I was speaking to a Fintech CTO at Mirai, a flagship AI CXO event by Mind IT®. The CTO seemed extremely smart, very motivated in language, but looked and came across as drained. I asked him what’s troubling him. “It’s like I’m waging war on two fronts,” he said to me. “I’ve got one front with the market beating down my door, demanding new features, yesterday. And then I’ve got regulators who wake up every morning and find a new rule for me to comply with. I’m caught in the middle, just trying to keep my head above water.”

And man, did that resonate. I’ve been at it for the good part of two decades now, and I’ve heard that same tale, with slight differences, a thousand times. Whether you’re in fintech, healthcare, or any other business that’s got a rulebook the size of an encyclopedia, the pressure is just crazy. You have to be as agile as a startup, yet as buttoned-up as a century-old bank. It is a high-wire act, and many good people and good businesses fall off.

The price of falling off is savage. We are not referring to a minimal fine and a slap on the wrist. We are referring to figures that can quite simply put you out of business. I was going through a Deloitte report the other day, which stated that cutting corners on compliance puts firms 34% more at risk of missing their launch dates. And things go catastrophically wrong? The typical GDPR penalty is now a nice €2 million. One auto recall costs $600 million. I mean, how do you even sleep at night with figures like that in the room?

So, what do you do? How do you create products that customers love, that are innovative, and that at the same time meet all the regulators’ requirements? How do you ship fast without breaking things—particularly when the “things” you could break are your customers’ trust and your company’s future?

It’s All About the Blueprint: Security as a Foundation, Not a Feature

The most significant, most costly error I see businesses consistently make is handling security and compliance as a coat of paint to slap on at the end. They construct the entire product, make it ship-ready, and then hand it over to the security experts, saying, “Hey, can you secure this?” It’s like constructing a skyscraper and then asking an architect to ensure that the foundation is solid. It’s backwards, and it costs a gazillion dollars to correct.

You must construct this kind of stuff in from the bottom up. It must be in the blueprint. It’s a complete mindset change. It’s not “security as a feature”; it’s “security as the foundation.” This is where all those acronyms you keep hearing about, such as the Secure Product Development Framework (SPDF) and the NIST Secure Software Development Framework (SSDF), actually come into play. Put the jargon aside for a moment. All they amount to is a list of guidelines for how to build security into every step of the process, from the initial brainstorming session to the day you launch.

It’s about plain, straightforward, common-sense things, such as:

This is not slowing you down. It is built on solid ground, so you can build higher and faster without fear of the whole thing falling over.

The Payback is Huge: Real Stories from the Real World

I can hear you thinking it now. “This costs a lot.” And, of course, there’s an initial investment. But the return is enormous. I’ve seen it myself.

I was working with an extensive hospital system a few years ago. Their electronic health record system was a dinosaur. It was cumbersome, the physicians hated it, and it was a compliance disaster waiting to happen. They finally took the plunge and built a new, bespoke platform. It was expensive, but worth it. The returns were impressive. They achieved a 25.5% ROI in four years. Their administrative expenses fell dramatically by an average of $42,500 per physician, per annum. And the icing on the cake? They were even able to give their patients better care.

I witnessed the same thing occur at a financial services firm. They were up to their eyeballs in paperwork, attempting to comply with all of the regulations. They hired a team to automate specific processes using RPA and machine learning. The payoff? They realised $3 million in savings in the first year alone. And they onboarded new customers 55% quicker. That’s a huge competitive edge.

These aren’t feel-good stories. The statistics don’t lie. If you build it correctly, the investment pays itself back, then some.

The People Problem: You Need the Right Crew

Sure, you can have the world’s most fantastic blueprint, but if you don’t have the proper builders, you’re going to find yourself with a mess. And let’s face it, identifying individuals who excel in cutting-edge product innovation and the intricate details of regulatory compliance is akin to searching for a needle in a haystack.

This is where most businesses typically get stuck. They have an excellent group of engineers, but they are unfamiliar with HIPAA and PCI DSS. They want to bring someone on board, but they’re bidding against every other business for the same few specialists, and it takes months to find the right individual.

This is where I’ve become a firm believer in staff augmentation. Rather than embarking on a six-month hunt to find that ideal full-time candidate, you can hire a specialist on a project basis. It’s like hiring a master plumber to repair your plumbing rather than trying to learn plumbing on YouTube yourself. It’s quicker, it’s cheaper, and you have the expertise you require when you require it.

I consulted with a pharmaceutical firm that was preparing to introduce a new medicine. They had an excellent team of scientists, but they were utterly baffled by the FDA submission process. They hired a regulatory affairs consultant, and it was as if a burden had been lifted from their shoulders. The consultant took them through the entire labyrinth, and their drug was approved without any problems.

A Simple Plan to Get Started

So, how do you actually do it? Below is a simple, four-step plan that I have used with dozens of companies to get them started:

The Takeaway

Creating products in a regulated sector is challenging. No question about that. The pressure is extreme, and the stakes are extremely high. But it’s not a lost cause. If you change your mindset, establish a strong foundation of security and compliance, and acquire the right expertise, you can win outright. You can create innovative products that your customers adore and which are secure, resilient, and enduring.

And that, ladies and gentlemen, is how you win the war on two fronts.

References

Shailendra Gupta
(Co-Founder and CEO of Mind IT Systems)

Shailendra is Co-Founder and CEO of Mind IT Systems and is responsible for strategy and business relations.

With around two decades of experience in getting things done in marketing, sales, strategy, delivery, or technology, he has a successful track record of leading startups and mid-size companies and being a prime contributor to stakeholder management, growth, and value creation. A thought leader in the geo-social space, he is highly respected for realizing new paradigms in marketing, solutions, and approaches.