Building an organisation to meet a regulated standard requires a holistic and hetergenous approach. Here we look at how you go about such an endeavour and the programme structgure required.
In today’s rapidly evolving financial services landscape, central banks face a dual mandate: safeguard the economy and encourage innovation within it. This isn’t new, but the pace and complexity of innovation in fintech has added fresh urgency and new challenges to both parts of that remit. This innovation is relentless. Whether it’s the emergence of decentralised finance (DeFi), tokenised assets, or AI-driven trading platforms, new entrants are continually testing the boundaries of the regulatory framework.
Two clear examples stand out:
- Digital Securities Depositories (DSDs), which are going through structured pilots in regulatory initiatives like the Digital Securities Sandbox (DSS). These projects follow a clearly defined path, almost like a conveyer belt from concept to live implementation.
- The explosion of stablecoin issuers, where a mix of regulated institutions, startups, and not previously regulated giants are experimenting with fiat-pegged digital currencies. Some follow clear regulatory guidelines; others operate in new, grey areas—posing new risks and challenges.
Building Regulated Infrastructure From Scratch
So, how do you bring these innovations into the regulated part of the financial system—without stifling the creativity that gave rise to them?
Think of it as a change programme, but with a twist: many of these initiatives start from scratch, with no existing blueprint. For this reason, we propose framing these efforts as BOLT programmes— which have four interconnected streams:
- Business
A plan to transform capital into a viable, profitable operation. This includes growth models, market positioning, and incentivisation alignment. - Operations
The policies, processes, and systems to ensure smooth delivery—and to reassure regulators and investors that the organisation is robust and compliant. - Legal
Given the novelty of many fintech ventures, legal treatment is often undefined. Ongoing legal advice and active engagement with regulators are crucial. - Technology
Often the most straightforward stream—since the technical problem is usually well-scoped. But execution is key: building scalable, secure, and compliant platforms is non-negotiable.
Managing a BOLT Programme
Not each stream needs managing in the same way a useful model here is the Cynefin framework where each stream (or sub stream) is classified as Simple, Complicated, Comple, or Chaotic.
- Simple/Complicated contexts (e.g., Business or Operations) may benefit from a traditional design-and-build approach.
- Complex/Chaotic contexts (e.g., Legal interpretations of new tech) require Agile practices—emphasising iteration, experimentation, and feedback loops.
Recognising this distinction is vital. Trying to impose a rigid methodology across all streams often results in unnecessary friction and inefficiencies as square pegs are pushed into round holes.
To control such diverse programmes, you need to manage at a higher level of abstraction, where Time, Cost, and Deliverables are the unifying metrics. The specific delivery approach used in each stream (Agile, Waterfall, hybrid) should be irrelevant at the programme level.
What matters is tracking progress, managing risks before they materialise, and ensuring alignment across all moving parts.
RegDefy Delivers BOLT programmes
At RegDefy, we’ve designed our Programme Definition and Execution module with this exact multi mode philosophy. It enables the innovators to:
- Structure and manage mixed-method delivery portfolios
- Track delivery against time, cost, and quality forecasts
- Identify and mitigate risks early
- Coordinate across legal, business, operations, and technology workstreams— integrating with the 11 dimensions that model the ecosystem.
Conclusion
Building a regulated organisation or set of organisations can be daunting, splitting it into a BOLT programme can provide the top level structure. However, to avoid inefficiencies different parts of the programme may need different approaches.
RegDefy was built to manage these heterogeneous programmes.
