You and I were meant to fly
The rise of managed services

As financial institutions navigate today’s unpredictable economic and regulatory landscape, the pressure on risk and compliance operating models has never been greater.



Hugo Morris - Partner - Risk Advisory - Deloitte UK

Mark Whitehead - Director - Risk Advisory - Deloitte UK

Jamie Laing - Senior Manager - Risk Advisory - Deloitte UK

Vincent Gouverneur - Partner - Investment Management Leader - Deloitte Luxembourg

Published on 13 August 2019

Share this article


Business models have faced intense market, regulatory, and macroeconomic constraints since the Financial Crash of 2007-2008. The focus on operational efficiency and quality has strengthened as companies have experienced the burn on revenue, cost, and capital. Risk and compliance functions are not completely resistant to rapidly increasing fees in order to meet regulatory compliance criteria. These resources are often linked to managing manual processes of internal control, thus restricting their accessibility to tackle pressing trends in risk and compliance. Many procedures are backed by under-investment legacy systems as companies migrate to a "one-system" approach.

Although new technologies such as automation and artificial intelligence could transform services, building in-house capabilities can be slow and commercially unviable. Finding people with the necessary skills and experience is just as hard.



Banks and other financial institutions are increasingly turning to managed services to tackle these problems and allow them to focus their time and abilities on operations that are of the greatest importance to their company. Market analysis shows that by 2020, the worldwide market for managed services is anticipated to expand to US$229 billion. Risk and compliance are on a comparable path as we see more Chief Risk and Compliance Officers turning to managed services to proactively restrict corporate risk and enhance compliance.


In a managed service model, a strategic partner takes on, transforms, and manages company activities and procedures to enhance long-term operational quality and effectiveness. It operates especially well for procedures, individuals, and places that are becoming more costly to keep and not competitive differentiators. Within Risk and Compliance, the most valuable fields from the managed service model range from third party risk management and software asset management, to a variety of cyber facilities, model risk management, and statutory reporting.


In addition to cost decrease, the long-term, closely integrated nature of a managed service relationship provides significant strategic advantage. In our experience, risk and compliance leaders are seeking to transform critical company risk procedures, taking advantage of scalable, innovative technology and knowledge that is too costly and time-consuming to construct in-house, while also benefiting from predictable, result-based pricing and decreased financial risk exposure.



We are witnessing organizations across financial services researching how to profit from those benefits within the Risk and Compliance function.

In a recent example, a managed services solution was launched by a global bank to decrease the cost of client tax reclaim and tax reporting, and to improve the scope of services and their scalability. Considering the nature of the service, it was of the essence for the bank to remain the unique point of contact for the service to their clients, preserving data confidentiality and a high level of service quality. The managed services complies with both these objectives, while operational and annual maintenance costs are lowered by over 30 percent and 100 percent respectively. When accessing a scalable, multinational third-party delivery infrastructure on a pay-per-use basis, the bank is able to improve domicile and investment country coverage as well as increase volume with no additional investment. While meeting strict compliance and quality assurance standards, the white-labelled service also allows the bank to maintain a seamless, high-quality service delivery to its clients.

In another case study, a US bank needed to address new lease accounting and reporting standards ASC842 and IFRS16, stating that all lease transactions and financial

disclosures needed to be integrated on the balance sheet by January 2019, in a more effective way.

To manage this data, the bank like many other companies, mainly depended on manual processes. At the beginning, it examined software solutions like SAP ERP to achieve compliance. However, the bank understood that technology on its own could not meet the adherence and compliance requirements, and thus reverted to a managed services solution compatible with both the regulatory priority and the deliverance of wider long-term benefits.

This new solution provided the bank with a redesigned lease accounting and reporting model that drives faster, provides more precise processes, and means greater confidence in compliance with access to experienced staff, continuing support, and high-quality, audit-ready monthly reporting packages.

The total cost of ownership was also lowered, and outcome-based pricing provided the bank with the flexibility to adapt to meet current and future reporting obligations, as well as compliance missions.


Given the wide range of sourcing models, selecting the one that best fits a particular operation or process is critical for firms.

We believe that 12 criteria come into consideration when determining the fitness of a process for insourcing, outsourcing, or a managed service.

Typically, a managed service is best suited when failure represents a high enterprise risk, when the need for expertise is urgent, specialized and quickly evolving, and when differentiation with the competition is low.

In these cases, the outcome in terms of market differentiation may not be worth the considerable costs and challenges of building a cutting-edge internal function, while the transactional and shorter-term models of traditional outsourcing are too risky.


Today, auditors perform their diligences in accordance with the International Standards of Auditing (ISA) as well as local and international regulatory requirements. Once a year, an opinion is issued on the truth and fairness of the company’s financial statements. The audit techniques used today were based on sampling but with the booming of data management technologies, the size of the sample used for a financial audit gets close to a full population testing.

Where is the link with managed services? Well, the data management techniques used to provide a managed service are very close to those used by auditors to perform their financial audits and synergies are emerging.

While the first tends to increase the quality of an internal operational process, the second focuses on providing external assurance on the quality of the financial information prepared by the company based on that process. In the future, the mix of the two may be called “continuous audit”!

Let’s consider the example of model risk management. According to McKinsey, banks and other large institutions are relying on a rapidly increasing number of models (10-25 percent annually). These models cover wider and wider aspects of decision-making with growing levels of sophistication, facilitated by technology developments, such as automation and Big Data analytics. With the US SR11/7 standard becoming the “de facto” benchmark for model risk management functions both in Europe

and America, global regulation is growing as well. These elements imply that mitigating the risk of defective or misused models is becoming more and more critical, complex and costly. Moreover, the fluctuations in the workload are putting a higher pressure on specialized skills that can be hard to come by and keep in line with the latest intelligence.

Although risk models can be a source of competitive differentiation for a company, a standardized validation model cannot. Consequently, model risk management is a good fit for managed services-increasing cost, high enterprise risk, low competitive differentiation, and scarce talent. Taking advantage of the specialist, versatile technology, processes, and knowledge of a strategic partner to manage all or part of the function, a company can effectively manage the complexity and volume of a firm-wide modelling.

This leaves the internal staff free to focus on the higher value tasks of decision- making and independent challenge via monitoring, reporting, validation, and governance.

By normalizing them against best practice and global regulations, the partner’s knowledge of industry-leading practices and regulatory expectations also enhances confidence in production models. Operational costs take advantage of the scale efficiencies of a global, always ongoing utility service, and of more anticipated pricing based on outcomes as well.


It is clear that the transfer of additional business essential operations to a third party implies careful administration under the vigilance of regulators. Four aspects are particularly key to successful implementation:


1. Martin Arnold, “Banks’ AI plans threaten thousands of jobs,” Financial Times, 25 January 2017

2. Ibid

3. Deloitte University Press, “Managed Services: a catalyst for transformation in banking”

4., “Managed Services market size worldwide 2014-2020”

5.McKinsey & Company, “The Evolution of Model Risk Management,” February 2017[A1]2


A path forward through an uncertain future

Looking forward, the forces leading institutions to adopt the next outsourcing evolution are likely to strengthen their pull. While addressing regulatory expectations and delivering against core business priorities, Risk and Compliance leaders will keep on feeling the pressure to reduce costs and enhance the effectiveness of processes such as cybersecurity, reporting, remediation, and legal advice.

Adopting a managed services model could have the potential to be significantly rewarding for firms. On top of that, outcomes across a large spectrum of critical risk, regulatory, cyber, legal, and compliance operations are improving due to scalable access to the latest technologies expertise and knowledge. We believe that with growing confidence in the model, adoption will expand further to enable firms across financial services to allocate valuable resources and skills where it is most important—driving growth and competitive advantage.

Share #DeloitteInsideNow


Becoming agile: Elevate internal audit performance and value

With increasing demands and diminishing resources, how can internal audit teams keep up? Deloitte’s Agile Internal Audit methodology could be the answer. The articles below offer a closer look at the basics of an agile approach, how internal audit functions can adopt this methodology, and strategies for internal audit to advise on the risks of business agility.

© 2021. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see to learn more about our global network of member firms. The Luxembourg member firm of Deloitte Touche Tohmatsu Limited Privacy Statement notice may be found at