Why Building Fund Admin Software Is Harder Than You Think

Every so often, a fund manager walks out of a software demo with the same thought: we could build that ourselves. The screens look clean. The workflows appear logical. And with AI coding tools now able to generate working software in a matter of hours, a one-off development spend instead of an ongoing subscription starts to feel like something worth exploring.

We should acknowledge the obvious irony. Caruso is fund administration software, initially built inside a commercial real estate fund. That makes us the last people who should discourage anyone from building in this space, but exactly the right people to tell you how hard it is. We have lived every part of this process, and we are still living it - nobody is better placed to explain what it actually takes.

What looks simple in a demo is the product of years of iteration, security hardening, regulatory adaptation, and specialist engineering. Building fund administration software means taking on the full operational burden of running a software product: security infrastructure, ongoing development, regulatory tracking, and specialist staffing. These are not one-time costs. They are compounding liabilities. Fund managers who have gone down this path consistently find themselves deeper in budget and further from a working system than they anticipated.

This post covers four reasons why building fund administration software in-house creates greater cost and risk than subscribing to a purpose-built platform.

The Development Treadmill: Why Building Fund Administration Software Is Never Finished

The case for a custom build rests on a flawed assumption: that fund administration software is a finished product once it is built. It is not.

Fund operations evolve continuously. New fund structures require new calculation logic. Investor reporting obligations change. New asset classes create new workflows. Government regulations shift, introducing new compliance and reporting requirements that must be reflected in the software. Every one of these changes requires a developer to write, test, and deploy code. There is no version of fund administration software that stays current without ongoing investment.

A common version of the economics goes: "our current platform costs $X per year. A developer can build something for $Y. After two years, we break even." This logic holds until you account for what the subscription actually includes: version maintenance, bug fixes, infrastructure upkeep, feature additions, and integration work as connected systems evolve. These costs aren’t out of the ordinary, or unexpected. They are the ordinary, predictable costs of running any software product.

Fund managers who commission a custom build typically budget for the initial development phase. They rarely budget for the years of investment that follow. A subscription to a purpose-built platform includes all of this as a fixed, predictable cost. A custom build does not. Purpose-built platforms like Caruso ship new features on a two-week release cycle, incorporating regulatory updates and product improvements as the market evolves. With a custom system, updates happen only when someone is paid to build and deploy them.

Security: The Compliance Risk That No Custom Build Can Easily Match

Fund administration software handles some of the most sensitive data a fund holds: investor identity documents, AML/KYC records, bank account details, capital call histories, and distribution records. The security obligations attached to this data are not incidental. They are foundational.

Caruso's data security framework is backed by ISO 27001 certification, the internationally recognised standard for information security management. Achieving this requires formal risk assessments, documented security controls, penetration testing, regular external audits, and a continuous improvement programme. A developer delivering a custom system on a one-off engagement will not replicate this framework, regardless of capability.

The emergence of AI-assisted coding has definitely made it faster to generate and deploy code, but it has not made that code more secure. Software built rapidly without formal security architecture, structured code reviews, or audit trails contains vulnerabilities. In a financial services context, those vulnerabilities carry massive consequences.

According to IBM's 2024 Cost of a Data Breach Report, the global average cost of a data breach reached USD $4.88 million. For a fund holding investor data, a breach creates regulatory liability, reputational damage with investors, and potential legal exposure that no development saving offsets. Security in fund administration is not a feature to add after launch. It shapes how the entire system must be built from the ground up.

Regulatory Compliance: A Moving Target You Are Now Responsible For

Fund administration software does not operate in a fixed regulatory environment. AML/KYC requirements, investor verification standards, reporting obligations, and data privacy rules change regularly across every jurisdiction where funds operate.

In Australia, the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 introduced significant changes to customer due diligence requirements, with staged implementation beginning in 2026. In New Zealand, amendments to the AML/CFT Act have similarly expanded compliance obligations for fund managers. In the United States, the SEC's private fund rules, effective September 2023, introduced new quarterly reporting requirements for registered advisers, materially increasing reporting obligations for mid-market managers.

When a fund uses a purpose-built platform, the vendor absorbs the cost of tracking these changes and implementing them as part of the subscription. When a fund builds its own software, the responsibility for tracking and implementing every regulatory update falls entirely on the fund's internal team, and their contracted developer. Missing an update is not just a product oversight. For fund directors, regulatory non-compliance creates personal legal liability.

The cost of tracking regulatory change across multiple jurisdictions, translating it into software requirements, and building and deploying those changes is work that fund managers should not need to pay for repeatedly. With a purpose-built platform, it is already handled.

The Hidden Cost of Building and Retaining a Software Team

Building fund administration software is not a single-developer project. It requires engineers who understand both financial services workflows and software architecture: unit registry logic, investor entity structures, audit trail requirements, calculation logic for capital calls and distributions, and fee management across multiple unit classes.

These are specialists. The recruitment market for fintech engineers with financial services domain knowledge is competitive, and salaries reflect this. Beyond engineers, a functioning software product requires product management to define requirements, quality assurance to validate releases, and security expertise to maintain compliance posture. The annual cost of even a minimal team with these capabilities typically exceeds most funds' multi-year subscription costs before a single feature reaches production.

The talent risk compounds the financial risk. When a key developer leaves, they take with them the institutional knowledge of how the system works: its undocumented assumptions, its edge cases, its quirks. Rebuilding that knowledge takes months. During that period, the software stagnates, bugs accumulate, and the fund is operationally dependent on a system it cannot adequately maintain or explain to auditors. This is not a hypothetical risk. It is the predictable outcome of building software that only one or two people truly understand.

What Purpose-Built Fund Administration Software Delivers Instead

Purpose-built fund administration platforms are built by teams whose entire focus is this domain. Security, compliance, development, and support costs are spread across hundreds of client funds, making the economics structurally different from an in-house build.

• Security
  • Custom Build: No formal certifications; relies on individual developer practices
  • Purpose-Built Platform: ISO 27001 certified; regular external audits and penetration testing
• Development
  • Custom Build: Features built on request, at extra cost each time
  • Purpose-Built Platform: Updates every two weeks, included in subscription
• Compliance
  • Custom Build: Fund's responsibility to track and implement regulatory change
  • Purpose-Built Platform: Vendor tracks and implements changes as they occur
• Staffing
  • Custom Build: Requires specialist developers, QA, and security expertise
  • Purpose-Built Platform: Covered by the vendor's team
• Cost model
  • Custom Build: Initial quote plus ongoing development, maintenance, and staffing
  • Purpose-Built Platform: Predictable subscription with no hidden update fees

Caruso's fund administration services support more than 900 funds across real estate, private credit, and private equity. The platform ships new features daily with regular release notes every two weeks, holds ISO 27001 certification, and undergoes regular external security audits. Regulatory changes are absorbed and implemented as part of the service. Clients pay no additional fees for software improvements.

For a fund manager weighing this decision, the comparison is not "subscription cost versus developer cost." It is "subscription cost versus the full, ongoing cost (money, time, and risk) of operating a software product," including security infrastructure, developer salaries, compliance tracking, quality assurance, and the operational risk of a system that falls behind or breaks.

Conclusion

We have seen fund managers invest $100,000 or more into a custom build and find themselves with a system that handles a fraction of what they need. Fund administration spans investor onboarding, AML/KYC, unit registry, capital calls, distributions, reporting, and compliance workflows across multiple jurisdictions. The scope is always larger than the quote, and the budget is always tighter than the project.

Caruso is trusted by more than 900 funds, holds ISO 27001 certification and ships new features every two weeks. The Caruso Fund Admin Agent goes further still, handling registry queries, compliance checks, redemption processing, distributions, and trust deed extraction in seconds rather than hours. That capability is only possible on a platform where the system of record and the system of action are the same thing. Building today is not just a costly decision. It is a decision to fall further behind.