Why the direction of CLM might be 'buy and break'

Aurora CEO Sean Vickers and Chief Technology and Services Officer Matthew Benham sat down to explore why buying a solution in order to pull it apart and take control might be where CLM is headed.

Matthew Benham:

The inception of CLM as a concept emerged after the last financial crisis through banks joining up all their disparate workflow and compliance tools to try and provide a holistic picture. They started to do this with off-the-shelf BPM solutions and high levels of configuration. So, essentially a fully built model. As the marketplace around RegTech started to mature and emerging players came out with designs around CLM and KYC applications, these new vendors claimed to offer a blueprint model, with everything you need out-of-the-box; ‘it’s 95% plug and play’, ‘it overlays perfectly onto your existing operations and infrastructure’, and ‘you'll be up and running in six months with all of your countries on this new application’.

That reality never really emerged, and the truth is that no system like that can be 95% plug and play. If you're doing well, you're probably around 60% plug and play. So, there was a move back into the buy model and we started to see low-code platforms being used and a move away from the pure belief that these applications could perfectly replicate what the bank needs out-of-the-box. I think where we find ourselves now is in a hybrid model where the banks recognise that they need to buy something, but they also recognise that it's not plug and play. The vendors in this space have stopped talking about it being 95% plug and play and instead now do a bit of a hybrid conversation where they say, ‘We've got all of the stuff you need out-of-the-box, but we've also got all of this flexibility’.

I think there's still a massive underestimation of the amount of configuration required and the amount of standardisation and operating model work that should be done prior to building or buying any technology.

Sean Vickers:

I think it's an interesting one because, as you say, we’ve come from something in the early noughties that was very much saying ‘build’ and banks had huge Dev teams. The business would describe (badly) the business requirements and the Dev teams would create something suboptimal based on those requirements. With the onslaught of regulations, what was very clear was that the amount of internal Dev couldn't keep up with the market. And so, in my mind, there was a gap, which the vendors started to fill.

We’re at a point now where a lot of the big vendors have had a good run at it, and now there is a cold, stark reality that, by relinquishing (to some extent) power and risk to the vendors, we’ve found ourselves in a position with many banks that the actual solution is suboptimal. 

What we're now seeing is a shift in the market where people are talking about building again, but I think it's more nuanced.

Buy versus build is a pretty basic, GCSE way of thinking about things. What we need to think about is the nuance around it. Historically, there's always been build, and some of the American big banks still build. That's what they do. And we’ve had a history of buy and customise, which has happened a lot with On-Prem solutions where people change the lights, the colour of the doors, the typefaces, change the UI and the UX. Basically, they took a system and made it look like their existing CLM solution. We've seen those umpteen times. More recently, we've seen this ‘Let’s put some controls around something that’s much more configurable, and this time we’re going to set some guardrails and rules around it all.’

So, we've got a buy, build, customise, a build and configure, and I think there's a new one in the market, which is buy and break. This is where you buy a solution to pull it apart so that your IT folks can build something. So, it almost feeds back to build, but what someone's saying is ‘I think we can pull that bit of kit in the market apart and put it into something that we can build and control, therefore, we have control of our own destiny.

Matthew Benham:

I also think there's a move towards a more microservices environment. As we see more and more RegTech solutions being turned into SaaS products, based on the cloud and all interacting via APIs, there's a much greater push towards a componentised, modular world where risk calculation goes on over here, country classification goes on over there and product database, that's over here, and they all interact through some self-built technology at the bank side.

I think where we're starting to see a real proliferation in terms of componentry is where the brain sits in the middle and talks to all the modularized parts around it.

Sean Vickers:

I agree. I think it is going full circle because the pitfalls of build previously, which was not having a great path, or being unable to keep abreast of regulations - you can now plug in! You can stay abreast of regulations because you just buy a rules engine and plug it in.

In my mind, where the Devs and the IT folk are going is towards technology as a means not an end state. That's a shift because what has been packaged and presented historically has been ‘You buy this, and all your problems go away’ and actually what we're seeing is people saying ‘I'll buy it and you'll give me something that fits within a bigger story. You are a means not an end state’

That's where I'm seeing the shift now. Buy vs Break might be what we see in CLM for a short while as it resettles.

Matthew Benham:

I think you’re spot on, as people were sold an out-of-the-box, pre-packaged solution where everything is done for you, but the reality is, that was never going to overlay on to larger banks’ existing technology stacks and it doesn't overlay well onto their existing operating models. I think we should reference the lack of perceived success in getting to what we describe as the end-to-end CLM model.

CLM has become fixated on orchestration of KYC and client due diligence activities and has lost its focus on orchestrating the end-to-end.

I think, regardless of the movements of technology and availability of cloud-based microservices and modular components, the focus should still absolutely be on getting the operating model sorted and getting people to a stage where policies, processes and controls are all standardised so that any system can overlay onto it. Whether we're in a more hybrid build mode or moving towards a buy and break mode, ultimately the thinking underneath it still needs to be done and whatever solution you try and wrap around a broken operating model is not going to work.

Sean Vickers:

Agreed. Aurora specialises in the operating model story, we specialise in the selection and delivery of technology and we understand the package. We’re seeing a lot of things happen. I guess the energy that I'm feeling from the market is that there are individuals within the organisation, more on the IT side, who are seeing the end-to-end story and how technology as a means rather than an end state can address components of that. I do think there is a movement, and it could be the beginning of a paradigm shift in the way that people acquire.

Matthew Benham:

If you’re looking to achieve some of the big-ticket items that the whole marketplace is talking about, such as pKYC, or an automated onboarding process for certain clients, jurisdictions, and products - these things are aren’t underpinned by one piece of technology anymore. It’s about your whole ecosystem and tech landscape. You’ve got to think about components as a whole landscape and consider what each piece is doing. It’s about mapping out where one solution ends and the next begins.