Financial services organizations are investing an extraordinary amount of time, money, and effort in transformation programs to comply with regulators. For example, the average high street bank spends over £150M per year on regulatory programs. Most of these costs extend upwards due to increasing pressures such from ever changing regulatory requirements, competitive supplier landscapes, and internal pressure to cut costs.
Start-ups and disruptors in the financial services space have been quick to adopt Agile ways of working in the regulatory space. It’s an unspoken understanding in financial services that Agile delivery is always acceptable for smaller and nimbler teams, and perhaps even larger, well defined, transformation initiatives. But for larger, regulatory transformation programs, with nebulous and fluid requirements, waterfall is the surefire, fallback approach. Some organizations ambitiously start with Agile, only to revert to waterfall.
Organizations adopt Agile for many reasons: there is lineage between user goals and work, a minimum viable product (MVP) approach enables prototypes and benefits to arrive quickly, and the abbreviated design-release-test cycle within a sprint front-loads testing and promotes fewer defects in production.
Here are the benefits of Agile adoption:
With all these benefits, why is Agile adoption for regulatory reticent? We hear the same themes from our clients:
- Regulatory requirements are iterative: not all regulatory requirements are evident in one drop but are staggered and can change over time. To make it even more challenging, regulators still maintain deadlines on when all requirements can be met, even with the uncertainty of requirements. While Agile is also iterative, there may be a prolonged process on the concept of ‘done’. How do we guarantee the regulatory requirement will be fulfilled by the deadline if there is a constant, iterative cycle of design-build-test? How do we guarantee it’s ‘done’ with Agile?
- Agile has been around for a while, but most financial institutions have been around for longer! Agile maturity in large, monolithic, financial institutions can be slow. If the decision-makers in the organization are more comfortable with waterfall, waterfall is the surest way to deliver high stakes regulatory change where the risk to fines is huge.
- Product owners need to very work closely with developers with Agile to ensure the solution built is fit for the user. Product owners for regulatory transformation should be permanent employees, because they know the organization better than anyone – but they don’t have the capacity to work so closely with developers because they have business as usual (BAU) responsibilities, and they’re not Agile experts who know how to write user stories.
- Agile values emphasis using working software rather than documentation to demonstrate progress. How do organizations ensure comprehensive, detailed, requirements documentation to present to regulators in Agile?
- Regulatory requirements have local requirements, which have their own local deadlines. Solutions built will need customization, so a one-size-fits-all approach to anything developed may not be possible. In waterfall, this can be documented through localized requirement documents – but local requirements may require several Agile development teams, which will result in a more complicated organizational structure.
Best practices on delivering regulatory change through Agile
Our vast experience with regulatory projects has taught us how to adopt Agile practices in an organic way: with focus on meeting regulatory deadlines along with a balanced view of maintaining competitive advantage and lower cost of deployment.
Infosys Consulting suggests organizations can look to adopt agile ways of working in a gradual way from crawl to sprint stages of their Agile maturity curve. This facilitates a way to introduce a more collaborative, flexible, and responsive towards regulatory change. Our delivery approach explains how firms can take incremental steps to adopt Agile methodology for regulatory compliance projects and have a more strategic way of implementing these changes along with other value creation initiatives.
Let’s look at how agile changes can be incorporated into the dimensions of people, process, and technology in the various stages of Agile maturity, and act as an enabler to circumvent the complexities in delivering regulatory change.
Regulatory Agile teams: It is important that organizations begin by setting up smaller agile teams that can focus on understanding and delivering chunks of mandatory changes. These Agile teams can mature to have regulatory Agile specialists who are act as SMEs/product owners and are responsible for comprehending the subjective regulatory guidelines and convert them into user stories/requirements for either existing or new customer journeys. These product owners are also responsible for ensuring regional requirements are captured, and knowledge sharing is encouraged when collaborating with business/IT owners from different regions. This helps to reduce workload on existing employees at the same time as ensuring full transparency of the change being delivered.
Centralized planning and capacity planning: Regulatory changes often have their own planning cycles and are known to disrupt delivery planning for new initiatives. We propose a more adaptive and incremental approach to planning which ensures regulatory changes can be accommodated within the current planning process rather than halt the deliveries in pipeline. A program increment (PI) planning approach helps to look at synergies in combining testing and deployment efforts for projects across the board. The mature state would be a centralized approach to planning of all change initiatives including regulatory change with a more strategic outlook.
Incremental delivery with modular components: Instead of approaching the regulatory change as a “big bang” approach, we suggest that the requirements are broken down into manageable chunks and iterative delivery is followed to minimize any defects – and course corrected to incorporate new changes arising due to market maturity of these regulations. These smaller deliveries ensure that changes are verified and are in line with the regulations. Wherever possible, changes can be built in a modular way and a more strategic approach could be taken to ensure reusability for other projects.
Robust governance coupled with continuous feedback: It is important to have a close dialogue with regulator in all the markets so that the feedback is passed onto the delivery teams and to ensure the product is fit for regulatory compliance. Infosys Consulting has expertise in establishing a program assurance Center of Excellence (CoE) that focusses on providing robust governance with representatives from functions like risk, legal, operations etc. Product walkthroughs are also beneficial and ensure complete alignment with regulator expectations.
Focus on data strategy: Data is an extremely important tool that has more stringent controls and focus from the regulators. It is important that firms have initiatives shaping their data like the creation of data lakes, defining data contracts, and using cloud technology to host data, which help promote agility, operational efficiency, and foster innovation across the supply chain. Under data strategy, Infosys Consulting can help clients get a front-to-back view of how the data evolves by deconstructing service mapping to business capability, helping maintain data lineage and enforcing data contracts organically.
Transforming legacy IT landscape: Regulatory change programmes resort to tactical IT solutions to meet tight timelines. Instead, organizations should opt for a strategic architecture while implementing regulatory changes, thereby reducing the technical debt left behind. We advocate embarking on a digital transformation journey, replacing legacy platforms with more agile microservices, API, and cloud based architecture. This will pave the way to smoother regulatory delivery. With many fintech companies slowly changing the way financial institutions operate, it is important to build an ecosystem that can quickly adapt to changes in regulation and evolution in the marketplace.
Agile is indeed disruptive when compared to the waterfall/ “big bang” approach typically preferred within regulatory programmes. However, a thorough assessment, coupled with detailed analytical breakdown of these projects, can provide the required foundation for companies to incorporate agile thinking and ways of working to reap benefits in the long term, by merging regulatory projects with wider initiatives within the organization. A step-by-step adoption of agile practices can help build confidence and provide the required structure and framework for wider adoption.

Shaun Betts
Associate Partner
Shaun has been at Infosys Consulting since 2012, heading up our Agile European Center of Enablement and our Agile Transformation horizontal practice. Over his 30 years of experience in financial services, he has led large-scale organizational agility and change management projects for prominent businesses – most notably a global cards and payments provider and a leading UK retail bank.

Ana Soriano
Principal
Ana Soriano is a Principal at Infosys Consulting. She specializes in delivering risk and regulatory, and data analytics engagements, through Agile ways of working, in the Financial Services practice. She is a trained actuary.

Kajal Raj Sundar
Principal
Kajal is a versatile programme manager and has 17+ years in project/ programme management. A seasoned programme manager and SaFe agilist with end-to-end experience of leading large-scale IT projects, she has a successful track record in implementing complex digital transformation programmes. Proficient with Agile and waterfall methodologies and transitioning to Agile practices/ working, she has been helping clients deliver projects with maximum efficiency and speed. In the recent years she has been working on regulatory programmes within the banking industry and helping clients to reap benefits of Agile methodologies.
A very good read, Shaun, Kajal and Ana have summarized the key differences between waterfall and agile for regulatory projects so well. Hope companies follow the guidelines and reasoning presented here while adopting agile for regulatory programs.