MSP renewal: stay, switch, or hybrid for a $60M financial services firm
Incumbent at +12% renewal, three proposals on the table, FINRA / SEC oversight in the background
Methodology v1.0 · How a brief gets made
We're a $60M financial services firm under FINRA and SEC oversight. Our MSP wants to renew at a 12% increase ($240K up from $215K annual). We have three other proposals: a generalist competitor at $195K, a regulated-industries specialist at $260K, and a co-managed model with our internal team at $180K plus a 1.5 FTE hire. Renewal is in 60 days. What do we do?
Context
You're a $60M financial services firm under FINRA and SEC oversight, with the audit and supervisory expectations that come with both. Your incumbent MSP runs your endpoints, M365, network, and helpdesk for $215K annually and is renewing at $240K, a 12% increase that they're framing as "below market." Three competing proposals are in front of you. A generalist competitor at $195K (cheap, no regulated-industries credentials), a regulated-industries specialist at $260K (highest cost, but knows FINRA / SEC documentation and supervises in your language), and a co-managed model at $180K external plus a 1.5 FTE hire internally (lowest external spend, biggest organizational change). The renewal is 60 days out. The decision affects audit defensibility for the next two years.
Options
| Option | Path | Why pick it | Why not |
|---|---|---|---|
| A. Renew with concessions | Push the incumbent to hold the line at $215K, get an SLA upgrade and a regulated-industries addendum | Lowest disruption, no transition risk in audit window | Doesn't fix the underlying gap (incumbent isn't a regulated-industries specialist); 12% asks usually become 18% in two years |
| B. Switch to the generalist competitor at $195K | Cheapest, big savings, fresh start | $20K savings is real; competitive pressure on the incumbent works | Generalist on a regulated-industries account is an audit risk; the FINRA examiner asks "who reviewed this control" and the answer matters |
| C. Switch to the regulated-industries specialist at $260K | Pay the premium for an MSP that documents to FINRA / SEC standards out of the box | Audit answer is clean; supervisory documentation matches the regulator's vocabulary | $45K more per year; transition risk in the audit window |
| D. Co-managed model: 1.5 FTE plus $180K external | Internal team owns supervisory controls, MSP handles infrastructure | Long-term cheapest if the FTE hire is right; builds internal capability | 1.5 FTE costs $200K to $280K loaded; net is more expensive than C; hiring risk is real |
Recommendation
Pick option C, but execute it as a hybrid for the first 90 days. Sign with the regulated-industries specialist; keep the incumbent on a 90-day transition contract for the FINRA / SEC-regulated workloads.
The 12% renewal increase isn't the problem. The problem is that under FINRA and SEC oversight, the cost of a generalist MSP showing up in an audit response with weak documentation is much higher than $45K a year. Examiners ask who supervises which control and how it's documented. A regulated-industries specialist comes with that vocabulary, those templates, and references from peer firms. The premium is what insurance costs.
The hybrid execution matters. A clean cutover during a regulated audit window is unnecessary risk. The right shape is a 90-day overlap: the new MSP takes over the unregulated infrastructure (helpdesk, M365 admin, endpoints) on day 30, and the regulated workloads (supervisory archiving, change control, access reviews) cut over on day 90 after the new MSP has staffed up on your environment. The incumbent stays on a paid 90-day transition contract for those workloads. Spend the savings.
Option D (the co-managed model) is right in two years, not now. The hiring market for FINRA-experienced IT analysts is brutal at $60M revenue scale, and a bad hire on supervisory controls is more expensive than the differential against C.
Risks
| Risk | Likelihood | Impact | Mitigation |
|---|---|---|---|
| Transition lands inside an audit or examination window | Medium | High | Confirm the next FINRA / SEC examination cadence with compliance before signing; transition outside that window |
| New MSP overpromises regulated-industries depth | Medium | High | Require three references from FINRA / SEC-regulated firms of similar size; ask to see redacted exam-response samples |
| Incumbent retaliates with poor transition support | Medium | Medium | Lock transition obligations in writing in the 90-day extension; pay on milestone, not all at once |
| Internal compliance team feels excluded from the decision | High | Medium | Bring compliance into the vendor selection from week 1; they own the audit answer either way |
| Co-managed temptation creeps back mid-transition | Low | Low | Document the decision rationale in the board memo; revisit in two years, not six months |
Financials
Year one (option C with hybrid execution): $260K specialist + $54K transition (incumbent at 25% of annual for 90 days) = $314K. Roughly 45% above current spend.
Year two onward (steady state, option C): $260K to $285K depending on the year-two rate hold. That's $20K to $45K above the renewal price the incumbent quoted.
What you're buying for the differential. Cleaner audit response packages (estimated 15 to 25 hours of compliance team time saved per quarter), pre-built supervisory documentation that matches the regulator's templates, and references that examiners recognize. Hard to put a dollar value on a clean exam, but the cost of a finding that requires remediation work and a written response runs $50K to $200K in legal and consulting time.
Avoided cost of option B (the cheap generalist): a regulator's gap finding at $50K to $200K is not hypothetical. It's the modal outcome at a $60M financial services firm with a generalist MSP.
Implementation plan
- Days 1 to 14. Compliance and IT lead joint vendor selection. Reference calls (three peer FINRA / SEC firms each for the specialist and the generalist). Sign with specialist.
- Days 14 to 30. 90-day transition contract negotiated with incumbent for regulated workloads. Specialist begins discovery of the unregulated stack.
- Days 30 to 60. Specialist takes over helpdesk, M365 admin, endpoint management. Incumbent continues regulated workloads.
- Days 60 to 90. Specialist staffs up on the regulated environment. Documentation handover. Compliance team validates supervisory templates.
- Day 90. Regulated workload cutover. Incumbent off-boards. Specialist owns the full stack.
- Quarter two onward. Quarterly business review with compliance present. Annual SOC 2 / regulatory documentation refresh as part of the engagement.
Next steps
- This week: pull the next FINRA / SEC examination cadence from compliance. If you're inside 90 days of an exam, the recommendation shifts (extend the incumbent on a short renewal, transition after the exam closes).
- This week: ask the regulated-industries specialist for three references from $40M to $100M financial services firms with current FINRA or SEC oversight. If they can't produce them in 10 days, downgrade your confidence in their pitch.
- Next week: tell the incumbent you're not signing the renewal yet, and ask for a 90-day month-to-month extension. Their response will tell you whether the 12% increase has any flexibility (it usually does once a competitor is named).
Signed by the Heartwood team at Seven Roots Consulting.
Methodology v1.0 · Published 2026-05-04
This is a sample brief. To run your own question through Heartwood, start at heartwood.sevenrootsconsulting.com. For the full library of samples, see /briefs/sample.