Northleaf CTO: how we outsource technology

Nine questions with James Fung, chief technology officer of Northleaf, on how his small team harnesses external expertise to keep the $12bn firm running smoothly.

James Fung is the chief technology officer at Northleaf Capital Partners, a private capital firm with $12 billion in commitments under management across private equity, credit, infrastructure and secondaries. Fung joined the firm in 2017 having clocked up more than 20 years in consulting at the likes of Accenture Strategy and IBM.

Are you a team of one or do you have other tech-focused staff?

James Fung

Our IT is outsourced, like a lot of our peers. So, I have a small team of a few and supplement with resources from outsourced providers. We outsource everything, including all our equipment, our infrastructure, our deskside support, as well as a lot of the application solutions that we look to the market for.

What are the pros and cons of outsourcing and how did you make the decision to do it?

We are a mid-market organization and many companies like us tend to stand back and evaluate our options. We considered that technology’s always changing. There are always people that are focused on running technology really well, and they bring the capacity and the expertise, versus how we need to scale up, to refresh the expertise and to maintain the talent.

Our conclusion was that outsourcing was a better option for us. Given the amount of outsourcing that we do, we really just focus on the overall strategy and the underpinning architecture, the oversight, and articulating the requirements to our service providers. Of course there’s the coordination and governance as well.

We look at areas where a certain expertise is required, as well as where that area plays in the overall business portfolio. For example, the investors’ accounting: a lot of that is detail, accounting entries, processing, report generation. And there are firms out there that are very capable at doing this; they also bring the technology to the table; and they have insights and experience by working with multiple clients. They can ensure best practice as well.

On the technology infrastructure side – the purely running and monitoring of the servers – networks and storage, there is scale and capacity to be had in a service provider who is more dedicated to this.

And what does the future of outsourcing look like?

I think organizations will outsource more: not necessarily the functions, but certainly the technology aspect of it. And I say that because of the increasing maturity of cloud-based solutions. Your infrastructure can be put on Amazon Web Services or Microsoft Azure and paid for on a monthly subscription basis. So, I think those cloud-type of solutions will have an impact on how you manage technology and therefore, your role, and how you want to outsource.

How do you manage working with a third party?

The governance aspect is probably more critical than people realize. Obviously, the service providers bring the expertise, the resources and the functionality, but they need to be integrated and managed in accordance with the organization’s expectation and cultural setting. This is where the governance comes in. By that, I mean how things get done and who has what decisions to make.

For many organizations when they are contracting these services or technologies, it’s probably the last thing on their mind because you’re focusing on the capabilities and the functionality. Yet, what makes the relationship successful will be the governance, how we work with each other.

In the next five years, do you see the CTO’s role changing within the private equity firm?

I think depending on where a firm comes from and what their starting point is, the CTO role will probably move away from the core infrastructure, given the maturing cloud technologies. Therefore, my focus is going to be more on the information aspect. It will be more information-driven, analytic-driven than infrastructure-driven.

If you have more and more outsourcing on different parts of your business, obviously, the role of the CTO will shift, right? You have less technology to worry about. You focus more on the integration and interfaces.

How do you measure the ROI on a tech investment? Is that even possible to measure?

I think certainly measurement is important and it’s doable. How much of it you do will depend on what that investment is for. Sometimes, if it’s a strategic investment, you may spend less time on the detailed ROI, and it will be revisited as we implement the solutions. On the other hand, it’s good to measure the KPIs, or key performance indicators, today and be able to evaluate the before and after to see what kind of improvements we get. It should be factored into the evaluation of the technology, whether or not it is saving cycle time, freeing up full-time resources or saving costs.

I think it is increasingly important to provide that kind of dashboard on returns before we decide on a technology initiative. For example, we have implemented an E-signature platform. Things you can look at are how long it took to corral everybody to get all the signatures before, the amount of printing that we would have had to do to get physical signatures etc. These are simple measures that we would have for comparison.

Has there ever been a time where you invested in some sort of new technology and it took a while for you to really see the return on that investment?

Fortunately for us, probably less so. If you compile the measurements upfront, so you’re going in with your eyes open, at least you know whether there’s a one-year or three-year payback. For some of the strategic or compliance work you just have to do, like security, you look at what’s the impact on your reputation; what’s the potential cost if you had a breach?

How are these new data privacy laws EU GDPR and CCPA – affecting your role?

In some ways it’s expanding the CTO’s role. You have to work with other parts of the organization like legal and compliance more frequently. Nowadays, you would talk about how we classify data, how do we not just protect them, but how do we ensure that we communicate with the constituents so that we are compliant with GDPR and that we are following up to make sure we are able to demonstrate it to the auditor, to the regulators, and to the investors and employees.

Do you think it’ll ever get to the point where a CTO’s main concerns are going to be just cybersecurity and data management?

It will shift more to that end, because of the increasing impact security and data have, but I think no matter what, when someone is looking for an application for the business, the IT function will need to be involved to ensure proper security, proper data protection, proper interfaces and the right architecture. So that part won’t diminish. But certainly, I think the new landscape will free up the CTO more to the business.