Product Strategy in Regulated Industries: A Framework
Building great products in regulated industries requires a different approach to strategy — one that treats compliance as a design constraint, not
A significant portion of my product work has been in regulated industries: financial services with An Post Money, AA Ireland, FBD Insurance, and KBC; medical devices with LUMA Vision; and higher education with Trinity College Dublin. Each sector has its own regulatory framework, but there are consistent principles that I've found applicable across all of them.
Compliance as Design Constraint, Not Obstacle
The most common mistake teams make in regulated industries is treating compliance as something that happens after design — an external review process that catches problems late. This is expensive and demoralising. Designs get substantially reworked. Launches get delayed. Legal teams become adversaries rather than partners.
The better approach — which I used on both the LUMA Vision project (IEC 62366, FDA) and the An Post Money project (Central Bank of Ireland regulation) — is to map the regulatory requirements to design constraints at the start of the project. What must this product be able to do? What must it never do? What must be explicit, documented, and auditable? These constraints become design inputs, not design blockers.
Stakeholder Architecture in Regulated Environments
Regulated products typically have a more complex stakeholder map than consumer products. On a financial services project, the product team, the compliance team, the legal team, and the risk team all have legitimate interests in design decisions. On a medical device project, add clinical affairs, quality assurance, and regulatory affairs.
Managing this stakeholder complexity requires building alignment processes that are more structured than in a standard product development context. Decision logs, design rationale documentation, and explicit sign-off processes for regulatory-relevant features are not bureaucracy — they are the product team's protection against late-stage rework.
The Innovation Space in Regulated Products
Regulation does not prevent innovation. It defines the space within which innovation must happen. Some of the most genuinely creative product design work I've done has been in regulated contexts, because the constraints force a level of rigour and specificity that often produces better solutions than an unconstrained brief would.
The dynamic CVV security feature on the An Post Money app — which generates a new card verification code for each online transaction — is a good example. It's a genuinely innovative security feature that addresses a real consumer pain point (card fraud), and it was developed within a tightly regulated payments framework. The regulation didn't prevent the innovation; it defined the security standard that the innovation needed to meet.
