Share this post
What is this article about?
Whether financial institutions should build or buy financial crime management systems.
Why is it important?
The choice affects compliance, efficiency, and fraud prevention capabilities.
What’s next?
Institutions may lean toward hybrid solutions to balance customisation with vendor support.
As financial crime grows increasingly complex, payment leaders face a critical choice: build an in-house financial crime management (FCM) solution or buy an established third-party system. This decision carries substantial implications for an institution’s ability to detect and prevent fraud, comply with stringent regulations, and optimise operational efficiency.
The stakes are high. Financial criminals are exploiting digital advancements and deploying sophisticated tools like AI to breach systems, pressuring financial institutions (FIs) to respond with equally advanced defences. Nasdaq’s 2024 Global Financial Crime Report highlights the urgency, estimating that $3.1 trillion in illegal funds circulated globally, with fraud and scams contributing to $485.6 billion in losses in 2023 alone.
In response, regulatory bodies like the Financial Conduct Authority are tightening anti-money laundering (AML) and counter-terrorism financing (CTF) measures, levying steep penalties for non-compliance. Meanwhile, outdated and fragmented systems hinder many organisations’ fraud prevention efforts, increasing operational costs and impeding decision-making.
In this environment, the “build vs. buy” decision becomes strategic. Whether FIs choose to develop a customised in-house system, invest in a ready-made solution, or pursue a hybrid approach, their choice will directly impact compliance, cost-efficiency, and resilience against the evolving threat of financial crime.
Understanding the build vs buy dilemma
The build versus buy debate is a fundamental consideration for payment companies navigating the complexities of financial crime management. As regulatory scrutiny intensifies, organisations must weigh the merits of developing custom solutions tailored to their specific needs against the advantages of leveraging established, market-tested systems.
ComplyAdvantage’s Global Regulatory Affairs lead, Iain Armstrong, argues that many organisations overestimate their capacity to create effective in-house systems. “We’ve seen a slight uptick this year in firms considering the ability to build their own in-house transaction monitoring,” he notes, emphasising the allure of control and customisation for companies considering building their own product.
However, Armstrong warns that this desire for bespoke solutions can lead to miscalculation. “I have quite strong views on why it might not be the best idea for some firms,” he claims. “The reality is that building an effective transaction monitoring system requires a profound understanding of regulatory compliance, technological integration, and operational functionality.
Many organisations underestimate the extensive resources, time, and expertise required to build a truly functional system, often leading to delays, cost overruns, and ultimately, ineffective monitoring capabilities.”
Option | Pros | Cons |
---|---|---|
Build In-House | Customisation: Tailored to unique needs and specific regulatory requirements. | High Initial Costs: Requires significant upfront investment in resources and infrastructure. |
Control Over Data: Full ownership of data and enhanced internal security. | Long Development Time: Building a functional system can be time-intensive, delaying deployment. | |
Scalability: Can be designed to scale with future growth and evolving regulations. | Ongoing Maintenance: Continuous updates and support require dedicated resources. | |
Innovation Potential: Ability to create proprietary technology aligned with strategic goals | Risk of Incomplete Features: May initially lack key functionalities, requiring iterative updates. | |
Buy (Third-Party) | Speed to Implementation: Rapid deployment, meeting immediate regulatory and operational needs. | Limited Customisation: May not fully meet all specific organisational requirements. |
Lower Maintenance Burden: Vendor handles updates, bug fixes, and compliance changes. | Vendor Dependence: Reliance on a third party for critical functions and data security. | |
Cost Predictability: Predictable licensing or subscription costs simplify budgeting. | Data Privacy Concerns: Sharing sensitive data with vendors may introduce privacy and compliance risks. | |
Proven Reliability: Established vendors offer reliable, thoroughly tested systems. | Integration Challenges: May require additional work to integrate with existing systems. |
FinCrime Dynamics Vice President of Engineering Martyn Higson advises firms to decide on what’s business critical and look at growth rates. He says: “A lot of smaller companies can end up overspending by thinking they need enterprise-scale solutions. The truth is, most people don’t need a Ferrari on day one and building one would be overkill. Given how mission critical fraud is, it’s usually better to spend that budget on improving immediate security and consumer experience than handling ambitious growth projections.”
Mastercard Director of Product Management & Enablement, Conrad Lennard, notes the conversation quickens when regulatory pressure is applied, making the decision even tougher for firms. He tells Payments Intelligence: “Where there’s regulatory pressure to do something, firms will want to act quickly.” This urgency often leads organisations to choose vendors who claim to deploy solutions swiftly to meet compliance demands. This, in turn, can lead to delivery disappointment and dissatisfaction, with many firms wishing they had decided to take more time to build a hybrid solution that blended speed to implementation with the functionality they desired.”
Common misconceptions
Misconceptions about the simplicity of building transaction monitoring systems abound, particularly among those with a strong technology background. Armstrong identifies a prevalent belief that developing such a system is primarily about implementing a rules engine. “This flawed assumption leads many organisations to believe that once they have their rules engine in place, they can simply walk away,” he warns.
In reality, effective transaction monitoring is far more nuanced. Compliance officers often possess insights into regulatory requirements and operational needs that are not fully communicated to the technology teams responsible for building these systems. Armstrong emphasises that compliance officers need to address any information asymmetries that might exist. “Don’t assume that your chief technology officer knows everything you know,” he advises. Instead, collaboration and open dialogue between compliance and technology teams are crucial to ensure that all aspects of the system are adequately addressed.
Lennard also highlights firms’ desire to showcase internal capabilities or to avoid perceived costs associated with vendor solutions, which can lead organisations astray, especially when they overlook the comprehensive benefits that established vendors offer. In particular, large institutions have an enormous amount of in-house talent across data science and engineering, and so the temptation to build themselves is palpable.
The attraction of in-house solutions
One of the main attractions of building an in-house solution is the perceived control it offers. Organisations believe that by developing their own systems, they can tailor functionalities to meet specific operational needs and ensure that the software evolves in line with their business strategies. Not only this, but in-house solutions can also provide a sense of ownership, potentially fostering innovation as teams develop proprietary technologies that align closely with their operational goals.
However, this approach often comes with significant challenges. The complexity of transaction monitoring is considerable; it involves integrating numerous components, including real-time data processing, advanced analytics, user interface design, and comprehensive reporting capabilities.
As Armstrong points out, many organisations fail to consider all the interconnected aspects of a transaction monitoring system. “There’s a whole load of other stuff around it that you should consider,” he explains, highlighting the necessity for robust case management, alert systems, and reporting features. Ultimately, the decision to build should be approached with caution, recognising the risks of underestimating the effort required and the potential operational disruptions that may ensue during the development process.
The hidden costs of building in-house
When estimating the time required to build an in-house financial crime solution, several best practices should be considered. First, assess the experience level of your development team. According to the 2024 Developer Survey by Stack Overflow and Amazon, 27.1% of software developers have 5-9 years of coding experience, while 20.1% have 10-14 years. This expertise can significantly impact project timelines. Programmers should consider the complexity of the solution and the technologies involved. Windows remains the most popular operating system for software development at 64% in 2023, followed by Unix/Linux and macOS. The choice of platform and programming languages can affect development time. Factor in time for research and problem-solving.
Developers spend considerable time searching for solutions, with 64% spending over 30 minutes daily on this task. Additionally, time for testing and quality assurance should be included, as technical tests with practical coding questions are preferred assessment methods. Lastly, consider regional factors. According to the Application Development Software – Eastern Europe report, Eastern Europe, particularly Poland and Ukraine, has become a hotspot for software development outsourcing due to skilled workforce and cost-effectiveness, which could influence project timelines and resources.
The hidden costs associated with building in-house systems often catch organisations off guard. Armstrong explains that while a product team might estimate a short timeline for deployment, the reality of developing an effective transaction monitoring system frequently leads to extended timelines and increased expenditures. “The product team that thought they were going to be working on it for three months often finds themselves extending their timeframes significantly,” he notes.
This situation arises when operational staff encounter challenges with the system, leading to a cycle of feedback and further development. For example, initial iterations of an in-house system might produce a rudimentary user interface that fails to meet the practical needs of end-users, forcing the development team to revisit their work and implement additional features like effective case management or streamlined reporting capabilities. This iterative process not only drains resources but can also shift focus away from core business initiatives that drive competitive advantage.
As well as this, the experience level of developers significantly influences time estimates for building financial crime solutions. A survey published this year found that 27.1% of software developers have 5-9 years of coding experience, while 20.1% have 10-14 years. This range of experience can impact project timelines, as more experienced developers may work faster and provide more accurate estimates. However, even experienced developers spend considerable time searching for solutions to technical problems. Further data from Stack Overflow finds about 64% of developers spend over 30 minutes daily searching for solutions, with 26% spending over an hour. This time spent on problem-solving can affect overall project estimates. The growing global developer population, expected to reach 28.7 million by 2024, suggests an increasing pool of talent with varying experience levels, which could impact time estimates for financial crime solutions.
Lennard adds ongoing support, analytics, and the need for full-time engineering staff all add to the bill. “I think there are enormous hidden costs in building it versus buying it,” he states. “Organisations often underestimate the financial and operational burdens that come with maintaining an in-house system, reinforcing the argument for buying as a more predictable investment.”
Performance and reliability
When it comes to transaction monitoring, performance and reliability are paramount. Armstrong stresses that transaction monitoring systems must maintain exceptionally high availability—ideally 99.99% of the time. “If your transaction monitoring system goes down, you risk allowing customers to transact without proper monitoring, which is a regulatory violation,” he cautions. The consequences of such a lapse can be severe, including potential legal ramifications and reputational damage.
Organisations that choose to build their own systems may underestimate the complexities involved in ensuring high performance and low latency. Armstrong elaborates on the critical need for speed and reliability: “In the world of transaction monitoring, your tolerance for outages is low. If something goes wrong with your system, the implications can be dire.” The requirement for systems to return results in real-time becomes essential, especially in a regulatory environment where monitoring for money laundering and fraud is a mandatory obligation.
The allocation of resources could also be a significant deciding factor, significantly influencing the effectiveness of fraud prevention strategies in financial institutions. In 2024, 40% of online merchants reported gaps in fraud tool capabilities as a major challenge, while 39% cited a lack of internal resources. This highlights the importance of adequate resource allocation for effective fraud management.
Financial institutions increasingly prioritise fraud prevention, with 45% of e-merchants focusing on reducing fraud and chargebacks in 2024. To address these challenges, 55% of merchants aim to improve fraud AI/ML accuracy, and 51% seek to enhance fraud orchestration.
Additionally, 75% of online merchants worldwide plan to increase their fraud prevention budget. Vendors also recommend allocating resources to protect continuous operations (33%) and equipment programming and configuration (25%).
The risks of in-house development
Moreover, the risks associated with in-house development extend beyond technical performance. Armstrong highlights that in-house solutions are often the sole property of the developing organisation, saying: “If you’re the only user of that product, you’re more prone to systemic errors and bugs,” he explains.
In contrast, third-party vendors offer solutions that have been tested across various environments, allowing for a more robust and reliable product. As vendors serve multiple clients, their systems undergo extensive real-world testing, significantly reducing the likelihood of unforeseen issues. This scalability and battle-tested nature of vendor solutions can give organisations a critical advantage in maintaining compliance and operational efficiency.
Lennard adds: “I think it fundamentally comes down to the extent that the vendor’s solution will be SaaS versus on-premises deployment. If it’s the latter, it has to be hybrid because you need to have people managing your internal servers who will constantly ask questions like, ‘Why have the data requirements increased?’ or ‘Why are you building models like that?’ or ‘Why are there too many rules, which means we need to purchase more machines?’
Vendor responsiveness and customisation
Another common argument for building in-house solutions stems from the belief that having a vendor on-site guarantees better responsiveness and adaptability. Armstrong challenges this notion, suggesting that many modern vendors prioritise customer service and rapid response times. “We pride ourselves on our responsiveness to customers and our ability to fix things quickly without passing the costs on to them,” he states, highlighting a shift in vendor-client dynamics that can provide additional peace of mind for organisations.
However, firms must approach vendor selection with a critical eye, ensuring they choose providers that align with their specific needs and offer the flexibility to tailor implementations. “You need to work with a vendor who offers tailored implementations,” Armstrong advises.
Organisations should engage in open discussions with potential vendors, articulating their business goals and operational requirements. This proactive communication can lead to solutions more effectively aligned with the organisation’s needs, ultimately enhancing the implementation process.
Lennard echoes this sentiment while discussing hybrid solutions, noting that organisations can benefit from a combination of vendor support and internal customisation. “The best case management tools for example, are probably those that are going to be hybrid in the sense that they have the flexibility for enough customisation to be done in the platform with in-house expertise” he explains. This approach allows firms to tailor aspects of their systems while benefiting from vendors’ existing build and scalability.
The importance of open communication
Establishing strong lines of communication with vendors can lead to significant advantages in implementing and ongoing support of transaction monitoring systems. Armstrong emphasises that the more information a vendor receives about an organisation’s unique challenges and future plans, the better equipped they are to provide customised solutions. “Open conversations with your vendor about your specific needs are essential for successful implementation,” he asserts.
This level of collaboration can also extend to considerations for future growth. For example, if a firm anticipates expanding its operations or product offerings, vendors can help ensure that the chosen solution is scalable and adaptable to meet these evolving needs. This foresight can save organisations from the pitfalls of a system that may quickly become outdated or insufficient as business requirements change.
Final takeaways
The decision to build or buy in financial crime management transcends mere financial calculations; it embodies strategic considerations that can significantly impact operational efficiency and regulatory compliance. As Iain Armstrong highlights, the complexity of transaction monitoring systems and the performance demands they entail often make purchasing from a reputable vendor a more viable option than developing in-house solutions.
Organisations must recognise that while building an in-house solution may seem appealing, the associated risks could outweigh the benefits, ranging from hidden costs to performance challenges. By understanding the nuances of this decision and the inherent difficulties in both approaches, payment leaders can better position their organisations to navigate the complex landscape of financial crime management effectively. Ultimately, the goal should always be to ensure the highest level of compliance while delivering exceptional value to customers, a feat that is often best achieved through collaboration with specialised vendors.
Read more Payments Intelligence
Does the National Payments Vision mean a rethink on safeguarding?
The FCA’s safeguarding plans need alignment with the National Payments Vision to ensure strategic, cost-effective, and consumer-focused reforms.
Navigating the rise of AI-enabled fraud
AI-driven fraud is rising, pushing firms to adopt advanced tools, partnerships, and training to stay ahead.
What we can expect from crypto and payment services in 2025
UK crypto regulations will reshape compliance for payment firms, with implementation by 2026.