Developing a strategic SaaS partnership: Rothschild & Co chooses Moody’s for Basel compliance excellence

Client profile and objectives: Rothschild & Co

Founded in 1811 with a revenue of over $2.7 billion, Rothschild & Co is a prestigious supervised financial institution from France and part of one of the largest independent financial groups in the world. With offices spanning over 40 countries, Rothschild & Co’s main activities include global advisory, private equity expertise as well as wealth and asset management.

Previously using Moody’s on-premise solution for their regulatory compliance and reporting, Rothschild & Co is now embarking on a transformative journey with Moody’s SaaS solution to further enhance its regulatory framework.

Important considerations: On-premise to SaaS

Rothschild & Co’s transition to Moody’s SaaS solution was largely driven by the complexities of implementing the latest Basel regulation, as well as by the need for modernization, optimization and striving for better performance. The migration also highlighted key considerations when moving to a SaaS model, including due diligence, legal and contractual frameworks, as well as shared responsibility for security and compliance in the cloud.

When choosing Moody’s SaaS solution, Rothschild & Co had to consider many aspects – from the overall change management process, reviewing their security practices to legal and contractual negotiations. The recommendation from Rothschild & Co’s Information Security Team was to include Information Security considerations as early as possible, to ensure adequate assessment as the process was likely to be time-consuming, yet necessary.

“When partnering with Moody's, we look to ensure alignment with our rigorous security and compliance standards, notably through a shared responsibility model and diligent third-party risk management. This creates a strategic partnership that streamlines compliance management and positions us robustly for future regulatory landscape changes."

Manon Roblou, Information Security Coordinator, Rothschild & Co

When assessing Moody’s as a SaaS vendor, Rothschild & Co followed a series of due diligence phases:

Security responsibility

This move implies a transition in security responsibility from being responsible to being accountable, whilst not directly managing security controls. This requires thorough due diligence to ensure Moody’s compliance with the bank’s information security requirements.
 

Change management process

It is important to have a centralized process to oversee the transition, ensuring that all relevant changes are properly handled by the relevant department, new initiatives cascade effectively and all due diligence is performed timely and according to required standards. This promotes operational continuity and setting better practices for ongoing engagement with the SaaS vendor.

Managing information security risks: The shared responsibility model

The Shared Responsibility Model in the context of SaaS within the banking sector outlines how security, compliance, and operational duties are divided between the SaaS provider and the bank. This model is essential because it clarifies the expectations and obligations of each party to prevent lapses in security and compliance.

The bank remains ultimately responsible for ensuring that its use of the SaaS solution complies with all applicable laws and regulations, including those related to customer data protection and financial reporting. This means that careful selection and thorough due diligence of the bank’s chosen SaaS partner are crucial in the SaaS adoption journey.

Under the shared responsibility model during their SaaS move, Rothschild & Co went through a review of accountability and responsibility for certain elements of their solution setup.

The below table indicates the shift in those roles and responsibilities related to Information Security risks:

Outcomes

Choosing the right SaaS partner is key to keeping strong security, steady performance and staying in line with regulations whilst enjoying simplified operations, enhanced decision-making and other SaaS enabled advantages. The idea of shared responsibility highlights how a bank’s and SaaS vendor’s collaboration is essential for managing risks and keeping practices secure and compliant.

Moody's status as Rothschild & Co’s tier-one vendor for outsourcing reflects a strong strategic partnership, built on comprehensive third-party risk management and contractual safeguards.

By using Moody's SaaS solution, Rothschild & Co aims for more resilient infrastructure and robust security practices that are kept up-to-date to match regulatory needs. This SaaS solution allows Rothschild & Co to adapt to the changing regulatory landscape more easily and efficiently, setting a high standard in regulatory excellence and innovation.