Leading Swiss Private Bank Saves CHF 6.4M on Microsoft EA Renewal

Updated September 2024 · 6 min read · Fredrik Filipsson
24% Cost Reduction
CHF 6.4M 3-Year Savings
220 Copilot Seats Governed
32% Azure Commitment Reduced
By Fredrik Filipsson
April 2026

The Challenge

The bank's first EA renewal arrived with a structural complexity uncommon in most Microsoft engagements: E5 was already the appropriate licence for a significant portion of the population. The 2,600 client-facing relationship managers and advisors had been placed on E5 three years earlier — driven by genuine FINMA MiFID II and LSFin compliance obligations around information barriers, data classification, and communication archiving. The compliance case for E5 in this population was sound. What was not sound was Microsoft's renewal proposal, which extended this logic to the full organisation: a complete E3→E5 upgrade for the remaining 2,200 operations and technology staff, framed around Digital Operational Resilience Act (DORA) readiness and NIS2. At CHF 23/user/month uplift, the full-fleet E3→E5 proposal would have added CHF 7.3M over three years. Separately, Copilot for Microsoft 365 was being pitched for expansion across all 2,600 E5 client-facing staff — despite the 220-seat pilot showing uneven adoption — at an additional CHF 2.9M annually. Azure regulatory reporting workloads had substantially completed their build phase, leaving CHF 1.9M in annual commitment surplus.

"The E5 question for our operations team wasn't about compliance — it was about whether Microsoft's DORA narrative survived scrutiny. It didn't."
— CTO, Client Organisation

The Approach

DORA and NIS2 Compliance Mapping for Operations and Technology Staff

Independent analysis of DORA's ICT risk management obligations (Articles 5–16) mapped against the client's existing technical controls. Finding: DORA's requirements for ICT systems supporting critical or important functions were satisfied through the E5 Defender and Sentinel deployment already in place for core banking systems — not requiring E5 at the individual user level across operations staff. Of the 2,200 E3 users: 480 IT/infrastructure engineers had a genuine case for Defender for Endpoint P2 (addressed through targeted add-ons); 720 operations staff had no material security control gap at the DORA-relevant layer; 1,000 remaining users in support functions had equivalent status. The analysis was documented and presented formally to Microsoft's account team as the client's DORA compliance posture, removing the regulatory forcing function from the E5 pitch.

Copilot Governance and FINMA Regulatory Risk Assessment

The 220-seat Copilot pilot had raised a specific concern not present in most commercial organisations: FINMA's requirements around the use of AI in client-facing financial communications. Redress assessed the pilot against FINMA Circular 2023/1 requirements and the bank's internal AI governance framework. Usage telemetry showed 148 active regular users — primarily in research, investment strategy, and internal communications — and 72 inactive or rare users, including several front-office staff who had expressed concern about AI-assisted client correspondence. Redress recommended retaining 220 governed seats with an explicit FINMA-compliant data handling addendum to the Microsoft Copilot terms, with an 18-month expansion pathway contingent on a documented AI governance review. The full-fleet expansion of 2,600 seats — with no FINMA addendum — was declined.

E5 Price Lock Prior to July 2026 List Price Increase

Microsoft's scheduled July 2026 list price increase would raise E5 from CHF 63 to CHF 66/user/month. For 2,600 seats, the annual impact was CHF 93,600 — or CHF 280,800 over the remaining renewal term. Redress negotiated a three-year price lock on the existing 2,600 E5 seats as part of the overall renewal terms — converting a passive cost increase into an active saving of CHF 1.1M when modelled against the revised list price trajectory.

Microsoft EA renewal approaching? Get an independent DORA compliance assessment before you accept an E5 upgrade pitch.
Book a Microsoft Review

Azure Regulatory Reporting Right-Sizing

The regulatory reporting workloads had been built on a deliberately over-provisioned Azure foundation during the compliance build phase. With the build substantially complete, consumption had stabilised at 68% of the committed level. A 32% commitment reduction was negotiated. The surplus was applied as a cross-pillar credit adjustment — converted into additional M365 discount depth — rather than accepting Microsoft's default option of rolling the credits forward as future Azure consumption allowance.

The Outcome

Total Three-Year Impact

24%
Total Cost
Reduction
CHF 6.4M
3-Year
Savings
CHF 1.1M
E5 Price
Lock Value
32%
Azure
Commitment
Reduced

The renegotiated EA blocked the E3→E5 full-fleet upgrade for 2,200 operations and technology staff, replacing Microsoft's compliance pitch with a targeted Defender add-on approach for 480 IT engineers. Copilot was retained at 220 governed seats with FINMA-compliant terms, declining the full-fleet expansion for 2,600 client-facing staff. The E5 price was locked for three years ahead of the July 2026 increase, saving CHF 1.1M. Azure commitment was reduced 32%, with credits reallocated as M365 discount depth.

Total savings over three years: CHF 6.4M (approximately $7.1M USD) — a 24% reduction. DORA and FINMA compliance postures were maintained throughout, with the FINMA-compliant Copilot addendum providing a governance framework the bank's compliance team described as superior to the standard Microsoft Copilot terms.

Key Takeaways

  • DORA compliance framing must be verified at the user layer. DORA's ICT risk management obligations attach to systems, not individual user licences — most operations staff do not need E5-level controls to satisfy DORA's requirements.
  • Copilot in client-facing financial services requires regulatory addenda. FINMA and equivalent regulators have specific requirements around AI use in client communications; accepting standard Copilot terms without a regulatory addendum creates compliance exposure.
  • E5 price locks are most valuable immediately before announced increases. Microsoft's July 2026 pricing reset creates a specific window for multi-year price lock negotiations for existing E5 populations; this window closes at renewal.
  • Azure post-build right-sizing in regulated industries is systematically underexploited. Regulatory build phases consistently lead to Azure over-provisioning; cross-pillar credit mechanics allow surplus to be reinvested as M365 discount rather than stranded cloud credits.
  • First EA renewals carry the highest upsell risk. First renewal is typically when Microsoft's account teams deploy the most aggressive upsell strategies; the absence of renewal history removes the client's ability to use prior pricing as a counter-reference.