Strategies for Incorporating Compliance into the Product Development Process in Highly-Regulated Sectors

About the author:
Kira Balabanova is a seasoned Product Lead, now Nebius, with over a decade of experience in B2C and B2B software development, specialising in mobile apps for iOS and Android, as well as websites. With a career marked by successful product launches and enhancements, Kira has predominantly focused on the Fintech sector. Her achievements include introducing groundbreaking Fiat+Crypto Сard. These ventures demanded rigorous compliance with regulatory standards. Her deep understanding of navigating the complexities of highly-regulated industries makes her an authoritative voice on integrating compliance into the product development process.

When operating in a highly regulated sector such as finance, it’s crucial to maintain a constant focus on compliance because the stakes are high.

No matter what you’re building, it’s essential to consider the regulations and restrictions. However, in my experience, I’ve noticed a significant gap—compliance professionals are not as involved in product development as they should be. This lack of collaboration is a missed opportunity that we need to address to ensure both innovation and adherence to regulatory standards.

Frequently, product teams avoid involving compliance professionals from the early stages of the project because they tend to ask uncomfortable questions, add constraints, and insist on some requirements that are not so obvious and may not seem essential to the product team.

As a product manager with an almost 10-year career mostly in Fintech, I’ve been there myself. I postponed the ‘compliance’ stage as long as I could, and when there was no longer time to wait, it was one of the most challenging and less engaging stages of product development.

Deep inside, I knew that my colleagues from compliance were trying to do their job, but emotionally, I felt like they were putting a spoke in the wheel.

The Strategy

1. View Compliance as a Partner and Co-Creator

First, start to see the compliance team as a partner and co-creator, not a mere ‘stakeholder’. Engage with them, show that you care about their input, and treat them like partners. By fostering a collaborative environment, you can leverage their expertise to enhance the product rather than viewing their involvement as an obstacle.

Example: JPMorgan Chase has successfully integrated compliance into its product development teams. By involving compliance officers early in the development of their mobile banking apps, they ensured that the apps met all regulatory requirements while still delivering a user-friendly experience.

Invite compliance professionals to participate from the early stages of your product development. Encourage them to challenge your ideas instead of avoiding them. When collecting ideas for the upcoming period, invite the compliance team and ask them to provide their perspective on your ideas. Initially, this may seem counterproductive, but over time, it becomes an efficient, useful, and even enjoyable process.

Example: PayPal involves their compliance team early in the development process to ensure that new financial products and services comply with international regulations. This early involvement has helped them avoid costly regulatory issues and build trust with their global user base.

3. Organize Regular Demo Sessions for the Compliance Team

Regular demo sessions for the compliance team are essential. These can be part of your product demos or special meetings exclusively for compliance. Ensure someone from the compliance team is invited and has the opportunity to ask questions and suggest solutions. This transparency helps in aligning compliance requirements with the product development process.

Example: At Stripe, product demos regularly include compliance team members. This practice ensures that all new features and updates are reviewed for regulatory compliance before they go live, minimizing the risk of non-compliance.

4. Formalize Compliance Requests

Accuracy is crucial when dealing with compliance requests. Formalize all requests to ensure your colleagues provide all the necessary information without missing any details. I created a specific type of task in Jira and explained its use to the compliance team. They appreciated having a traceable artefacts instead of writing emails, which streamlined the process.

Example: IBM uses a formalized ticketing system to handle compliance requests. This system tracks all compliance-related tasks and ensures that nothing is overlooked, facilitating better communication and accountability between the product and compliance teams.

5. Centralize Storage for Compliance Documents

Compliance is primarily based on official documents, so having centralized storage for these documents is essential. This centralized storage should be easily accessible and well-organized, ensuring that all team members can find the necessary documents quickly and efficiently.

Example: Confluence provides a centralized repository for all compliance-related documents. This repository is accessible to all relevant team members, ensuring that everyone has access to the latest regulatory guidelines and compliance documentation.

6. Perform Regular Reviews with the Compliance Team

Regulations tend to change frequently, so regular reviews with your compliance team are necessary to avoid inconsistencies. Schedule periodic meetings to review current regulations and ensure that your product remains compliant with the latest standards.

Example: Microsoft conducts quarterly compliance reviews for its Azure cloud services. These reviews ensure that all services remain compliant with evolving regulations and help identify any areas that may require updates or changes.

The Outcome

Implementing these strategies leads to several positive outcomes:

1. Better Understanding Between Product and Compliance Teams: Improved communication and collaboration result in a more aligned and cohesive team effort. This alignment helps in creating products that meet regulatory requirements without compromising on innovation.
2. More Accurate Planning for Compliance-Related Launches: Early and consistent involvement of compliance professionals helps in planning more accurately for compliance-related aspects of the product launch. This foresight prevents last-minute changes and ensures smoother launches.
3. Better Expectation Management: Clear communication and formalized processes help manage expectations more effectively and reduce misunderstandings. This clarity leads to more predictable and manageable project timelines.
4. More Friendly and Calm Atmosphere Overall: A collaborative approach fosters a more positive and less stressful working environment, benefiting the entire team. This positive atmosphere encourages more open communication and cooperation across departments.

And lastly

Incorporating compliance into the product development process in highly regulated sectors is not just about ticking boxes; it’s about creating a seamless integration that enhances the product and ensures regulatory adherence.

By treating compliance professionals as partners, involving them early, organizing regular demo sessions, formalizing requests, centralizing document storage, and performing regular reviews, product teams can navigate the complexities of compliance more effectively. These strategies not only improve the product development process but also lead to a more harmonious and efficient working environment.

For more insights on integrating compliance into product development, check these resources:

• Silos, Politics and Turf Wars: A Leadership Fable About Destroying the Barriers That Turn Colleagues Into Competitors by Patrick Lencioni
• Understanding Cloud Compliance For Data Security and Privacy by DigitalOcean.