Self-hosted vs SaaS for treasury reconciliation: a procurement lens
For most software, SaaS is the obvious default. For a bank reconciling nostro and GL data, the calculus is different. A practical look at data residency, control, cost, and when each model actually wins.
Ask a CIO how they buy software today and most will say "SaaS, unless there's a reason not to." For a treasury reconciliation tool, there usually is a reason not to — and it's worth being explicit about what it is, rather than defaulting either way.
What reconciliation data actually is
A reconciliation engine sees your nostro statements, your general-ledger postings, your mobile-money settlements and your card-scheme files. That's a near-complete picture of the bank's cash movements. The sensitivity of that dataset — not the convenience of the deployment model — should drive the decision.
Where self-hosted wins
- Data residency. The data never leaves your perimeter. There's no third-party environment to assess, no cross-border transfer to justify to your regulator, and no vendor breach that can expose your ledger.
- Control of the keys. You hold the database and the encryption key. A vendor can't read your data because they never have it.
- Audit simplicity. The certified-environment boundary stays inside the bank. Your existing controls — change management, access review, backup — cover the app, instead of extending trust to someone else's cloud.
- No phone-home. A tool that makes no outbound calls is dramatically easier for a security team to sign off than one that streams telemetry to a vendor.
Where SaaS wins
SaaS isn't wrong — it's a trade. You get faster onboarding, the vendor runs patching and scaling, and you avoid standing up infrastructure. For low-sensitivity, high-churn tools that's a great deal. The question is whether your ledger is the place to make that trade.
SaaS shifts cost from capex to a recurring per-seat or per-volume fee. Self-hosted shifts it to your own infrastructure and a flat licence. Over a multi-year horizon, a capacity-based self-hosted licence with unlimited users is frequently cheaper than per-seat SaaS once a whole ops team is on it — and the spend is predictable.
A short decision checklist
- Would a vendor-side breach of this dataset be a reportable incident for us? If yes, lean self-hosted.
- Does our regulator expect data residency or object to cross-border processing? If yes, lean self-hosted.
- Can our team run one more internal service? If no, SaaS may be worth the trade.
- Is pricing per-seat? Model it against the full ops headcount, not a pilot of two.
Kilter is self-hosted by design: it runs on your VM or private cloud, holds no telemetry, and is licensed by capacity with unlimited users. The reasoning behind that is laid out on the trust page, and the deployment specifics for IT are on the security page.