Nobody knows your business as well as you do. So at first it seems only logical to assume that the best way to ensure your firm and its employees meet their regulatory obligations is to build a compliance software solution in-house. But, as we know, things aren’t always as they seem. Let’s take a look at the pros and cons of building a solution in-house versus buying one from a vendor.
Building a Compliance Solution In-House
When you build a compliance platform in-house you own it: from product launch to product sunset. You set the pace and priorities of platform development and retain ultimate flexibility for new features and functionality related to changes in technology, markets, and regulation. But all that flexibility comes at a cost. Costs for licenses, servers, racks, and routers. Costs for user training. Costs for maintaining a stable of support staff that is dedicated enough to the needs of the compliance team such that–when the inevitable changes in technology, markets, and regulation come–it is ready to pounce on further design and development as needed.
There’s also an indirect cost to having to dedicate a portion of your business (which is presumably not tech related) to a specialized support function such as this. Think of it as a cost to your business focus. That is, compliance and the tech you need to optimize the function is very different from what your business does to make money: from what it’s best at. But the compliance function is an important one. You can’t operate safely and profitably without it being top notch, so that your business avoids the fallout that could come from finding itself out of regulatory compliance.
Buying a Compliance Solution From a Vendor
Which brings us to buying your compliance solution from a vendor. In this case, you’re getting a platform built by a specialist in regulation technology, or regtech (short for regulation technology, itself a specialized form of fintech, or financial technology). Being a specialist in compliance technology, a compliance software vendor’s entire business depends on its very particular focus on regtech and being the best in the industry at it–that being how it as a business makes its money.
So you get a company laser focused on the compliance function: your compliance function. Because regtech vendors have to be about more than the technology. They have to understand how your compliance function works to understand how it can be made to work even better. Technology is a big part of that, but to design the best compliance technology a vendor has to have an intuitive understanding of what your compliance officers do all day. What their particular challenges are. How they interact with each other and with other employees: from end users to senior leadership. In short, regtech vendors need to know what firms and the people who work there really need from the tech they as a business are on the hook for delivering, supporting, and updating, even as the markets, technology, and regulation constantly evolve and change.
There’s a cost for this, too, of course, but it’s a predictable cost. Most regtech providers today are SaaS companies, short for Software-as-a-Service. With this model, you’re not technically buying anything. You’re subscribing to a service that, for a monthly fee, will bring you the best compliance software–the best features and functionality–the company has to offer. For no extra charge, you’re getting access to the combined knowledge of hundreds of other clients the company works with around the world, and the sustained feedback of tens of thousands of those clients’ end users: on the product itself and their needs as compliance practitioners. A compliance software solution built in-house will simply never match that, even for the biggest firms with the biggest budgets.
Vendor software is crowd-sourced software in the best sense, then–with combined input that translates into features and capabilities a lone organization might never identify. It also offers peace of mind, leaving you safe in the knowledge that the software solution you depend on to keep firm and employee risk at a minimum is tried and tested to the nth degree. Think of it as the finest peer-sourced, best-practices compliance network you could ever hope to have access to.
How Do I Buy The Right Compliance Software?
The key to buying the right compliance software–like with buying any software solution–starts with selecting your vendor. This vendor, of course, must be vetted thoroughly. There’s going to be a lot riding on the effectiveness of this software. When you engage a prospective vendor, don’t hesitate to pin them down on any item you can think of. A good vendor will probably have heard most if not all the questions on your list, and be ready with the right answers. And if they don’t happen to have an answer on the tip of their tongue, they should be eager to find it for you.
Ask to see a software roadmap and demos. Get references. Compliance professionals are notoriously reticent to talk about their software endeavors with outsiders, but a good vendor will have found a way to make it happen. Compliance software isn’t a sideline for them, after all. It’s their bread and butter. Make sure the vendor meets all security and tech requirements. Good vendors will be ISO 27001, ISO 9001, and SOC2 Type II compliant. They will have processes in place that protect all aspects of client confidentiality, data integrity, and software solution availability.
Find out how the vendor backs up records and how easily they can be produced, in the event of an audit. For that matter, find out if the vendor conducts third-party audits of itself, to ensure it as a tech provider is meeting the highest industry standards. Be sure to determine the level of training and support offered, which will be critical as the business grows. Finally, look for functionality like single sign-on, human resource systems integration, and techstack integration. And it should go without saying to read the fine print of the contract, to make sure you know exactly what it is you're getting, so there are no unpleasant surprises later on. The contract you sign and terms you agree to will determine the future shape of your compliance solution and, ultimately, your costs.
How Do I Get Buy-In For My New Compliance Software
Companies typically judge the cost of an item or service by the return-on-investment, or ROI, it delivers. But with compliance, it's harder to get to that clear-cut number. A compliance officer's mere presence on the job may stop problems before they ever manifest. So may a new compliance software solution: one that surfaces a trend or behavior before it becomes existentially dangerous. But how do you insert something that didn't happen into an ROI equation? One answer is, companies regularly assign hard values to soft costs and benefits. Intellectual property–like copyrights, trademarks, and patents–is highly valued and regularly factored into company worth.
Here’s another way to approach the benefits of having as watertight a compliance program as possible–which good software can help you achieve–at your firm. Risk is a four-letter word in heavily regulated companies. Don’t be afraid to toss it around. A frank discussion of dire potentialities with enough people in senior leadership is sure to eventually prick the ears of someone who gets it: someone who doesn’t want to see the firm suffer because a new piece of software won’t fit tidily into an ROI equation. The more positive case for an investment in a compliance software solution might go something like this–a company operating more ethically could be recognized as such in the marketplace, which could be a marketplace differentiator.
In the end, the case for a compliance software solution is much like the case for insurance: individuals and businesses regularly pay to protect against things that may never happen. You can always opt to build, but buying from an established vendor means you get a platform that’s easily understood by auditors, who will be familiar with it from auditing other firms. You're also freed from doing software development as a sideline, so you can focus on what your firm does best.
For more in-depth analysis, check out this blog, our build-versus-buy guide, or our handy build-versus-buy checklist. Learn more about ROI and compliance here.