Why regulation might be the best design brief a fintech product team ever gets
-
Moe Hachem - July 8, 2026
The standard relationship between fintech product teams and compliance is adversarial.
Compliance is the thing that slows the team down. It is the requirement that turns a simple flow into a verification sequence, the constraint that brings friction back into an experience the UX team spent weeks simplifying, and the reason a feature that looked ready in week four is still being debated in week eleven.
That frustration is understandable, but it is also incomplete.
Read properly, regulation can be one of the clearest design briefs a fintech product team receives.
Regulation usually defines the outcome, not the interface
A regulatory requirement does not usually tell a product team what the screen should look like. It tells the team what the product must be able to prove, prevent, detect, disclose, store, or escalate.
That distinction matters.
Know Your Customer and customer due diligence requirements are not a request for ugly onboarding. They are a requirement to verify identity, understand customer risk, and keep the necessary records. The CBUAE’s AML/CFT guidance for financial institutions, for example, frames CDD/KYC, ongoing monitoring, sanctions screening, and recordkeeping as operational obligations; the product question is how that obligation becomes a flow a real person can complete without losing trust in the service (CBUAE AML/CFT guidance for financial institutions).
Transaction monitoring requirements are not a request for a confusing back-office interface. They are a requirement to detect and manage suspicious patterns through policies, controls, procedures, and systems appropriate to the business (CBUAE transaction monitoring and sanctions screening guidance).
Audit trail and recordkeeping obligations are not a request for engineering clutter. They are a requirement that certain actions, states, decisions, and transaction histories can be reconstructed later.
In each case, the regulation is closer to a “what” than a “how.” The how is the product team’s work.
Constraint can make the design question sharper
The best product work often gets better when the constraint is real.
Without constraint, the design question is too open: what should we build? With constraint, the question becomes more useful: what is the clearest, safest, most coherent way to achieve this required outcome inside this product?
That is not a small shift.
“The user must understand their transaction status” is a vague product goal. “The user must understand which state their transaction is in, what information is required, whether manual review is happening, and what happens next” is a design brief.
The second version is harder, but it is also more precise.
This is where compliance can help product teams, provided it arrives early enough. It forces the team to define states, exceptions, decision rights, evidence, timing, permissions, and records. Those are product architecture questions before they are compliance questions.
What breaks when compliance arrives late
The failure pattern is familiar.
The team designs the happy path first. The onboarding is smooth, the transaction flow feels direct, and the core experience looks coherent. Then compliance requirements arrive downstream as mandatory fields, verification steps, additional screens, review delays, consent language, and exception handling.
The product still works, but it feels like two systems stitched together.
Users experience this as friction, although the real problem is not the existence of friction. Some friction is productive because it protects the user, the institution, and the integrity of the transaction.
The problem is incoherent friction: a verification step that appears without context, a required field with no explanation, a transaction state that changes without a clear next action, or a manual review delay that the interface treats like a technical error.
That is not a compliance problem. It is a design integration problem that compliance exposed.
The better sequence
When compliance is upstream of design, the product behaves differently.
The state model reflects regulatory reality before the UI is drawn. Exception flows are designed before the team falls in love with the happy path. Audit requirements shape the data model before the engineering team has to retrofit them. Compliance is no longer a layer added to the product; it becomes part of the product logic.
The UX team still has room to make verification feel clear. Engineering still has room to decide how records are stored, retrieved, and protected. Product still has to make prioritisation decisions.
The constraint has not removed the creative work; it has focused it.
The fintech teams I trust most treat compliance as a brief, not a gate. They ask: what must this product prove, what states does that create, what exceptions need to exist, who owns the decision, and where does the user need clarity?
Those questions make better products.
The Product Systems Audit maps this structure directly for fintech teams: the state model, the handoff between compliance requirements and product implementation, and the gap between where regulation arrives in the process and where it should.