When you’re ready to take on large accounts—the kind that are teeming with regulatory compliance needs and lengthy contract processes, but also produce lengthy, highly profitable client lifecycles—the financial vertical may be the area in which you want to specialize your MSP practice.
At first glance, it may seem like the healthcare vertical and the financial vertical have similar requirements—they are both large clients with many servers, devices and endpoints, and they are both highly regulated industries that have strict data compliance rules. However, the financial vertical has highly specialized rules regarding data governance, auditing concerns, and due diligence efforts regarding SLAs that differentiate the vertical.
However, those differences create opportunity for the MSP who chooses to specialize, as IT service providers have never been more necessary for banks and other financial institutions large and small.
Finance Vertical: The Market Opportunity
FINRA, FDIC, FFIEC, SEC, GLBA, SOX-404, OCC—these are just a few of the regulations and governing bodies a financial institution must be in compliance with every minute of every hour of every day they exist. To accomplish that, there are significant internal resources devoted to recordkeeping, documentation, audit preparation, and data governance.
For that reason alone, MSPs provide invaluable services to the financial sector in the form of backup and disaster recovery (BDR) and long-term data archiving—especially if data is encrypted at rest and in transit. That’s not to say constant uptime during business hours isn’t mission critical as well—banks could lose millions should they experience downtime (not to mention the regulatory fines that could be incurred).
Remote monitoring and management (RMM) solutions are also absolutely necessary to preserve the integrity of the client IT environment, with desktop management help desk, and mobile-device management (MDM) capabilities integral to a long-term IT strategy for large institutions that comprise thousands of employees and multiple locations, often worldwide. MSPs that understanding the specialized software and systems used in the industry will have the path of least resistance through contract negotiations.
Network management and documentation features would also be helpful for compliance purposes, as well, given that email and all internal and external communication must me logged and retained. Financial institutions are always on the lookout for fraudulent activity and other malicious internal activity, and therefore need insight and visibility into every aspect of communication, data transmission and the integrity of their networks.
Of increasing concern is the modern cyber threat landscape, with ransomware and other cyber attacks becoming more and more prevalent, with banks an obvious constant target. Above all, the MSP is sought after in the finance vertical to mitigate risk in all its forms, from compliance adherence to business continuity to cyber security; the ability to protect a client from ransomware, phishing scams, social engineering threats, etc. is more critical than ever, and MSPs lacking this capability may struggle in this vertical moving forward.
MSPs should be well versed in the realm of financial compliance, and understand how their RMM, BDR and security solutions play a part in their clients’ overall compliance strategy. For their part, MSPs should go to market with risk mitigation in mind as they approach all their services, as it will be a factor in any discussion.
Furthermore, MSPs who specialize in this vertical should have robust documentation and reporting capabilities, as it will be needed by their clients for their auditing purposes, which are ubiquitous, unlike other verticals.
There is also the concept of due diligence, which financial institutions must carry out in regard to any third-party vendors, such as MSPs. In accordance with 2013 OCC guidelines, financial institutions must audit the policies and procedures for data storage, information management and physical on-site security of every third-party vendor they work with on a regular basis. When working in the financial vertical, expect due diligence and risk assessments as standard-operating procedure, as your practice will be assessed just as you would a client site!
The Financial Vertical Sales Process
While it may be lengthy sales process, financial vertical clients are typically highly profitable, so one must prepare for the investment in time to close the deal. Requests for proposal (RFPs) are common, with scores of questions. And, because they may all differ, MSPs should be experienced in completing these if they want to get through the door to sell to a financial institution.
After the RFP process, risk assessments and vetting comes contracting. Financial institutions, for various compliance reasons and risk mitigation concerns, require strict SLAs for services rendered for third-party vendors. These will be put into any contract an MSP enters into, as well as stipulations for any risk introduced during the length of the contract.
The financial vertical is specialized for many reasons; its software is highly specialized, its data governance is highly regulated and risk mitigation is of paramount importance, as fortunes may literally be at stake. However, for the MSP that chooses to specialize in this sector, the profits could be huge, as specialization with this much at stake comes at a premium. Expertise and a solid track record of success will go far here, and will pave the road to further growth.
Looking for another vertical to break in to? Click here to see how you can tackle the construction vertical.
Handpicked for you:
By Richard Harber
By Gretchen Hoffman
By Meaghan Moraes