A top 5 bank in the midst of a large-scale acquisition was under a regulatory deadline to incorporate a recently acquired online brokerage business into their Compliance Management Program (CMP). The project was able to avoid significant delays and successfully delivered the product on time by incorporating Agile methods and practices into the approach.
An analysis of the applicable brokerage regulations and associated risk requirements determined that this line of business had over 300 risk requirements correlating to 25 regulatory mandates. I was selected by the client to lead a small team of geographically dispersed brokerage compliance and business subject matter experts to complete the CMP integration. The regulatory deadline was a daunting 10 weeks from the point at which we were engaged and the scope of work was finalized. To further complicate the process, the acquired firm lost their Chief Compliance Officer and his second-in-command during the course of the acquisition. The collective team had decades of experience in the brokerage industry, but no one had more than 4 months of experience with the acquired firm.
Out of the gates, we experienced many challenges that impeded productivity and broke down collaboration. We struggled to gain traction and the necessary velocity to meet the regulatory deadline. Team members balanced competing priorities and a split between Eastern and Pacific timelines made conference calls a scheduling challenge. Each team member contributed a valuable skillset needed to deliver the product; however we weren't autonomously productive enough to make great progress outside of our limited interactions via conference call and video conference. We were the proverbial 3-legged stool.
Once applicable regulations and risk requirements are identified, the build out of a CMP involves creating controls to mitigate those risks and writing test plans to monitor the effectiveness of those controls going forward. We initially tackled the work in a pseudo-waterfall fashion. We took a single step in the process (e.g. writing all risk requirements) and aimed to move that step through to completion before starting the next step (e.g. developing controls for each risk requirement). We quickly discovered that using this methodology was ungainly and failed to create enough throughput for approval. At best, we were on track to hand the interim Chief Compliance Officer the entire body of work, out of a black box, for approval at the 11th hour. Recognizing that the deadline was in jeopardy, I decided to try applying to this wholly non-technical effort what I have learned about Agile delivery of technology solutions. It occurred to me that Agile principles and practices could be applied to the CMP integration process to break the work up into more manageable chunks, manage the obstacles we were facing, and get the project back on track.
The first step in the Agile transition was to quickly create and prioritize a backlog of stories. High priority stories were tackled first and typically covered high risk regulatory requirements with multiple controls. This gave us some comfort that if we missed our deadline, we could hang our hats on the fact that only low priority or minimal value-added stories remained and our highest risk regulatory requirements had control coverage. At the outset, we were skeptical of our ability to move through the stories given the time we had remaining, but as the team incrementally moved chunks of work all the way across the finish line; rather than continuously adding things to a giant approval queue, there was a noticeable boost to productivity and morale.
Next we established an iteration cadence and timeboxed the work into one-week sprints. Each Friday we would host a Sprint Review with the Product Owner, Stakeholders and the Business to demonstrate the product produced during that sprint and to receive feedback for inclusion in the next sprint. We quickly adapted to the preferences of the approver and found that over time fewer and fewer stories required additional work. We conducted Sprint Retrospectives where the team identified lessons learned from the earlier sprints and applied them to future iterations to improve the overall process and increase business value. We used a combination of video-conference power days and co-location on both coasts to improve our collaboration and velocity.
To improve team morale, I used reporting we developed to bundle stories based on the frequency that they occur across the regulatory mandates. When we needed a boost, we groomed and re-prioritized lower-risk, high-frequency requirements purely in the interest in making the pile smaller.
In the end, we used Agile principles to hit our regulatory deadline (and budget), reduce risk while increasing business value and developed a process and reporting structure that can be leveraged across Compliance during future CMP integrations. As we continue to see a proliferation of Agile methodology in the software development space, I would encourage the business stakeholders to take note of the benefits and find ways to creatively apply Agile on their own.