It\u2019s no secret that banks and fintech companies must meet compliance and regulatory standards that are much stricter than what traditional tech companies are forced to comply with. The question becomes: How do you meet strict regulatory and compliance standards while keeping up with the rapid pace of innovation in technology?\n\nAs the vice president of enterprise architecture and technology strategy at Discover Financial Services, I think about this question often as we work to design our tech stack. I\u2019ve come to believe that technology teams in regulated industries need to move beyond DevSecOps and embrace what I\u2019ll term DevSecRegOps.\n\nDevSecOps refers to development, security, and operations. As a practice, DevSecOps is a way to engrain practices in your SDLC that ensures security becomes a shared responsibility throughout the IT lifecycle.\n\nDevSecRegOps takes DevSecOps a step further by ensuring security and regulatory demands are the responsibility of every team at key development steps of the IT lifecycle. We\u2019re in the early phases of adopting this mindset at Discover, but I believe the best way to achieve it is to design with regulation in mind, automate regulatory compliance, build regulatory compliance as code, and change the culture so that everyone who works at Discover feels responsible for compliance and meeting our regulatory obligations.\n\nDesign for regulation\n\nThe architects in charge of designing a company\u2019s overarching infrastructure and applications must design for compliance up front so that teams don\u2019t have to scramble to meet regulatory requirements at the end of a development lifecycle.\n\nTo do this, companies must ensure that architects and engineers have easy access to relevant regulatory standards, company policies, and industry best practices so they can ensure what they\u2019re designing meets those standards from the start. Creating and enforcing these expectations across your team of architects is imperative to ensuring regulatory compliance.\n\nAutomate compliance\n\nAutomating compliance and regulatory checks is the most effective way to ensure compliance standards are met. One way to achieve this is to build regulatory checks into your CI\/CD pipeline to ensure consistent compliance with auditable trails. Ideally, ensuring these compliance checklists trigger a failure close to the beginning of the SDLC ensures you don\u2019t get to the end and realize you\u2019re not compliant.\n\nEngrain DevSecRegOps into your development culture\n\nLike many other development practices, including security and reliability, it\u2019s imperative to shift left on DevSecRegOps, ensuring the entire organization feels responsible for meeting regulatory standards and requirements.\n\nCreating a development culture that embraces compliance starts with executive buy-in, comprehensive training across teams, and processes and tests that assess and enforce regulatory compliance culture.\n\nCompliance as a practice\n\nEnsuring customers can access their finances and financial information in a secure, reliable way builds trust with our customers. Embracing regulatory compliance as part of the development lifecycle ensures that we can continue to scale our card, banking, and loan services in a way that best serves our customers.\n\nVisit Discover Technology to learn how Discover developers approach application development.