Morson Edge Newsroom

The regulatory moat: Why the best leaders stop ticking boxes and build barriers to entry

Signal:Noise

01.07.2026

What if compliance wasn’t a cost of doing business, but one of your biggest competitive advantages?

I’ve seen it a hundred times. Someone says the word compliance in a boardroom, and you can almost hear the eyes rolling.

For a lot of leaders, Risk and Compliance is a handbrake. A cost centre. The department that exists to stop the business doing anything interesting.

After years of placing Governance, Risk and Compliance (GRC) specialists, and a lot of conversations with the women who run these functions on my podcast, Women Who Make It Happen, I think that view is costing companies more than they realise.

The leaders who get it do not treat regulation as a tax. They treat it as a moat. Get the rigour right and you can move faster than your competitors, because you are not constantly looking over your shoulder.

Here are four lessons from the people who build those moats for a living.

1. Rigour as a survival tool

Clare Pearson once walked into a business that was on the brink. A nationwide franchise model with the finances held together by Excel spreadsheets and cash moving around with no real control. A regulator’s fine was coming, and it was big enough to end the company.

She rebuilt the process from the ground up and put real governance in place. This was not tidying up. It was the difference between the business surviving the year and not.

“I was asked to come into a business to help them. They were about to receive a fine actually from a regulator and it was substantial. It went from like 40 million down to a million. They were on that brink of if they’d have had that applied they would have essentially been collapsed.”

By her account, governance took a near fatal fine from around £40 million to roughly £1 million. That is the point a lot of boards miss. Good GRC is not an abstract exercise. Sometimes it is the only reason the business is still trading next year.

2. From tick boxes to data driven intelligence

Vicky Stubbs has run compliance from the Bank of England to the boardrooms of major banks. She went from leading a team of 200 at the Cambridge Building Society to a world of tens of thousands at Barclays. At that scale, you cannot run compliance on anecdotes and gut feel.

Her view is that the old model is finished. Compliance used to be a legalistic checklist: tick the boxes, hope the regulator stays away. The future is measurement.

“What you’ve seen in the compliance industry has evolved from what was historically a very kind of legalistic tick-box approach… to conduct risk. I’d love it to get to the point where conduct risk is as data-driven as credit risk.”

Banks already measure credit risk with real precision. Vicky’s argument is that conduct risk should be held to the same standard, using finance and customer data to catch a failing process before it becomes a scandal. Done that way, risk stops being a chore and starts producing intelligence the business can act on.

To find out more, watch the episode below, hosted by Sue Saunders, where Vicky Stubbs describes how compliance evolved from a legalistic, tick-boxes process into a data-driven powerhouse.

3. Growing safely is the only way to scale

The fintech world loves the phrase “move fast and break things.” Karen Connell, who has worked across Barclays, M&G and Paysafe, has seen where that approach runs out of road.

Karen has built controls into high stakes, emerging markets: Africa, Dubai, complex products like digital assets. In those environments, a robust licence and genuine controls are not red tape. They are the barrier that keeps less rigorous competitors out.

As Karen said in her episode, titled ‘5 Lessons from Karen Connell’s Global Fintech Career’:

“A company will only be successful if it can grow safely and execute safely on behalf of its customers and deliver products that work. That frame of mind to bake in effective controls and risk management to everything that you do is really important.”

Bake the controls into how the business actually operates and you set a standard the cowboys cannot meet. That is the moat. The rigour lets you operate in markets they cannot touch.

4. See the iceberg early

If you only react to a regulation when it lands on your desk, you have already lost the advantage.

Ellen Watson-Hicks treats risk as a way to allocate resources, not as policing. She calls it horizon scanning: knowing what is coming in three to five years and helping the board move the pieces today, before the business hits something it could have seen.

In her episode, Ellen said:

“Risk management done well really adds value… helping the organisation to understand what are the risks to achieving our strategy therefore where do we need to allocate our resources. Is there some course correction necessary?”

Done well, risk becomes a proactive partner to strategy rather than a brake on it.

The people are the moat

A regulatory moat is only as strong as the people who build it. You can buy the best software on the market, but without the right specialists in the room, it will have holes in it.

Turning rigour into an advantage takes a particular kind of leader. The ones who can walk into a mess of spreadsheets and franchise chaos and come out the other side with a business that is still standing, and tens of millions better off.

That is the talent we look for. At Morson Edge, we help banks, insurers and fintechs find the risk and compliance specialists who know how to grow safely, whether that is a permanent hire, an interim, or an executive search.

If you want to stop ticking boxes and start building a barrier to entry, let’s talk. You can find out more on our Morson Edge Financial Services page.

So, an honest question for your next board meeting: is risk still a handbrake? Or are you building a moat?

Author:
Michelle Khan
Director of Risk and Banking

View Profile
To top