Building AND Buying Regulatory Compliance

19 January 2018 | Ed Sorby | About a 4 minute read
Tags: building, buying, compliance, customer, insurance, regulatory, technology, value

In a world where constantly evolving regulatory requirements are the new-normal, why do companies continue to build their entire suite of compliance systems in-house when they provide little or no differentiation or customer value? A better approach might be to build AND buy.

We previously looked at the headaches regulation can cause in any industry, and the benefits of adopting digital and agile principles in the design of your operating model.

But we also said that getting your operating model right is just the start.

Regtech, the adoption of new technologies to facilitate the delivery of regulatory requirements, is a term coined in financial services but I envisage it growing to be applicable to other industries. Essentially, being smarter with technology and applying it to regulation.

The rise of Regtech means there’s a wave of startups dedicated to solving regulatory requirements. Your regulatory requirements.

Having spent years living through the frustrations of stubbornly building systems in-house for regulatory compliance, one of the biggest realisations I had, was that there’s a marketplace of purpose-built solutions ready to be brought in off the shelf. Compliance may be necessary, but it isn’t a differentiator.

To me, this is build-or-buy on a grand scale.


Is your tooling a differentiator?

Much of the impact of regulation is on your business processes.

I need to check that this supplier complies with modern slavery requirements. I must confirm that the investor isn’t laundering money. My returns process needs to honour consumer rights. I’ve got to remove her from my mailing list when she asks. I need to honour his right to be forgotten.

How many of these processes differentiate you from your competitors? How many of these would be easily served by a workflow management tool?

We already use tools like Jira and Trello. Few companies build bespoke software development suites. Just because we have to do something because a regulator told us to, that doesn’t mean we should solve that problem any differently to the processes we choose to do.


Is your data a differentiator?

The remaining impact is typically on your data – it’s probably harder to gauge whether that data is a differentiator.

Common wisdom states that all the data you’ve gathered (legitimately and consensually) about your customers is highly valuable and should be protected.

I question the universality of this wisdom – some, even most, of your client data is valuable and should be protected. But not all of it.

Why keep each customer’s entire address on file, if you can look it up with the first line and postcode? Why keep the make and model of your customers’ car if you can look it up from their licence plate on the DVLA?

These are simple, and perhaps forced, examples, but the point remains – if it serves you no value outside of regulatory compliance, don’t keep it. Let someone else deal with that particular headache. (Let’s not even get into the impacts of GDPR on that data you hold!)

Look at it from another point of view. As a customer, when I change my address, would I rather update one, centralised service and permission companies to read it from that service, or go to the hundreds of companies that hold my address and change it at each one?

Centralised, permissioned data platforms are growing in financial services (Bloomberg is a household name, but there are others like Markit, Clarient, and TriOptima). It’s surely only a matter of time until they proliferate into other industries.


Put simply, make your life as easy as you can

Don’t fall into the knee-jerk reaction of building any and all regulatory systems in-house.

Take the time to decompose what you’re building and do a build-or-buy analysis on the resulting parts (including data!). And follow through on the results.

Doing so will make sure you invest time and money in doing things the right way, not just for now, but in a scalable way for the future. It’ll probably be a mixture of build AND buy. Just make sure that whatever you do, you tackle the challenge within a digital operating model.

It won’t just reduce regulatory headaches, it’ll make for happier product teams, and you might create some spare capacity to focus on that elusive new disruptive product in the process.

Read More From This Author

Share this blog post

Related Articles


We’re looking for bright, dynamic people to join our team!

Discover More Roles