How Digital Operating Models Can Help Regulatory Compliance
16 November 2017 |
Ed Sorby | About a 5 minute read
Headline-hogging regulations like GDPR might be stealing mainstream attention, but regulatory initiatives are now the new normal for any consumer-facing business. How can you avoid getting overwhelmed by the pace and complexity of the changes required?
There’s never been a better time to be a consumer. New and innovative products are being released on a daily basis, and with regulations like GDPR coming into force over the course of 2018, consumers are getting more and more protection.
On the flip-side, many industries which used to operate freely and unencumbered by regulation are starting to feel the operational and technological burdens that come with stricter rules around how they operate And it isn’t just GDPR and data protection. A quick Google finds that in the UK alone, there are over 70 regulatory or supervisory bodies covering 10 industries. And that doesn’t include those we inherit from Europe, or trans-national regulators.
Perhaps the most regulated industry, financial services, will see over 40 new or updated regulations in the next three years alone. There’s no escaping it. Having spent three years working in financial services, I have a strong sense of the challenges involved in staying on the right side of the regulators.
Volume, pace and complexity are often cited as the biggest challenges, but we should add confusing and lengthy legal language to that list. Not to mention the fatigue most companies are now feeling after years of relentless change. But compliance is a do-or-fail initiative. The work must be done. And now those precious developers are too busy to help build that funky new feature.
In my experience, by far the biggest factor in successfully implementing a regulatory change is one that’s totally within your control – your operating model. The huge risks of non-compliance and complexity of change means organisations often default to a rigid, waterfall-style development and governance structure. But a diehard agile approach gives nothing like the level of control that’s required.
So, what’s the right model to give me the control I want but also allow me to deal with the added complexity of regulatory change?
While there can never be one single model that works for all, a digital mindset goes a long way towards creating the optimum environment in which to solve the regulatory challenge.
The application of this mindset has to start with your operating model. Basing what you do around the Agile Principles will help ensure you start on the right foot.
Some of the most important principles, and the benefits they will have, are:
- Collaboration – build teams encompassing Operations, Technology, Legal and Compliance. If you can second accountable individuals into agile teams, or at least ringfence some of their time to be spent with the agile teams, you’ll massively streamline any interpretation and sign-off activities.
- Fail fast – I know, talking about failing in the same sentence as regulation is blasphemy, but would you rather fail a week before a rule comes into force, or two weeks after you started testing a prototype solution, months before go-live? This approach to development helps the likes of Monzo and Revolut quickly release new features while staying on the right side of regulation.
- Product or feature mindset – treating regulatory compliance as another feature in your backlog (albeit a high priority one!) will help prevent regulation taking over your roadmap, ensure time is allocated effectively, and allow the best solution to evolve naturally. Remember to keep in mind why you’re building it to ensure ruthless prioritisation!
- Welcome changing requirements – while draft regulations will be available early, drastic changes often happen at the last minute. Agile teams and processes take this kind of change in their strides. Remember, those agile teams aren’t just developers, they’re also ops specialists, lawyers, etc.!
- Sustainable development – with regulatory fatigue taking hold, it’s more important than ever to make sure your teams aren’t burning themselves out. Even better, consider whether you should really be building it yourself.
The operating model you ultimately employ will depend heavily on what you already have in place – how comfortable or familiar are you with agile already?
It won’t solve your every issue.
But a well-designed and considered investment in nailing your operating model, in a way that balances the governance and control you need with the principles of an Agile and digital business, will pay hefty dividends in the long run.
Getting that right will help you build logical, maintainable, and adaptable solutions to regulatory requirements, instead of drowning in a sea of rapidly changing and difficult to decipher regulations.Read More From This Author
Senior Full Stack Developer (London)
Champion software quality and technical vision for AND and our clients, work on large-scale projects and help junior and mid developers grow in their roles.I'm Interested
Full Stack Developer (London)
Put your development expertise to work, building remarkable, digital products in Agile environments using a variety of languages and frameworks.I'm Interested
Tech Lead (Reading)
Bring your expert tech knowledge to the table to influence the direction of projects, whilst coaching and your team through engineering best practices.I'm Interested