In 2024, we were engaged by a global financial regulator to deliver four production systems. The work covered AI-powered data pipelines, legacy vendor replacement, enforcement case management, and a secure regulatory submissions portal.
At the end of the engagement, the ROI was independently assessed at 2.5x. That number is real and it was verified. But the lessons behind it are more useful than the number itself.
Lesson 1: Start inside the perimeter
Most technology vendors spend the first three months negotiating access. Security reviews, data classification, network architecture, VPN setup, compliance clearance. By the time the team can actually build, a quarter of the budget is gone.
We started inside the perimeter from week one. Not because we skipped the security process. Because we designed our operating model to pass it quickly. Our team already had the clearances. Our infrastructure was already compliant. Our tooling was already approved for regulated environments.
That three-month head start compounds. Every week of delivery that happens while another vendor would still be onboarding is a week of production value.
Lesson 2: Small teams, high trust
We delivered with a pod of four people. Not forty. Not fourteen. Four.
Every person on the team could talk directly to the regulator's operational staff. There was no project manager translating requirements between the business and the builders. The builders were the business analysts. The business analysts were the builders.
When your team is that small, there is nowhere to hide. Every person ships. Every person understands the domain. The feedback loop between “what does the regulator need” and “what does the code do” is one conversation, not a twelve-slide deck.
Lesson 3: Replace, do not renovate
One of the four systems was a legacy vendor replacement. The previous system had been maintained for years at significant cost. Every change required a vendor change request. Every release took weeks.
We did not try to fix it. We replaced it. End-to-end, in under six months. The new system was simpler, faster, and entirely owned by the regulator. No vendor lock-in. No change request fees. No dependency on external release cycles.
Sometimes the most expensive thing you can do is keep paying for something that does not work.
Lesson 4: AI works when the context is real
The AI data pipeline we built was not a generic ML model. It was purpose-built for supervisory data. Years of unstructured reports, inconsistent templates, and messy categorisations. The kind of data that no off-the-shelf tool can process because the structure is implied, not explicit.
Our AI inferred the structure from the data itself. It mapped categories that had drifted over years. It surfaced insights that analysts had been manually assembling for weeks.
The lesson: AI is not magic. It works when the context is specific and the problem is well-defined. Generic AI products fail in regulated environments because they do not understand the domain. Purpose-built AI succeeds because it does.
The 2.5x
The ROI came from compounding small advantages. Starting faster. Building with fewer people. Replacing instead of renovating. Using AI where it mattered, not where it was fashionable.
None of those things are revolutionary on their own. Together, they change the economics of regulated software delivery.