This report updates our previous risk IT expenditure analysis, Global Risk IT Expenditure in Financial Services; 2017 Update. Further updates are planned for 2019 and 2020.
It analyzes how and where financial institutions (FIs) are investing in risk technology, and the wider trends influencing their investment decisions. It has six main sections:
- This executive summary.
- A high-level overview of FIs’ expenditure.
- A summary of notable changes and developments in the different areas of spend, including sector, tier of institution and region.
- An overview of current trends in the market that are influencing the way – and how much – FIs are spending.
- A consideration of the overall implications for our model going forward.
- Tables and charts summarizing the key data from our analysis.
Two appendices provide our definitions and research methodology.
A switch to maintenance spend
Overall, risk IT expenditure grew by about 5% between 2017 and 2018, to $77.8bn – a slight decrease on the 6% growth for 2016-2017. Around the world growth is starting to flatten, and even decline in some areas, as spending shifts from new risk IT projects to the maintenance of existing ones.
Risk governance and integration and Financial Crime (FinCrime) again accounted for the bulk of FIs’ risk IT expenditure – at 32% and 27% respectively. Regulation (including a new focus on accounting guidelines such as International Financial Reporting Standard [IFRS] 9, Current Expected Credit Losses [CECL] and IFRS 17) continues to be a common theme in risk IT expenditure, with notable impacts in several areas, including credit risk, asset and liability management (ALM)/Liquidity and insurance risk. Capital markets firms, hit by new data requirements introduced by Markets in Financial Instruments Directive (MiFID) II and similar regulations in recent years, have been spending more on risk governance and integration (up 5% this year), while IFRS 17 and solvency legislation are impacting European and US insurers.
Another key theme – which we identified last year – was the shift from expenditure on internal systems to spend on external software and services. While this has been an ongoing development, it has now started to impact the expenditure mix. The disparity was most notable in North America, where spend on internal systems declined by 2%, while services spend rose by 15%. Many FIs have shifted their expenditure on risk IT systems to the cloud, and providers are supplying more ‘productized’ solutions that combine software, services and data in packaged offerings.
This shift is making the traditional definition of expenditure very complicated and somewhat less relevant to more recent trends and developments. We are starting to see an increasing discontinuity between the two groups, and we believe in future that the impact of cloud, managed services and utilities will require a more multi-dimensional view of risk technology expenditure. The impact of managed services as a substitute for traditional applications, for example, is substantial. In our forthcoming research, to capture the growing number of dimensions to risk IT expenditure, we will consider additional measures.
Growing complexity in the landscape
The move to the cloud is one of the key market dynamics driving much of the change we are seeing in risk IT expenditure. Migration continues apace, and we can expect many, if not most, FIs to shift their risk systems to the cloud in the coming years, particularly in the US. The other key influencer of risk IT spend is the gradual blurring of the boundaries between risk and other areas of FIs’ expenditure, such as market data.
Importantly, both of these trends are complicating the business of assessing, calculating and predicting FIs’ risk IT expenditure, which used to be relatively straightforward. Until recently, the nature of risk technology expenditure had remained clear and visible in most FIs, with defined categories of spend and clear purchase decisions. But the move to the cloud, in particular, is making it increasingly difficult to compare current numbers with those of the past, and to accurately classify some categories of risk (such as cyber and market risk).
Much of the activity that shapes FIs’ expenditure is happening out of view, with increasingly subtle and nuanced dynamics shaping purchase and implementation decisions, as well as a morass of competing and overlapping definitions. A great deal of what might be classed as ‘FinCrime’ expenditure, for example, overlaps with other business areas. So payments fraud overlaps with operations expenditure, while anti-money laundering (AML) systems are usually sold to compliance departments.
These dynamics will influence the way we approach our forecasts in future, and we intend to develop our models for forthcoming reports and research so that we can explore some of the key trends and their implications in more detail.