How we score.
The BFSI Fit Score is a public, reproducible measure of how well an enterprise software product fits an Indian banking, NBFC, insurance, or fintech buyer. Every product is scored across seven axes, each on a 0–20 scale, with a published rubric and evidence sources. The seven axes are then weighted into a /100 fit score split equally between Regulatory Posture (50) and Market Strength (50).
Why each axis is scored out of 20, not 10
We chose a 0–20 raw scale for two practical reasons:
- Four meaningful bands. Each axis has four discrete qualitative bands (e.g., Default-clear / Configurable-clear / Partial / Non-clear). A /20 scale gives each band a clean 5-point window, so reviewers can grade within a band (a "weak Configurable-clear" is a 13, a "strong Configurable-clear" is a 17) without inventing decimals. A /10 scale would force coarse 2.5-point bands and lose this nuance.
- Per-segment recalibration. The raw 0–20 score is divided by 20 to get a ratio, then multiplied by a segment-specific weight (see the weight table below). This lets the same raw score map cleanly into different /100 totals for different segments (banks vs. NBFCs vs. insurers) without changing the underlying judgment.
In short: 0–20 is the judgment scale; /100 is the output scale. The two are separated by design so we can re-weight for different buyer profiles without re-scoring every product.
Default weights (BFSI segment)
These are the default weights applied to the 0–20 raw scores for the BFSI segment. Other sub-segments (e.g., NBFC, insurer, fintech) shift these weights — for example, NBFCs uplift India Residency and Implementation Reality; insurers uplift Vendor Stability.
- • Regulatory Fit — weight 30
- • India Residency — weight 20
- • BFSI Adoption — weight 15
- • India Channel Maturity — weight 12
- • Implementation Reality — weight 10
- • Peer Review Signal — weight 7
- • Vendor Stability — weight 6
Final per-axis contribution = (raw score / 20) × weight. Per-side totals are rounded and summed for the headline BFSI Fit Score.
The seven axes, in detail
Every band below is anchored to verifiable evidence. Click into any product's hexagon panel on the BFSI Dossier to see how it scores on each axis.
Regulatory Fit
Out-of-the-box clearance against the eight Indian regulators we test (RBI, SEBI, IRDAI, DPDP, CERT-In, IT Act, PMLA, UIDAI).
Clears the majority of regulator tests in default configuration with verifiable evidence (public docs, customer letters, audited controls). No configuration burden on the buyer.
Clears most regulators but requires named configuration (regional storage, encryption mode, audit-log retention, RBAC). Buyer absorbs config + drift risk.
Material gaps for at least one regulator: missing audit-log retention, no Indian incident channel, no UIDAI compliance for KYC use, no PMLA tracing.
Cannot be remediated by configuration. Either an architectural gap (e.g., no India region) or vendor unwilling to provide regulator-rated commitments.
Evidence: Vendor docs (security/compliance/trust portal), customer letters, regulator-published audit findings, MeitY/CERT-In advisories.
India Residency
Where does customer data, metadata, and audit logs physically sit, and is India region the default or an opt-in?
Indian customers are provisioned into an India region by default. Data, backups, and audit logs are India-resident with attestation.
India region exists but requires explicit selection at onboarding; logs/backups may default to another region unless re-pointed.
Primary data is India-resident but metadata, logs, or AI/ML processing leave India. Material for DPDP and CERT-In April-2022 reporting.
Product has no Indian datacenter footprint. Acceptable only for non-personal, non-financial use cases.
Evidence: Trust portal, sub-processor list, data-residency commitments, contractual amendments.
BFSI Adoption
How widely is the product actually deployed across Indian BFSI — named banks, NBFCs, insurers, fintechs?
Logos at multiple top-10 Indian banks/insurers AND broad presence at mid-cap NBFCs/fintechs. Verifiable via public case studies or RFP citations.
Multiple BFSI logos, including at least one large bank or insurer. Reference calls available.
BFSI logos present but mostly mid/small cap. Limited public references.
No verifiable BFSI customers in India, or only pilots.
Evidence: Public case studies, press releases, vendor-provided reference lists, analyst reports.
Peer Review Signal
What do practitioner peers (G2, Gartner Peer Insights, Capterra) say — weighted by review count and recency?
≥ 4.4 average across two or more sources with ≥ 200 total reviews in the last 24 months.
≥ 4.2 average but lower review count, or strong on one platform only.
Mixed sentiment, recurring complaints about support, performance, or pricing surprises.
Few reviews, or consistently below 3.8 average, or vendor disputes peer-review presence.
Evidence: G2, Gartner Peer Insights, Capterra, TrustRadius, India-specific community signal (Reddit r/cybersecurity_in, India CISO forums).
India Channel Maturity
Direct sales presence, partner network depth, 24/7 IST support, and SI ecosystem in India.
Direct Indian entity, 24/7 IST support staffed in India, ≥ 5 active national SI partners, and an India-specific pricing sheet.
Indian entity OR strong master distributor, IST support window, ≥ 3 active SI partners.
No direct presence; sold via 1–2 distributors. Support is regional (APAC) not India-specific.
No India go-to-market. Procurement requires direct USD invoicing.
Evidence: Vendor India entity registration, partner directory, support SLA documents, SI tier programs.
Implementation Reality
Median time-to-value at Indian BFSI deployments and rollout complexity (PoC → production).
Median time-to-value ≤ 8 weeks for a mid-sized Indian bank/NBFC. PoC scripts and reference architectures available.
8 – 16 weeks. Some custom integration but no surprises.
16 – 26 weeks. Material professional-services dependency and integration friction.
> 6 months typical; rollout often outlives the original sponsor; concentration risk on vendor PS.
Evidence: Customer interviews, anonymized rollout reports, SI partner debriefs.
Vendor Stability
Public/private status, funding stage, India tenure, and financial health (revenue trajectory, layoffs, ownership churn).
Public company or late-stage private with > 5-year India tenure, consistent revenue growth, and no governance red flags.
Established vendor with ≥ 3-year India tenure and healthy financials.
Recent acquisition, leadership churn, or significant layoffs. Continuity risk for support and roadmap.
Distressed, near a forced sale, or sub-scale with funding runway concerns.
Evidence: Public filings, press releases, layoff.fyi, CB Insights, India MCA registration tenure.
Quadrant assignment
Once Regulatory Posture and Market Strength are computed (each /50), the product is placed in one of four quadrants:
- • Champion — Reg ≥ 25 and Market ≥ 25. Audit-clean and broadly trusted.
- • Compliance-First Innovator — Reg ≥ 25 and Market < 25. Regulator-rated but thin BFSI track record; suitable for risk-tolerant buyers.
- • Market Standard — Reg < 25 and Market ≥ 25. Widely deployed but the buyer absorbs regulatory configuration burden.
- • Emerging Watch — Reg < 25 and Market < 25. Not recommended for production BFSI use today.
Refresh cadence & audit log
Scores are reviewed quarterly. Material changes (vendor M&A, regulator advisories, major CVEs, India region launches) trigger an out-of-cycle review. Every score change is recorded in a per-product audit log with date, axis, old/new value, and the triggering evidence.
Want to see the full audit log for a specific product, or challenge a score? Talk to a TechBag specialist.