To Build vs. Buy: The Compliance Conundrum for Financial Institutions

Compliance decision-makers should always factor in budgets when implementing new compliance technology, but more importantly, they must consider the long-term impact and ROI of their choice to build vs. buy.

Celina Pablo
3 min
Cost is more important than quality, but quality is the best way to reduce cost.
— Genichi Taguchi, Japanese Engineer


Compliance as a function is plagued by stories of applications and solutions that were shelved after eating up budgets, postponing Go-Lives, and causing a lot of frustration. At the same time, many organizations were forced to go back to the old ways, discouraged from the failed attempt to move forward.

Building: We can do it for a fraction of what the vendor asks…

Financial institutions (FIs) may be driven to change internal compliance systems due to factors such as regulatory change, new processes, or updating legacy technology. In this process, FIs typically engage several vendors, exploring the market much in the same way that buyers would visit a car dealer and evaluate cars based on safety, comfort, or fuel efficiency.

However, many FIs follow an internal “in-house built” approach, especially when operating within strict budget boundaries or when longer development and implementation timelines can be afforded. When FIs decide to build in-house, they must also allocate internal resources and expertise to execute the project. Any resources deployed to build an in-house compliance system must also be committed to post-implementation and maintenance work.

In these instances, building internally within the mentioned budget and time conditions seems reasonable as long as those factors are integrated within the current IT architecture and as part of a broader, long-term plan.

Buying: 5 reasons to buy an external compliance solution

There are several reasons why FIs should strongly consider buying a trusted compliance solution. The list of reasons is extensive, but we’ve laid out the top five factors that decision-makers should consider beyond costs:

1.    Specialization:

Vendors typically focus on key areas that aim to solve specific problems FIs face, while internal developers tend to be more generalist. The true nature of cost-effectiveness drives this approach, as FIs could only afford to have a limited number of teams dedicated to every challenge they face. External compliance vendors have experience implementing software with many different clients, so they provide valuable insight and expertise that can help reduce implementation timelines and guide in decision-making.

2.    Flexibility:

In-house solutions are invariably tailored to current processes. When challenges evolve, they generate shockwaves impacting users, processes, and customers, sometimes forcing a significant overhaul in tools. This lack of flexibility results in even greater costs than the initial cost that the FI aimed to save by building in-house. In addition, the lack of flexibility in compliance solutions can lead to the creation of workarounds which increase complexity and reduce productivity. For example, the profound changes in customer habits driven by the COVID-19 pandemic was a hard lesson to learn for many FIs.

3.    Service:

In-house teams develop applications and move on to the next challenge or assignment. It is ineffective for an FI to use a significant portion of its workforce to sustain its in-house compliance solution. After a few staff attrition or rotation cycles, the organization becomes unprepared to manage updates or handle unexpected downtime. Vendors not only bring expertise from across several organizations but often include service and maintenance as part of their contractual obligations.

4.    Adaptability:

New tools and applications must be well integrated into an organization’s architecture. The ability to implement a system that can integrate with existing applications and data flows has almost become an art, especially when considering the myriad of legacy systems that still populate FIs. Vendors have dedicated teams specializing in integrating their solutions, looking both forward and backward, as many FIs are not able to fully part with critical legacy systems.

5.    Speed:

Going for an in-house solution means that FIs must start from scratch, from requirements gathering to building, implementation, and sustainment. When this translates into timelines, it will result in a longer adoption period than an already built, ready-to-deploy solution that might only need some slight configuration and integration work. At the same time, criminal activities could continue to flow through the FI’s products and services.


Implementing new technology is a huge challenge, whether the tools are bought from a solution provider or developed internally. It can be disruptive, and it is always costly.

It is critical to have the right resources and expertise before, during, and after implementation, to achieve return on investment (ROI), a positive customer experience, and overall effectiveness. This is frequently achieved by teams formed of individuals who devote their professional lives to it. This is the reason why vendors exist: to help FIs, so they don't have to do it alone. The goal is to build and deploy systems fast, efficiently, and successfully.

The buy vs. build debate won’t go away any time soon, but the demands for enhanced efficiency, proven effectiveness, and customer satisfaction will only increase. Compliance decision-makers should always factor in budgets, but more importantly, they must consider the long-term impact and ROI of their choice to build vs. buy.

Want to learn more about how Lucinity can help you with your compliance needs? Book a demo here.

Sign up for insights from Lucinity

Recent Posts