Nearshore, offshore or in-house? A complete guide covering DORA
Research from Boston Consulting Group shows that when a bank outsources more than 34% of its IT tasks, its technology costs start to rise instead of fall. Why does this happen? It seems the client begins to lose key internal skills, whilst the costs of supervising and coordinating partners spiral out of control.
This shows that choosing a technology partner is no longer just about cost; it’s a difficult balance between finding the right specialists, running things efficiently, and, above all, managing risk. In this blog post, we take a deep look at the three main sourcing models – in-house, nearshore, and offshore – putting them into the context of new regulations like DORA and GDPR.
Key findings
- Regulations are forcing a change in strategy: Under new rules like DORA, banks are now directly responsible for their suppliers’ ability to withstand digital threats. This greatly increases the risk of the offshore model and favours nearshoring within the EU as the safest option for compliance.
- There is a “sweet spot” in outsourcing: The study by Boston Consulting Group proves that the ideal level of IT outsourcing in banking is around 21%. Going beyond the “danger zone” of 34% leads to higher costs and a loss of control, busting the myth that “the more you outsource, the cheaper it gets”.
- The future is a well-managed portfolio: Instead of picking just one model, the most successful institutions are building hybrid, balanced portfolios. They keep their core skills (the “crown jewels”) in-house, send agile development to nearshore partners, and use offshore teams for standard system maintenance.
- Sourcing is a tool for gaining new skills: In the age of AI and digitalisation, analysis from firms like Accenture suggests outsourcing has become the quickest way to acquire advanced skills that a company lacks, which is vital for its growth.
IT sourcing models: What’s the difference between in-house, nearshore, and offshore?
In-house and onshore
The in-house model is the most basic way of handling processes, using a company’s own employees and internal structures. A close alternative is onshore outsourcing, which involves giving tasks to an external company based in the same country. What both approaches have in common is that the work is all done under the same country’s laws. This gives a company maximum control, direct oversight, and full compliance with local regulations.
For this reason, it is usually the first choice for critical operations, which Bain & Company calls the “crown jewels”. These are the processes that give a company its competitive edge, involve high regulatory risk, or need deep, integrated knowledge of the local market. The downside of this option is that it usually comes with the highest operating costs, especially in Western European countries.
Nearshoring: what is it and why is it gaining ground in the European Union?
Nearshoring is an outsourcing model where an IT project is given to a partner located in a nearby country. What really sets nearshoring apart is its geography. Being close by means there’s little to no time difference (usually 0 to 3 hours) and the work cultures are often very similar. For companies in Germany, France, or Scandinavia, this most often means working with the dynamic tech hubs in Central and Eastern European countries, like Poland or Romania.
So why is this option so popular? Working within a single legal framework means that a partner from Poland and a client from Germany are subject to the same key financial regulations, such as GDPR and the new DORA act. What’s more, the geographical closeness and dense network of flights mean a client can fly out for a meeting with a partner in the morning and be back home the same evening.
Offshoring: what is outsourcing to distant countries all about?
Offshoring involves delegating operations to a company located in a distant country, most often on another continent, for example, in India or the Philippines. This model is marked by a large time difference (up to 12 hours) and significant cultural and legal barriers.
Historically, the main driver for offshoring was the chance to achieve radical cost reductions, often more than half compared to local rates. This saving, however, comes with many compromises. Offshoring brings the highest level of complexity in terms of management and communication. This complexity stems from major cultural differences, language barriers, and different rules on data protection and intellectual property.
Nearshore vs offshore: key criteria for choosing an IT partner
At first glance, the calculation seems simple. Market analysis shows that offshoring offers the biggest direct savings, ranging from 40% to 70% compared to local rates. According to data from HatchWorks, nearshoring sits in the middle, with a potential cost reduction of 30-50%. Looking only at hourly rates is misleading, though, and can lead to the wrong conclusions.
The key concept is the Total Cost of Ownership (TCO), which includes numerous “hidden” costs that are often overlooked in initial estimates. For offshoring, this includes extra costs for more management oversight, the higher risk of misunderstandings, and travel. All of this can significantly reduce, and in some cases even completely wipe out, the initial savings.
Access to talent: where to find programmers and IT specialists?
Offshoring opens doors to huge labour markets, such as India, offering access to millions of programmers. This is attractive for large-scale projects that need more standard skills. On the other hand, European nearshoring centres, like Poland and Romania, have built their reputation by focusing on narrow specialisations, offering access to highly qualified engineers and experts with experience working for western companies.
The choice, then, depends on your needs. For mass software production, offshoring may be enough. But for tasks that require niche knowledge (for instance, in AI), a good understanding of the industry, and close, daily cooperation, partners from nearby countries are a better fit.
Control and Agile: how does the working model affect a project’s success?
The further away a partner is geographically and culturally, the harder it is to control the tasks you have given them. Offshoring carries the biggest risk of losing control over quality, data security, and intellectual property protection. A big advantage of nearshoring, on the other hand, is the ability to work together in real time.
Modern agile methods like Scrum rely on daily meetings and rapid feedback cycles, which are crucial for success. These practices become significantly more difficult to manage when team members are spread across large time zones. Geographical proximity also makes on-site visits cheaper and more frequent, which helps in building relationships and solving problems. As research by Full Scale shows, this translates into results: nearshoring has a 40% higher success rate in projects that need frequent communication.
| Feature | In-house / Onshore | Nearshore (within the EU) | Offshore |
| Cost savings | None / Low. The highest operating costs. | Medium, at 30-50%. | High, ranging from 40% to 70%. |
| Access to specialists | Limited to the local market. | Broad, access to specialised labour markets in Central and Eastern Europe. | Very broad, access to global labour markets, e.g., India. |
| Time zone coverage | Full (same working hours). | High (0-3 hour difference). | Low (5-12+ hour difference). |
| Regulatory compliance (GDPR/DORA) | High (same legal regime). | High (harmonised EU law, same GDPR and DORA rules). | Low / Complex (different, separate legal regimes). |
| Cultural proximity | Full. | High (similar cultural context and work ethic). | Low (significant cultural and language differences). |
| Control and supervision | Maximum, direct supervision. | High (easy and cheaper on-site visits). | Limited (highest risk of losing control over operations). |
| Fit for Agile methods | High. | Very high (allows for real-time collaboration, key for Agile). | Low (made difficult by time zones). |
| Operational risk | Low. | Medium. | High. |
Outsourcing and regulations: how do GDPR and DORA affect the choice of supplier?
The impact of GDPR on data transfer
The General Data Protection Regulation (GDPR) places strict duties on the protection of personal data of EU citizens, no matter where the company processing it is located. In practice, this means that transferring data outside the EU, which is the basis of offshoring, needs complicated legal procedures and a thorough risk analysis.
The key takeaway is simple: a European bank, as the data controller, is always fully responsible for any breaches made by its foreign partner. Nearshoring within the EU, where data circulates within the same legal system, is the safest and simplest solution from this point of view.
DORA: new responsibility for IT suppliers
The Digital Operational Resilience Act (DORA) is described by experts at Deloitte as a “game-changer”. DORA brings together and tightens the rules for working with external companies. In simple terms, this means that from now on, a bank is fully responsible for whether its technology partner is resilient to cyber-attacks.
There is no more shifting of responsibility – it is the bank that will face the consequences if a supplier’s system fails. The regulation requires banks to do several things: keep a detailed register of all contracts, assess the risk of relying too heavily on one supplier, and ensure contracts allow for audits and provide a clear way out. Achieving this level of control with partners in distant countries is very difficult.
How to build a sourcing strategy? Proven models from BCG and Bain
Step 1: Protect your “crown jewels” (Bain & Company model)
The rule is simple: start from within. According to Bain & Company, the first step is to identify the company’s “crown jewels” – its unique skills that give it an edge over the competition. These could be its own algorithms for assessing credit risk, processes for managing key client relationships, or knowledge of compliance. These areas, which are the source of the company’s strength, should not be outsourced.
Step 2: Find the “sweet spot” in IT outsourcing (Boston Consulting Group model)
The study by Boston Consulting Group (BCG) carried out on 55 banks found that the ideal level of IT outsourcing is around 21% of all technology tasks. What’s more, the study identified a “danger zone”: when the level of outsourcing went beyond 34%, the total IT costs started to rise. This is down to three reasons: the company starts to lose its own key skills, it launches projects that are too ambitious, and the costs of supervising and coordinating partners spiral out of control.
Step 3: Design a balanced portfolio (hybrid model)
The final goal is to create a flexible, hybrid model that consciously uses different options. Market data from BCG confirms that this is already the standard: the average split of outsourcing budgets was 46% for onshore (in the same country), 23% for nearshore, and 31% for offshore. The recommended, logical split of tasks in such a model is as follows:
- In-house / Onshore: Company strategy, risk management, relationships with key clients, and protection of the “crown jewels”.
- Nearshore: Development of new applications, modernisation of systems, IT projects run using Agile methods, advanced financial operations.
- Offshore: Support for standard IT infrastructure, maintenance of stable, older systems, mass data processing.
Summary
Sourcing is a business strategy, where three main forces – a change in business models, new regulations like DORA and GDPR, and the constant battle for the best specialists – have made the choice of operating model one of the most important management decisions.
Experience and hard data show that there is no one-size-fits-all solution. The answer is a flexible portfolio that takes risk into account and where tasks are assigned to where they can be done with the best balance between costs, access to talent, and – what is most important today – regulatory security.
This blog post was created by our team of experts specialising in AI Governance, Web Development, Mobile Development, Technical Consultancy, and Digital Product Design. Our goal is to provide educational value and insights without marketing intent.
