One of the biggest pressures facing financial institutions is that speed, compliance and customer experience have now become equally important, as Brendon Paul, COO at Sybrin, explains: “Customer sentiment has shifted towards instant, seamless interaction, while payments move towards zero charge, and in real-time (with fraud operating at the same pace). Regulators and auditors, meanwhile, are demanding stronger assurance and evidence of compliance.”
Faster delivery trade-off mistakes
When institutions try to accelerate delivery, some costly design trade-offs are often made. Friction is usually the first to go. However, blindly removing all friction, including the risk-based friction, may lead to fraud losses, remediation and reputational damage. Another is just addressing friction at the front-end and never getting to digitising the back-end.
“A chain is only as strong as its weakest link,” says Paul.
The balance between moving faster the next three months versus the next three years is an important consideration. If you want to just move fast now, build a bespoke, hard-coded solution; but if you want to move faster over a sustained period, then take some extra time to build re-usable components. “Decide whether the battle or the war is more important,” advises Paul.
Friction impact on customer experience
The impact is most obvious in onboarding and authentication journeys. “There’s something called passive liveness detection,” explains Paul. Instead of asking customers to perform visible actions, what he describes as unnecessary prompts, verification happens in the background. Used correctly, it reduces extra steps without weakening control. And then there are approval processes, which create a different kind of delay. According to Paul, this friction shows up as repeated document requests, unclear steps, failed verification with no recovery path and lockouts that require customers to visit call centres or branches. At its core, this is an identity design issue. “Identity should be a journey rather than a gate,” says Paul. For lower-risk customers, controls should adapt rather than block.
Compliance overhead
When innovation slows, regulation is often blamed. “It’s the interpretation and the operating model around compliance, more than the actual regulation itself,” says Paul. In practice, that plays out in how approvals are structured. Risk and compliance teams brought in late create rework or vetoes, and unclear approval policies add delay. When the same approval path is used for a small interface change and a material risk adjustment, proportionality is lost. “Checking the compliance tick box can take longer than building the feature itself,” adds Paul.
The same logic applies to the technology stack. Outdated software will be flagged during audit and lead to high-risk findings, which makes a clear software life cycle policy essential. “Technology really enables speed with proof. Relying on humans to interpret policy and compile evidence is not scalable,” he says. Generative AI, for example, can be used to produce the required traceability for compliance, including logs, versioning, test evidence and audit trails. Intelligent document processing automates data extraction, reducing manual input and lowering the risk of fraudulent or incorrect entries.
Governance and technology decisions are ultimately what shapes an institution’s digital trust foundation – how controls are embedded across onboarding, payments and ongoing monitoring. “The wrong implementation of digital trust foundations can restrict growth,” warns Paul. Blanket controls create needless friction for legitimate customers. The balance sits between false positives and false negatives, because blocking genuine customers restricts growth as much as letting fraudulent ones through increases risk. In practical terms, growth means acquiring good customers seamlessly while making the journey difficult for bad actors. For Paul, this is best achieved through a composable low-code platform with a configurable rules engine and orchestration layer.
Scaling with trust
Sybrin deploys pre-built, trust-enabled products and accelerators on a composable, API-enabled low-code platform. Configurations and extensions can be made without rebuilding journeys from scratch, with traceability and audit-friendly logs embedded from the outset. More than 100 institutions, primarily across Africa, use the platform across payments, hyperautomation, digital onboarding, fraud risk management and identification. ISO 27001 and ISO 9001 certifications reflect its approach to information security and quality control.
“Pick one high-impact end-to-end journey,” says Paul. Digital onboarding is often the logical starting point. Paul's advice is to replace blanket friction with step-up controls and design a deliberate exception path. Here, decision rights should be defined by risk tier, with clear service levels so low-risk changes move quickly and material risks are escalated appropriately.
Lastly, evidence should be generated as part of delivery rather than assembled afterwards, and teams need AI tools that build traceability and governance into the process itself. “You move forward when partnering with the right technology partner for your digital transformation,” he concludes. “So really, one needs to solve for how speed and trust can scale together.”
Share