Part 7: Strategy and Implementation

Turning Technology into Compliance Capability

The preceding six parts of this textbook have covered what RegTech does — the specific technologies, frameworks, regulations, and ethical considerations that define the field. Part 7 addresses a different question: how do you actually build a RegTech program, implement it successfully, and demonstrate that it worked?

This is not a simple translation problem. The gap between understanding what compliance technology should do and successfully deploying it at scale — within budget, without disrupting operations, with measurable outcomes, in ways that earn organizational trust — is where most RegTech initiatives fail. The technical capabilities covered in Parts 1–6 are necessary but not sufficient. What is also required is strategic clarity, vendor management discipline, organizational change expertise, and the ability to translate compliance outcomes into business language.

Part 7 covers five interconnected dimensions of RegTech program success.

Chapter 35: Building a RegTech Program

Every RegTech program begins with choices that constrain everything that follows: what problem we are solving, how we define success, where we start, how we govern the program, and how we connect compliance technology investments to business strategy. Chapter 35 examines these foundational choices — the strategy, governance, and roadmapping questions that determine whether a RegTech program succeeds or becomes an expensive inventory of tools that no one fully uses.

The chapter introduces a RegTech program maturity model that helps institutions understand where they are and what a realistic next state looks like. It addresses the political economy of RegTech — why some programs succeed internally where equally capable programs fail — and provides practical frameworks for program governance, stakeholder management, and milestone definition.

Priya Nair's perspective anchors this chapter. Having spent years as a consultant helping institutions build compliance programs, Priya has developed a sharp view of what separates successful RegTech transformations from expensive failures. The chapter draws on her experience across multiple client engagements to illustrate both the structural requirements and the organizational dynamics that determine program outcomes.

Chapter 36: Vendor Selection and Implementation Management

Most institutions do not build their core RegTech capabilities from scratch — they buy them, configure them, and integrate them with existing systems. The vendor selection and implementation process is consequently one of the highest-stakes activities in a RegTech program: choosing the wrong vendor, negotiating weak contracts, or managing implementation poorly can waste millions of pounds or dollars and set compliance programs back by years.

Chapter 36 provides a rigorous framework for every stage of the vendor lifecycle: requirements definition, market assessment, RFP development, evaluation methodology, contract negotiation, implementation management, and ongoing relationship governance. It gives particular attention to the regulatory dimensions of vendor relationships — what DORA and the FCA CTP regime require in contracts, what due diligence must cover, and what governance structures are needed to manage vendor concentration risk.

Rafael Torres's consulting work is central to this chapter. His post-acquisition role has given him deep experience with vendor assessment and contract renegotiation — including the painful lessons learned when firms acquire platforms with inadequate contractual protections.

Chapter 37: Change Management for Compliance Transformation

Technology does not transform compliance programs. People do — or they don't. RegTech implementations fail at the organizational level — not the technical level — when the humans who need to use, trust, and govern the new systems are not engaged, trained, supported, or given the right incentives. Chapter 37 addresses the change management discipline specifically as it applies to compliance technology transformation.

The chapter covers the specific change dynamics of compliance transformation: why compliance professionals may resist automation that appears to threaten their judgment; how to engage business functions whose workflows change significantly; how to communicate with senior leadership and boards about compliance technology initiatives; and how to sustain adoption when initial enthusiasm fades.

Maya Osei's experience anchors this chapter. Her first year as CCO at Verdant Bank has required her to manage multiple technology transitions simultaneously — some initiated before her tenure, some she has driven herself. The chapter draws on Maya's experience to illustrate both the strategic communication challenges and the operational realities of compliance transformation.

Chapter 38: RegTech ROI

How do you measure the value of not getting fined? How do you quantify the benefit of catching money laundering before it produces a regulatory failure? How do you communicate compliance investment to a CFO who is used to seeing return on investment in revenue or cost reduction terms?

Chapter 38 tackles the measurement problem head-on — providing practical frameworks for quantifying the costs and benefits of RegTech investments, building the business cases that justify them, and communicating results in terms that resonate with financial leadership, boards, and investors. The chapter covers both the technical mechanics of ROI calculation and the narrative dimension: how to tell a compelling story about compliance value that goes beyond avoiding regulatory penalties.

The chapter is grounded in honest assessment of what is and is not measurable, and provides guidance on how to handle the genuine uncertainty that surrounds compliance ROI calculation without abandoning the effort to quantify.

Chapter 39: The Future of RegTech

RegTech is not a stable technology category — it is a moving target, shaped by the continuous evolution of both regulation and technology. Chapter 39 surveys the leading edges of where the field is heading: supervisory technology (SupTech) and what it means for institutions when regulators have their own data analytics capabilities; the prospect of digital regulation and machine-executable rules; the impact of large language models on regulatory intelligence and compliance workflow; and the longer-term structural questions about the relationship between automated compliance and democratic governance of financial markets.

The chapter closes with Priya, Maya, and Rafael looking ahead — a deliberate reflection on what the next iteration of their careers, and the next iteration of this field, might look like.

What Unifies Part 7

The five chapters of Part 7 share a common thread: the conviction that technology is not the answer to the compliance challenge — it is a tool in service of answers that must be human in origin. A well-designed RegTech program requires strategic leadership, organizational skill, commercial discipline, and the ability to translate between the language of technology and the language of institutional purpose.

The compliance professional who masters these capabilities is not the one who understands algorithms best. It is the one who can use technology as leverage for genuinely better compliance outcomes — and who can convince their institution that the investment is worth it.

Part 7 Learning Objectives

Upon completing Part 7, you will be able to:

  1. Design a RegTech program strategy, including maturity assessment, stakeholder mapping, governance structure, and implementation roadmap
  2. Conduct rigorous vendor evaluation and selection, including due diligence, contract negotiation, and regulatory compliance assessment
  3. Apply change management frameworks specifically adapted to compliance technology transformation
  4. Quantify and communicate the ROI of RegTech investments across multiple dimensions (cost efficiency, risk reduction, regulatory relationship, capital optimization)
  5. Analyze emerging RegTech trends — SupTech, digital regulation, LLM-powered compliance — and assess their implications for near-term program planning
  6. Integrate the strategic and implementation dimensions of RegTech with the technical, ethical, and regulatory foundations covered in Parts 1–6

Recurring Themes

Technology as leverage, not substitution. The most effective RegTech programs use technology to amplify human judgment, not to replace it. This distinction matters for program design, vendor selection, and change management.

The political economy of compliance investment. RegTech programs compete for budget, attention, and organizational energy against other priorities. Success requires understanding and navigating this competition — building coalitions, demonstrating value, and sustaining momentum.

The implementation gap. The difference between a well-conceived RegTech strategy and a successful RegTech program is the implementation — vendor management, change management, project governance, and ongoing operational management. This gap is where most programs encounter their most serious challenges.

Measurement as communication. ROI measurement is not just a financial exercise — it is a communication exercise. The goal is not to produce a precise number; it is to tell a credible, compelling story about compliance value that resonates with the institution's leadership.

Part 7 concludes the main narrative of the book. The skills covered here — strategy, implementation, measurement, and horizon-scanning — complete the circle from understanding what RegTech is (Part 1) to knowing how to build it successfully (Part 7).

Chapters in This Part