How do innovative SaaS solutions help financial institutions prepare for future regulatory changes?

Interview with Piotr Malczak, Chief Product Officer of FINGO Systems

In the rapidly changing world of finance, banks and other regulated institutions face constant pressure. Regulations are constantly changing, so they need to be monitored continuously, and new guidelines must be swiftly adopted. Challenges such as increasing reporting burdens, complex data security regulations, the growing threat of cyberattacks, and the need to reduce costs are driving the financial sector to seek new, more efficient solutions.

‍'In the current climate, the capacity to efficiently handle the complex regulatory reporting process becomes a key issue. Modern solutions available in the Software as a Service (SaaS) model present themselves as an attractive alternative to traditional IT infrastructure investments,' Piotr Malczak, Chief Product Officer at FINGO Systems, explains.
‍
‍'The subscription-based model allows institutions to convert large capital expenditure into predictable operating costs. As a result, they benefit from financial flexibility as well as scalability and security, which are difficult to achieve with conventional IT models.'‍

Over 500 financial institutions in the EU use conventional solutions offered by FINGO Systems. Most traditional systems are used under licence; however, SaaS services are gaining increasing popularity, especially among smaller institutions and cooperative banks. Why?

Like other financial institutions, cooperative banks must deal with the ongoing changes in regulations, which require them to be compliant, flexible, and operationally efficient. The transition to SaaS (Software as a Service) in the context of statutory reporting yields several benefits, i.e.:

• Reduced upfront costs
• Lightening the burden on IT teams
• Swift adaptation to regulatory changes
• Scalability
• Accessibility and continuity of operations
• Data security
• Expert support and updates

This is an attractive solution for cooperative banks as it boosts operational efficiency and enables effective management of regulatory and financial risks.

Let's take a look at regulatory risk. More than 200 years ago, in a letter to Jean-Baptiste Leroy, Benjamin Franklin wrote: 'In this world, nothing is certain except death and taxes.' Applying this analogy in relation to the financial sector of today, could we say that the only certain constant is change?

The world of finance is dynamic and ever-evolving, and new regulations respond to these changes. To ensure legal compliance and safeguard its own and its client's interests, the financial industry needs to be adaptable and quick to respond to new requirements. At FINGO, we are well aware that constantly adapting to changing legislation is not just a challenge but also a necessity.

Is it mainly the constant changes in reporting obligations that are driving the rapid advancement of technology in regulatory reporting?

Our solutions are designed to enable financial institutions to adapt quickly to new requirements, but many more factors influence the development of technology in this area. Since information tagging technology, i.e., the XBRL language, became the format for statutory financial reporting to supervisory authorities, reporting is more complex than it used to be. Until a dozen years ago, Excel was enough. Today, it is much more complex, and the way reports are prepared varies depending on the type of financial institution and the report.

As reporting obligations increase, so does the amount of data reported. What challenges does this pose in the area of technology?

Shifting the burden to retail reporting, also known as granular reporting, has been a growing trend for some years now. The focus here is on very detailed customer or transaction data. This provides opportunities for analysis that are unavailable in the traditional reporting model, i.e., a balance sheet or income statement analysis.

Examples of such capabilities include searching for suspicious transactions (fraud detection) and looking for patterns of behaviour, correlations with market phenomena, or macroeconomic parameters. The potential for performing this type of analysis is huge and, in practice, only available when collecting retail data.
Of course, the challenge in terms of technology is to process vast volumes of data efficiently.

Cloud computing is so flexible in adapting the environment to individual needs and operating volume that there are no other viable alternatives for this kind of issue. Figuratively speaking, the infrastructure expenditure is proportional to the volume of customers/operations. Significantly, we can use the most advanced solutions from the beginning, even with small-scale operations.

Are banks technologically prepared for this?

Certainly, banks need to be prepared for two developments: the shift mentioned above in focus to retail reporting and an increase in the regulatory burden.

Does this mean that rising costs are inevitable?

There are just two ways to handle the increase in load. The first one is standardisation, i.e., using standardised systems offered on the market, which will always be more efficient than individual projects.

The second method is to increase automation in reporting processes. We are introducing the idea of robotic reporting systems, i.e., self-operating systems for tasks that do not require human intervention or decision-making.

And what do banks need nowadays?

For banks to adapt to increasing reporting obligations, they need to take on a comprehensive approach that includes organisational adjustments and the right technological solutions, enabling them to handle large volumes of data efficiently, automate processes, and quickly conform to changing regulatory requirements.

Many experts believe that the future of banking lies in the cloud. Given the scale of the challenges in the regulatory area, is this the only solution available today?

Perhaps not the only one, but it seems by far the best. Cloud systems have multiple technological and functional advantages. They can be quickly scaled to meet the user's needs, making it possible to handle large volumes of data and complex reporting processes without the need to invest in additional infrastructure. The scalability of cloud services also offers a predictable cost structure that companies can modify according to changing needs and shifts in the market.

But will using SaaS software be cheaper than purchasing a traditional licence?

Software delivered in a SaaS model can be cheaper to use compared to traditional desktop systems. Yet, the actual cost can vary depending on several factors, including the scale of use, the needs of the business, and the software's specific features and complexity. SaaS services eliminate the need to invest in hardware and software licences, which lowers entry barriers. Payments are spaced out over time, making it easier to plan your budget. Operational costs are also lower as suppliers deal with software maintenance, upgrades, and security, thus reducing the need to invest in IT resources. It also does not require installation of the system on employees' desktops or subsequent updates. And on top of that, we can adjust the scale of use and payment according to the company's ongoing needs.

So, in economic terms, does SaaS pay off more?

It depends. In the long run, the total cost of subscriptions may exceed the cost of a one-off purchase of traditional software. Determining the investment perspective is key in this respect. Achieving a lower total cost is difficult, considering the speed of change and resulting ever-shorter investment cycles.
In my opinion, however, the advantage of the SaaS model solutions is not the cost but the financial flexibility of not having to make an upfront investment (upfront fee) and the possibility of adjusting fees in line with shifting business volumes. The total cost calculation must also include the costs of purchasing licences, maintenance, upgrades, and technical support.

In that case, where will this type of solution work best?

With lower upfront costs and greater flexibility, this will undoubtedly be a better solution for cooperative banks, smaller institutions, and companies needing quickly scalable solutions. This is why they are the first to turn to SaaS reporting services. However, considering frequent regulatory changes, this may be a better solution for larger institutions.

Is it because of the need for more and more frequent updates?

Maintaining a SaaS product involves updating the system in two areas. The first is technology, which covers all activities related to system improvements and bug fixes to ensure secure and uninterrupted access to the cloud application. The second area entails adaptation to legal changes. To provide our current and future clients with compliant systems, we continuously monitor and take steps to adapt our systems for statutory reporting to the requirements of the supervisory authorities. We implement all system updates without the involvement of users already utilising our cloud systems. Earlier, the administrator of IT systems on the client's side would have to carry out such an update independently by uploading a new version of the system to the company's server. All of this translates not only into savings in terms of operational costs but also relieves the institution of the responsibility for an increasingly large and complex area that will require ever more resources without appropriate solutions.

The pressure to modernise IT systems in the financial sector is very high, yet data protection and ensuring information security remain key. How does the SaaS service perform in this regard?

SaaS software companies typically have much better safeguards than those currently available to banks, as the legislator requires supervised financial institutions choosing to outsource their services to conduct a risk analysis and vendor assessment beforehand. It consists of identification, possible mitigation (transfer, e.g., through insurance), reduction, or just acceptance (preceded by an in-depth analysis). Following any adaptation of the documentation to their needs and circumstances, the supervised entity must submit a notification to the supervising authority. Cloud providers implement top security standards to navigate this process and successfully facilitate decision-making. Therefore, selecting a SaaS service is an investment that enhances data security and protection.

FINGO's high standards in this area are evidenced by the ISO/IEC 27001:2022 certification. How does this translate into cooperation with financial institutions?

A certificate confirms that someone competent has independently verified the IT service provider. This makes verifying the Information Security Management System much easier during the tender process. ISO/IEC 27001:2022 certification guarantees the security of our cloud solutions, reducing the time-consuming risk analysis of the transition to cloud services by up to 70%.

Has certification entailed any unique adaptation of security procedures to the needs of the financial sector?  

Monitoring asset security is critical when producing software for financial institutions. This is a market requirement that must be met unconditionally, mainly when offering cloud services. That is why our engineers have for years been opting for widely accepted standards in the financial sector. As a result of the certification process, the procedures have been extended to the entire organisation. In particular, we focused on the security of the applications, infrastructure, and process information across all stages of the software development cycle. We have put in place several procedures and inspections, which must be complied with to maintain our organization's proper security.

And how does this affect security on the client's side?

In the case of cloud solutions, system security is built into the system from the very beginning, starting with the architecture, applying the most advanced security mechanisms, and ending with organisational procedures. Additionally, we undergo external security audits to ensure that we are not putting our clients or ourselves at risk.

Of course, despite all these measures, the recipient still bears shared responsibility for security - the most common target of cyber attacks is the client's internal infrastructure.

Recently, the first Polish bank fell victim to such an attack. How was the system prepared for this?

The client's resources were the target of this attack, not our system. However, this situation has shown that this is a real threat and that our cloud system has been adequately secured. It has also proved capable of serving as an additional data backup. To provide outsourcing services to financial institutions, we had to ensure that our solution was adequately protected in compliance with current security standards. Thus, each client's database is separated and copied to a different location once a day. The encrypted data increases the degree of security against loss or theft. The system itself is continuously updated to the most recent versions. We also have a plan for exiting the cloud, allowing the financial institution to maintain the continuity of its operations.

From a technical and organisational point of view, scalability and flexibility make it easier to provide functions that facilitate the work of those creating reports. But does the user's day-to-day work with the system get easier?

In addition to solutions that facilitate financial institutions' prompt adaptation to new regulatory requirements, our goal in designing eON (i.e., the cloud version of the system) was to add features that enhance the user experience. An example of such features is the ability for several people to work on one report simultaneously while maintaining satisfactory system speed. Also, we can customise elements on the screen according to personal preferences (customisable GUI), making it possible for each employee to use the application according to their preferences.

Could similar solutions also be implemented in traditional systems?

Implementing such functions would be possible in classic systems, but this would require the client to provide servers with high computing power, which would not make economic sense in companies that need to report very occasionally, e.g., every quarter.

And what do eON users appreciate the most?

Our clients value the SaaS service for its flexibility and efficiency. Other features recognised by our clients include the capacity for multiple users to collaborate on a single report and the ease of sharing specific report cells through unique links or the personalised interface. All this makes it a well-known solution now available in a new, improved version.

Looking back to the period when eON SaaS was designed, all the actual threats the financial industry faces today were undoubtedly present at the time. So would you say that, like steel, it has hardened under harsh conditions and is well-equipped to face the most demanding challenges?

That's true; even though we have been developing the system for only two years, during that time, we have already faced the pandemic, the real threat of war and hacking attacks. We can add the pressures of the economy in the face of digital transformation and ongoing legislative changes, which will only intensify. Many innovative solutions have allowed us to provide top-level security. Also, this system will undoubtedly be much better suited to the needs of today's financial sector than traditional solutions in the face of impending challenges, thanks to its flexibility, scalability, and cost-effectiveness.