Trend to outsourcing

As the global outsourcing landscape evolves, banks are rethinking their strategies. While AI-driven efficiencies and cost advantages continue to drive growth, rising regulatory scrutiny and operational risks are prompting a shift toward more selective, well-governed outsourcing models. For financial institutions, the challenge lies in balancing innovation with resilience, compliance, and control.
 

Gloria Tabbah Head of Operations, REYL Intesa Sanpaolo

Industry trend

2024 was a year marked by growth in the global outsourcing sector, supported by the even more rapid growth in the use of AI-powered solutions for core business functions.

According to Statista, the growth trajectory for IT outsourcing worldwide is expected to continue, with a projected compound annual growth rate of 6.51% from 2025 to 2030, resulting in a market volume of US$806.55bn by 2030.

Outsourcing in banking continues to grow, driven by the pursuit of cost efficiency, access to specialised expertise, and technological innovation. However, many financial institutions are starting to question traditional outsourcing models. Rising costs in offshore locations, inconsistent service quality, and lengthy implementation times have often led to outcomes falling short of expectations.

Experience shows that challenges typically arise when providers lack alignment with the bank’s requirements or focus too heavily on standardised solutions at the expense of customisation. Internal expertise can be lost when too many functions are handed over to third parties, reducing a bank’s ability to respond swiftly to strategic needs. In many cases, unclear communication between banks and providers has also led to misunderstandings and dissatisfaction when expectations exceeded what had been contractually agreed.

Outsourcing remains valuable, but success depends on a well-planned approach that includes clear roles, measurable outcomes, and strong oversight mechanisms.

Regulatory landscape

In Switzerland, outsourcing must comply with stringent FINMA requirements. Banks remain fully responsible for all outsourced functions, even when performed by providers abroad. FINMA mandates that banks maintain complete transparency, provide full access to documentation, and ensure outsourced activities are subject to audit and supervision.

In its 2024 Risk Monitor, FINMA expressed growing concerns about the risks linked to provider concentration, complex subcontracting chains, and the banking sector’s increasing reliance on public cloud solutions, which now account for around 20 percent of significant outsourcing arrangements.

Across Europe, similar themes have emerged. The European Banking Authority (EBA) and the European Central Bank (ECB) have both highlighted that a significant share of outsourcing contracts, particularly those for critical or time-sensitive services, cannot be reversed, substituted, or even fully audited. Some contracts lack formal risk assessments altogether, underscoring the need for better governance.

The ECB’s 2025 cloud outsourcing guide, aligned with the Digital Operational Resilience Act (DORA), reinforces supervisory expectations for risk management, security, and contingency planning, especially when dealing with providers outside the EU. Geopolitical risks, data protection concerns, and operational resilience have all moved higher on the regulatory agenda.

Regulators across Europe and Switzerland consistently highlight several risks associated with outsourcing. They warn that outsourcing critical processes can reduce a bank’s agility, as strategic or operational shifts become harder when key functions sit with external providers. Internal expertise often erodes over time when dependency on third parties grows, leaving banks with less control over critical knowledge and processes.

The oversight burden has also intensified, as authorities impose stricter governance, mandatory audits, and ongoing risk assessments to ensure banks retain full ownership of outsourced functions. Vendor concentration risks have risen as a small number of large providers dominate the market, raising concerns about systemic vulnerabilities and geopolitical exposure. Furthermore, the rapid adoption of cloud services has created additional cyber and supply-chain risks, leading regulators to demand more robust contingency and resilience planning.

REYL Intesa Sanpaolo strategic perspective

For our Bank, maintaining operational resilience, client trust, and regulatory compliance remains a top priority. We will therefore continue to keep mission-critical functions in-house to ensure control, agility, and deep institutional expertise.

Nevertheless, we will continue to consider outsourcing as an alternative option for non-core activities only, where it offers clear benefits. In these cases, we adopt a carefully governed approach that includes internal risk frameworks, full auditability, and comprehensive contingency plans. This balanced strategy allows us to benefit from outsourcing’s efficiencies while preserving the agility, compliance, and client-focused service excellence that characterise our Bank.

Biography

Since January 2025, Gloria Tabbah has been Head of banking operations at REYL Intesa Sanpaolo. With over 15 years of experience, she has held key positions at Deutsche Bank, combining expertise in supplier management, digital transformation, and operational governance.