To improve their effectiveness, federal financial agencies are seeking ways to modernize operations by enhancing data management, strengthening cybersecurity, and optimizing processes. This involves integrating disparate data sources, implementing robust security measures, and adopting contracting practices that prioritize performance and outcomes. With mandates around zero trust, data integration, and responsible artificial intelligence (AI), financial agencies must evolve quickly to keep pace with mission demands and regulatory obligations.
MeriTalk recently sat down with Gabrielle Rivera, vice president, federal financial agencies, and regulatory commissions at Maximus, to discuss a comprehensive approach to modernization that combines data modernization, cybersecurity maturity, outcome-based contracting, and AI and automation in federal financial operations.
MeriTalk: What first steps do you recommend for federal financial agencies that need to break down data silos to improve the efficiency of agency operations, yet still satisfy stringent governance, privacy, and audit requirements?
Rivera: Starting with governance. Specifically, identifying authoritative data sources and understanding what types of data they contain, determining the associated security parameters, and establishing the appropriate enterprise-wide governance structures. Silos exist because different business and IT owners want control over their data, but that separation complicates efforts to comply with regulatory mandates and integrate sensitive information such as PII (personally identifiable information) and financial records. To centralize this data, whether that is in a data lake, warehouse, or hybrid model, the security team should be engaged from the onset and embedded throughout. Retention strategies are another critical component. Agencies should consider how long data needs to be stored and accessed, and they need to factor that into governance from day one.
MeriTalk: Maximus recently helped the Internal Revenue Service fold eight separate contracts into one integrated program office while continuing to support 130-plus applications during peak tax-filing season. Based on that experience, what lessons can you share about balancing efficiency with risk and service continuity, and how might other finance-focused agencies apply those insights?
Rivera: That consolidation project focused on cybersecurity, application development, and unifying under a single PMO, which allowed us to assess mandates and protocols consistently while eliminating redundant efforts. Instead of increasing risk, the consolidation reduced it. Efficiency is not just about cutting costs; it is also about removing duplicative tools, platforms, and reporting structures. Many of those redundancies do not come to light until you are already in progress, so flexibility is key. Agencies should not expect to only identify redundancies upfront. They should be ready to streamline during implementation and/or after integration. That is where true operational gains are realized.
MeriTalk: Federal financial agencies have laid important groundwork for zero trust cybersecurity. As they move from initial implementation to deeper integration, where should leaders concentrate their efforts, and which indicators best reveal that their cybersecurity posture is truly maturing?
Rivera: Continuous Authority to Operate, or ongoing authorization, is one of the most effective next steps. It enables a strong, consistent security posture while reducing the manual labor of repetitive documentation. Agencies can monitor their security maturity by looking at both defensive and proactive indicators. Firewalls and data protection are foundational. But real maturity comes from shifting to offense, with strategies like threat hunting and active threat intelligence anticipate and detect risks before they reach your perimeter.
MeriTalk: How are outcome-based contracting models changing modernization initiatives in the financial arena, and which key performance indicators belong in today’s solicitations to keep vendors focused on efficiency and mission impact?
Rivera: Outcome-based contracting is not new, but it is gaining momentum because traditional models do not reflect the pace of mission and technology change. Long-term contracts used to take years to show progress, but now, iterative gains are essential. That means contracts need to differentiate between technological outcomes, like migrating off a mainframe, and business outcomes, like improving customer satisfaction. Flexibility is critical, whether that is transitioning time and materials to firm-fixed-price models or adding optional CLINs (contract line-item numbers) for evolving needs, such as surge or to meet emerging requirements. We are seeing increasing demand for contracts that adapt to evolving mission and business requirements.
I also appreciate the government’s movement toward a government-wide shared services model. It can keep tool sprawl in check, reduce acquisition costs, and streamline adoption of technology advancements and mission requirements across agencies of all sizes and complexities.
MeriTalk: How can agencies achieve the “sweet spot” of automation, analytics, and human oversight to improve efficiency and effectiveness in highly regulated financial environments?
Rivera: It all starts with the business case. When agencies deploy tools before identifying the specific outcome they are trying to achieve, there can be systems and functionality overlap, such as multiple IT service management platforms performing similar functions. By aligning on a defined use case, agencies can determine the right combination of automation and human oversight. The unification of a specific use case and technology tools allow internal units to communicate more effectively and operate under the same standards for performance, security, and service. They gain faster response times and more informed decision-making as a result.
MeriTalk: How does Maximus help agencies identify opportunities for AI and advanced analytics to improve accuracy, reduce fraud, or elevate the customer experience in federal financial operations?
Rivera: Right now, we are in a discovery phase, exploring the art of the possible. There are endless use cases for AI, but everything must be grounded in responsible AI principles. We are dealing with highly sensitive financial and personal data, so cybersecurity and ethics must be considered from the start. At Maximus, we begin with a strong assessment phase that includes IT, business, and cybersecurity leaders. That alignment helps us determine not only where AI fits, but how it can support a mission outcome without introducing risk.
MeriTalk: If we revisit this conversation in three to five years, what single capability do you hope every federal financial agency will have mastered to improve efficiency and effectiveness, and why is it mission critical?
Rivera: I would love to see widespread adoption of federal mandates around digitization. We are still storing paper documents, microfilm, even World War II-era T-bonds in physical facilities. These records hold sensitive data and are costly to maintain. Digitization drastically improves security, reduces costs, and streamlines secure access to information. It seems simple, but it is fundamental to modernization and to align federal agencies with today’s digital expectations.