires a cold analytical perspective to triumph over the easier visceral acquiescence. Sometimes a firm will buy a smaller service supplier to internalise the IP before it becomes a supplier to their competitors. There is always the risk that the service supplier might grow quickly and become a disruptive competitor. But it is probably more frequent for servicing firms to operate symbiotically with big financial institutions either to gain market share through association (since trust is a key element in outsourcing), or in the hope of significant investment, perhaps to the extent of being bought in their entirety.

The Story So Far

Now we have identified some of the forms outsourcing can take let us consider some of the experiences firms have had to date, since outsourcing in financial services is nothing new but has had mixed success.

Third-party software is ubiquitous and has provided many successful functional subcomponents. The success of these components is facilitated by common APIs and message formats (e.g. FIX) that facilitate interoperability between functional subcomponents from different suppliers. Where they are not available firms have grown teams responsible for data ingestion and ETL functions to stitch the applications together into an interoperable patchwork that meets the firm’s needs, with their alpha at the centre.

Another positive example is in datacenter provision. There are many firms offering large sheds around the world in which to place your equipment. This is preferable to having to buy land, construct buildings and staff them to manage your equipment. Economies of scale make this a clear outsourcing opportunity for all but the very largest firms. Ironically the shed-owners are now seeing their business model disrupted by the ‘very largest’ firms (Amazon, Microsoft and Google) who have realised that providing sheds along with hardware, core software layers, and fast interconnects is a highly viable economic model for them to offer as an intrinsic part of their service.

More contentious has been the adoption of offshore development and support teams. Here there have been significant challenges around timely, complete, and functionally effective delivery of software. The problems have tended to arise from poor communication, weak quality controls and under-specification rather than anything intrinsically deficient in the capabilities of the contracted third party. This has forced a number of firms to retrench and either near-shore or inhouse their development and support functions. Fundamentally the initial problems here were driven by a lack of managerial due diligence and oversight. Not all software developers are created equal, and software development cannot take place in a vacuum. A hands-off delivery model is at odds with the move towards Agile delivery (Scrum, Kanban, or whatever is this week’s vogue model) where micro deliveries are provided to ensure the project stays on track. Again, geography frustrates communication so care must be taken when planning such a project.

So What Next Fintech Folk?

Technological changes such as cloud infrastructure and rich web delivery portals provide the potential for geographically unencumbered servicing. Rather than providing stuff you install and run they new environment presents services that you interface to without needing to manage and run them.

To date we have considered only incumbent businesses looking to improve their existing operational model by becoming more effective by hiving off inefficient processes to third parties, or adopting new features from them to grow or sustain their existing business. But there are new, potentially “disruptive” entities entering the marketplace who are benefitting from the proliferation of fintechs. These new entrants have no incumbent systems or processes but instead seek to build their business from a tessellated arrangement of systems and services provided by third parties to surround their alpha. This support model may be provided by a partner firm or a range of inter-operating businesses. Risk is minimised provided their business models are aligned. If this amalgam of interoperating services adhere to clearly defined protocols and messaging formats the exercise can be highly effective and cost-efficient. These firms can keep their head counts low and overheads similarly minimal. Their costs scale as opex alongside their business because they are able to negotiate similarly aligned charging models with other fintechs who benefit from their growth – this is the symbiotic relationship I alluded to earlier.

Contrast the startup model with that of incumbent firms that have legacy webs of interdependent systems that are hugely expensive to maintain but even more challenging to decompose and replace. Their running costs are high but their transformation costs can look prohibitive. In some cases their best option may be to purchase a challenger, or at least white-label it, and switch their processes across to the newcomer. When all processes have migrated the legacy service stack can be decommissioned. The alternative is to either rapidly adopt an outsourced model or lose business share.