Co-evolving Compliance and Innovation - A Socio-Technical and Regulatory Perspective

Abstract

Over the past two decades, financial services have undergone profound digital transformation driven by FinTech innovation, data-driven business models, and increasing regulatory complexity. This has challenged the traditional assumption that regulatory compliance and innovation operate as separate and opposing organisational functions. While compliance has historically been conceptualised as a static, control-oriented mechanism that constrains innovation, contemporary financial systems increasingly demonstrate a more integrated and dynamic relationship between the two domains.

This paper develops a socio-technical and institutional explanation of this relationship by proposing the Compliance–Innovation Co-Evolution Model (CICEM). Drawing on interpretivist information systems research and abductive theory-building, the study synthesises interdisciplinary literature from financial regulation, innovation management, enterprise architecture, and governance theory. The model conceptualises compliance, innovation, regulation, and technology as interdependent systems that co-evolve through continuous feedback loops embedded within organisational and technological infrastructures.

The findings demonstrate that compliance has shifted from an ex-post control function to an embedded, automated, and continuous capability within digital systems, largely enabled by Regulatory Technology (RegTech). Innovation, rather than being constrained by regulation, is increasingly shaped, channelled, and structured by regulatory and architectural constraints. Enterprise Architecture emerges as a key mediation layer that translates regulatory requirements into technical design while simultaneously enabling modular and scalable innovation.

The paper contributes to theory by reframing compliance as a socio-technical capability, extending co-evolution theory to regulated digital environments, and repositioning enterprise architecture as a governance infrastructure. Practically, it suggests that financial institutions should move toward integrated governance models in which compliance and innovation are designed as mutually reinforcing system properties rather than competing organisational priorities.

Overall, the study advances a unified socio-technical perspective in which compliance and innovation co-evolve within dynamically adaptive regulatory, organisational, and technological systems.

1. Introduction

In digitally transformed financial systems, regulatory compliance is no longer enforced primarily through institutional oversight but increasingly executed through technological infrastructure. As regulatory logic becomes embedded within code, data architectures, and automated decision systems, the traditional boundary between governance and operation begins to dissolve (Arner, Barberis and Buckley, 2017; Yoo, Henfridsson and Lyytinen, 2010).

This shift has profound implications for how the relationship between compliance and innovation is understood. Rather than representing competing organisational priorities—one oriented toward control and the other toward exploration—compliance and innovation are increasingly co-produced through the same socio-technical systems that govern financial activity (Nambisan, Wright and Feldman, 2019).

Yet, despite these structural transformations, much of the existing literature continues to rely on theoretical models that treat compliance as an external constraint on innovation. This paper argues that such models are no longer adequate, and that a fundamentally different conceptualisation is required—one that recognises compliance and innovation as dynamically interdependent and infrastructurally embedded processes.

Accordingly, this study develops the Compliance–Innovation Co-Evolution Model (CICEM), which theorises compliance and innovation as co-evolving, infrastructure-mediated processes shaped through recursive interactions between regulatory frameworks, organisational governance, and technological architectures.

1.1 Context and Motivation

Over the past two decades, the financial services industry has undergone a profound transformation driven by digitalisation, platform-based business models, and the rapid expansion of financial technology (FinTech) ecosystems (Gomber et al., 2018; Vial, 2019). These developments have fundamentally altered the structural conditions under which financial institutions operate, reshaping not only market dynamics but also the relationship between organisational governance and technological innovation (Philippon, 2016; Thakor, 2020).

Within this evolving landscape, regulatory compliance has become increasingly complex, driven by expanding regulatory frameworks, heightened supervisory expectations, and the growing systemic importance of data-driven financial infrastructures (Arner, Barberis and Buckley, 2017). At the same time, firms are under continuous pressure to innovate in order to remain competitive in environments characterised by rapid technological change and shifting customer expectations (Nambisan, Wright and Feldman, 2019).

Traditionally, compliance and innovation have been conceptualised as distinct and often conflicting organisational domains. Compliance has been associated with control, risk mitigation, and procedural stability, while innovation has been linked to experimentation, flexibility, and value creation (March, 1991; Tushman and O’Reilly, 1996). This distinction has been reinforced by governance structures and regulatory frameworks that prioritise stability and standardisation, particularly in the aftermath of financial crises (Power, 2007; Basel Committee on Banking Supervision, 2011).

However, this conventional framing is increasingly challenged by the realities of digitally transformed financial systems.

1.2 Digital Transformation and the Collapse of Functional Boundaries

Contemporary financial institutions operate within highly integrated socio-technical environments characterised by cloud computing, artificial intelligence, real-time data processing, and platform-based service architectures (Yoo, Henfridsson and Lyytinen, 2010; Vial, 2019). In such contexts, organisational functions that were previously separable—such as compliance, risk management, and innovation—are becoming structurally intertwined through shared technological infrastructures.

A key implication of this transformation is that compliance is no longer enacted solely through ex-post verification mechanisms such as audits and reporting. Instead, it is increasingly embedded within digital systems and operationalised through automated processes, data architectures, and algorithmic decision-making (Arner, Barberis and Buckley, 2017; Anagnostopoulos, 2018). This shift reflects a broader transition from compliance as a discrete organisational function to compliance as a continuous, system-level capability.

From a socio-technical perspective, this development challenges traditional assumptions about the separation of governance and operation. Organisational outcomes are no longer determined solely by managerial decision-making, but by the interaction between institutional rules, technological systems, and organisational practices (Baxter and Sommerville, 2011). As a result, the boundary between compliance and innovation becomes increasingly blurred.

1.3 Regulatory Evolution and Institutional Adaptation

Regulatory institutions have also undergone significant transformation in response to technological disruption. Traditional command-and-control models of regulation are increasingly supplemented by adaptive and experimental approaches, including regulatory sandboxes, innovation hubs, and data-driven supervisory tools (Zetzsche et al., 2017; Fenwick, McCahery and Vermeulen, 2017).

These developments reflect a broader shift toward reflexive and adaptive regulation, in which regulatory systems evolve in response to technological and market change rather than remaining static (Black, 2002). Regulatory sandboxes, for example, enable firms to test innovative financial products within controlled environments, reducing uncertainty while facilitating learning for both regulators and market participants (Alaassar, Mention and Aas, 2020).

Such mechanisms indicate that regulation is no longer external to innovation processes but increasingly co-evolves with them. This challenges the assumption of regulatory rigidity and suggests that compliance may function not only as a constraint but also as a structuring and enabling mechanism within innovation systems.

1.4 Emergence of RegTech and Digital Compliance Systems

A central driver of the convergence between compliance and innovation is the emergence of Regulatory Technology (RegTech). RegTech refers to the application of digital technologies—such as machine learning, natural language processing, and distributed ledger systems—to regulatory and compliance processes (Arner, Barberis and Buckley, 2017; Anagnostopoulos, 2018).

RegTech fundamentally transforms the nature of compliance by shifting it from a manual, interpretive activity to an automated, data-driven capability embedded within digital infrastructures. Applications such as real-time transaction monitoring, automated reporting, and AI-driven risk detection illustrate how compliance logic is increasingly encoded into software systems (Butler and O’Brien, 2019).

This transformation has important theoretical implications. When compliance is embedded within system architecture, it ceases to function as an external constraint and instead becomes an integral component of operational processes. In this sense, compliance is not imposed on innovation but co-produced through the same technological systems that enable it.

1.5 From Separation to Co-Evolution

Despite increasing recognition of the convergence between compliance and innovation, existing literature remains fragmented across several domains. Information systems research has focused on digital transformation and IT governance (Vial, 2019), regulatory studies have examined institutional adaptation (Scott, 2014), and innovation literature has explored firm-level capabilities (Teece, 2007).

However, these perspectives are rarely integrated into a unified framework that captures the dynamic interaction between regulatory, organisational, and technological systems. As a result, existing theories tend to:

• treat compliance as external to technological systems

• overlook the role of infrastructure in governance processes

• under-theorise the recursive relationship between regulation and innovation

This fragmentation limits our ability to understand how compliance and innovation interact in digitally transformed environments.

1.6 Theoretical Gap

Despite growing recognition of the convergence between compliance and innovation, existing literature remains fragmented across several domains:

• Information Systems research focuses on digital transformation and IT governance (Vaya-Arboledas et al, 2025; Hamidan et al., 2025, Chen et al. 2025, Henderson and Venkatraman, 1993)

• Regulatory studies emphasise institutional adaptation and supervisory mechanisms (Figueredo et al., 2026; Ley et al., 2026; Singh et al. 2025; Scott, 2014)

• Innovation literature focuses on firm-level capabilities and dynamic capabilities (Sanjay et al., 2025; Calderon-Monge et al., 2024; Sun et al., 2024; Teece, 2007)

• GRC research addresses organisational risk and compliance integration (Maulana et al., 2023; Pinto et al, 2025; Racz, Weippl and Seufert, 2010)

However, these streams are rarely integrated into a unified explanatory framework that captures the dynamic interaction between compliance and innovation as co-evolving systems.

This represents a significant conceptual gap in understanding how regulatory, organisational, and technological systems interact in digitally transformed financial environments.

1.7 Research Aim and Questions

In response to this gap, this study aims to develop a conceptual framework that explains the co-evolution of compliance and innovation within financial services. Specifically, it seeks to answer the following research questions:

1. How has the relationship between compliance and innovation evolved in digitally transformed financial systems?

2. Through what mechanisms does compliance enable, constrain, or structure innovation?

3. How do regulatory, organisational, and technological systems mediate this relationship?

1.8 Contribution of the Study

This study makes three primary contributions.

First, it reconceptualises compliance and innovation as co-evolving socio-technical processes, challenging traditional dualistic perspectives that treat them as competing organisational functions.

Second, it integrates fragmented literature across information systems, regulatory governance, and innovation theory into a unified conceptual framework.

Third, it introduces the Compliance–Innovation Co-Evolution Model (CICEM), which explains how regulatory structures, organisational governance, and technological infrastructures jointly shape compliance–innovation dynamics.

In doing so, the study contributes to ongoing debates on digital governance, enterprise architecture, and the role of technology in shaping institutional processes (Yoo, Henfridsson and Lyytinen, 2010; Ross, Weill and Robertson, 2006).

1.9 Structure of the Paper

The remainder of this paper is structured as follows. Section 2 reviews the literature on compliance, innovation, regulatory adaptation, and RegTech. Section 3 outlines the methodological approach and theoretical foundations. Section 4 develops the Compliance–Innovation Co-Evolution Model (CICEM). Section 5 applies the model to banking environments. Section 6 discusses theoretical and practical implications. Section 7 concludes and identifies directions for future research.

2. Literature Review

2.1 Introduction: Fragmentation in Existing Research

The relationship between regulatory compliance and innovation in financial services has been extensively examined across multiple disciplines, including information systems, financial regulation, innovation management, and organisational theory. However, despite this breadth of scholarship, the literature remains highly fragmented, with limited theoretical integration across domains.

Broadly, existing research tends to treat compliance and innovation either as opposing forces, loosely connected processes, or separately evolving institutional logics. This fragmentation has limited the development of a unified theoretical explanation of how compliance and innovation interact within digitally transformed financial systems.

This section synthesises the literature across four key domains:

1. Traditional compliance–innovation dualism (Blind, 2016)

2. Adaptive regulatory systems and institutional change (Fenwick, 2017, Zetzsche 2020;)

3. Regulatory Technology (RegTech) and digital compliance (Arner 2017; Anagnostopoulos, 2018)

4. Governance, Risk, and Compliance (GRC) integration

The aim is to establish the conceptual foundation for a co-evolutionary perspective.

2.2 Traditional Dichotomy: Compliance Versus Innovation

Early organisational and regulatory literature conceptualises compliance and innovation as structurally incompatible functions. Compliance is typically associated with risk reduction, procedural control, and organisational stability, while innovation is associated with uncertainty, experimentation, and value creation (Power, 2007; Tushman and O’Reilly, 1996).

This distinction aligns with classical organisational theory, particularly March’s exploration–exploitation framework, which highlights the inherent tension between efficiency-oriented control systems and exploratory innovation processes (March, 1991). In this view, compliance is closely aligned with exploitation, while innovation corresponds to exploration (Benner and Tushman, 2001).

Within financial institutions, this dichotomy is reinforced by formal governance structures, including audit regimes, enterprise risk management frameworks, and prudential regulation such as Basel capital requirements (Basel Committee on Banking Supervision, 2011; Avgouleas and Cullen, 2015). These structures have historically positioned compliance as a cost-centre function that constrains organisational flexibility and slows decision-making (Power, 2007; Mikes, 2009).

Similarly, strategic alignment literature conceptualises organisational design as a balancing act between IT control and business innovation, reinforcing the assumption that governance mechanisms inherently limit agility (Henderson and Venkatraman, 1993; Tallon, Kraemer and Gurbaxani, 2000).

However, this dualistic framing increasingly fails to explain the behaviour of digitally transformed financial systems, where compliance and innovation are becoming interdependent through data-driven architectures and embedded regulatory technologies (Arner, Barberis and Buckley, 2017; Gomber et al., 2018).

2.3 Adaptive Regulation and Institutional Transformation

Recent literature in regulatory studies highlights a shift from static, rule-based regulation toward adaptive and reflexive regulatory systems. This shift reflects increasing complexity in financial markets, driven by digitalisation, platform ecosystems, and FinTech innovation.

A central development in this transformation is the emergence of regulatory sandboxes, which allow firms to test innovative financial products under controlled supervisory conditions. These initiatives were first introduced by the Financial Conduct Authority (FCA) and have since been adopted globally.

Empirical research suggests that regulatory sandboxes facilitate:

• Reduced regulatory uncertainty

• Accelerated innovation cycles

• Improved regulator–industry learning mechanisms

• Controlled experimentation in live environments

(Alaassar, Mention and Aas, 2020; Zetzsche et al., 2017)

More broadly, this reflects a transition toward reflexive regulation, where regulatory systems adapt dynamically in response to technological and market developments (Black, 2002). In this model, regulation is no longer external to innovation but co-evolves with it.

This challenges the traditional assumption of regulatory rigidity and suggests that compliance can function as an adaptive institutional mechanism.

2.4 Regulatory Technology (RegTech) and Digital Compliance Transformation

A significant development in the convergence of compliance and innovation is the emergence of Regulatory Technology (RegTech). RegTech refers to the application of digital technologies such as machine learning, artificial intelligence, cloud computing, and distributed ledger systems to regulatory and compliance processes (Arner, Barberis and Buckley, 2017).

RegTech fundamentally transforms the nature of compliance by shifting it from a manual, interpretive process to an automated, data-driven system embedded within digital infrastructures. Key applications include:

• Real-time transaction monitoring

• Automated regulatory reporting

• AI-driven fraud detection systems

• Continuous compliance validation

This transformation has two important implications.

First, it reduces the operational burden of compliance by automating traditionally labour-intensive processes. Second, it embeds compliance logic directly into technological architectures, thereby shifting compliance from an organisational function to a system-level property.

From an information systems perspective, this represents a shift toward socio-technical embedding, where regulatory constraints are operationalised through software systems rather than human interpretation alone.

2.5 Governance, Risk, and Compliance (GRC) Integration

Another important strand of literature focuses on the integration of Governance, Risk, and Compliance (GRC) functions within organisations. Traditionally, these domains have been managed as separate silos, often leading to inefficiencies, duplication of effort, and misaligned incentives.

Integrated GRC frameworks aim to address these challenges by creating unified governance structures that:

• Align compliance with strategic objectives

• Provide enterprise-wide risk visibility

• Embed compliance into operational workflows

• Enable continuous monitoring and feedback loops

(Racz, Weippl and Seufert, 2010)

More recent developments in AI-enabled GRC systems further extend this integration by enabling predictive risk modelling, automated policy enforcement, and real-time compliance analytics.

In this context, compliance is increasingly conceptualised as a continuous computational process rather than a periodic audit function.

This reflects a broader shift toward algorithmic governance, where decision-making and control processes are increasingly mediated by computational systems.

2.6 Compliance as an Enabler of Innovation

A growing body of literature challenges the assumption that compliance necessarily constrains innovation. Instead, it suggests that compliance can actively enable innovation under specific institutional and organisational conditions.

Three primary enabling mechanisms are identified.

(1) Trust Creation Mechanism

Strong compliance systems enhance trust among key stakeholders, including customers, regulators, and investors. This trust reduces perceived risk and increases the likelihood of adoption of innovative financial products.

Institutional theory suggests that legitimacy is a critical resource for organisations operating in highly regulated environments (Scott, 2014). Compliance thus contributes to legitimacy formation, which in turn supports innovation diffusion.

(2) Risk Reduction Mechanism

Clear regulatory frameworks reduce uncertainty by defining acceptable boundaries for innovation. This reduces the risk premium associated with investment in new technologies and encourages experimentation within defined constraints.

From a dynamic capabilities perspective, regulatory clarity enhances firms’ ability to allocate resources toward innovation under conditions of uncertainty (Teece, 2007).

(3) Structural Enablement Mechanism

Regulatory frameworks often define interoperability standards, data requirements, and operational boundaries that enable ecosystem-level innovation. Rather than constraining firms individually, regulation can create shared infrastructure conditions that facilitate collective innovation.

This is particularly evident in open banking regimes and API-based financial ecosystems.

2.7 Persistent Structural Constraints

Despite increasing convergence between compliance and innovation, several structural constraints remain.

Technological Constraints

Legacy IT systems remain a significant barrier to compliance automation and real-time regulatory integration. Many financial institutions operate hybrid infrastructures that limit system interoperability and data transparency.

Organisational Fragmentation

Compliance, risk, IT, and business functions remain structurally siloed in many organisations, leading to coordination inefficiencies and delayed decision-making.

Regulatory Lag

Technological innovation often progresses faster than regulatory adaptation, creating temporal mismatches between system capabilities and supervisory frameworks.

Cultural and Institutional Inertia

Organisational resistance to change, particularly in highly regulated financial institutions, slows the adoption of integrated compliance–innovation models.

These constraints highlight that convergence is not automatic but depends on institutional maturity and technological readiness.

2.8 Theoretical Synthesis: Toward a Co-Evolutionary Perspective

The literature can be synthesised into three dominant theoretical perspectives:

(1) Conflict Perspective

Compliance and innovation are fundamentally opposing forces, with compliance constraining exploratory innovation (March, 1991; Henderson and Venkatraman, 1993).

(2) Enabling Perspective

Compliance provides structure, legitimacy, and risk reduction that enable innovation under controlled conditions (Scott, 2014; Teece, 2007).

(3) Co-Evolutionary Perspective

Compliance and innovation evolve through reciprocal adaptation within socio-technical systems, shaped by continuous interaction between regulatory, organisational, and technological forces (Lewin and Volberda, 1999).

This paper adopts the co-evolutionary perspective, arguing that compliance and innovation are mutually constitutive processes embedded within dynamic institutional environments.

2.9 Transition to Methodology

Building on this synthesis, the following section outlines the methodological approach used to develop the Compliance–Innovation Co-Evolution Model (CICEM), including its interpretive research design, literature synthesis process, and abductive theory-building logic.

3. Methodology

3.1 Research Design and Epistemological Positioning

This study adopts a qualitative, interpretivist research design grounded in socio-technical systems theory and institutional theory. The objective is theory development rather than hypothesis testing or statistical generalisation. Specifically, the study seeks to develop a conceptual explanation of how compliance and innovation co-evolve within digitally transformed and highly regulated financial systems.

The interpretivist paradigm is appropriate for this inquiry because the phenomena under investigation—compliance, innovation, and regulatory adaptation—are socially constructed, context-dependent, and embedded within institutional and technological environments. These phenomena cannot be fully understood through positivist, variable-based approaches, which assume stable and measurable causal relationships.

Instead, this study aligns with interpretive information systems research traditions, which emphasise meaning construction, contextual embeddedness, and theory building from rich secondary and conceptual data sources (Walsham, 1995).

Within this epistemological stance, organisational reality is understood as emergent and continuously negotiated rather than objectively fixed. Compliance and innovation are therefore treated as relational constructs shaped through interactions between institutions, technologies, and organisational actors.

3.2 Research Strategy: Abductive Theory-Building Logic

The study follows an abductive research strategy, consistent with theory-building approaches in qualitative information systems research. Abduction involves iterative movement between empirical observation (in this case, literature evidence), existing theory, and emerging conceptual explanations.

Rather than testing predefined hypotheses, the study develops theoretical propositions through continuous refinement of explanatory constructs. This approach is particularly suited to under-theorised domains where existing literature is fragmented and lacks integrative frameworks.

The research therefore adopts a middle-range theory-building approach, aiming to produce an analytically generalisable framework rather than universal laws. The outcome of this process is the Compliance–Innovation Co-Evolution Model (CICEM), which functions as a sensitising and explanatory framework rather than a deterministic model.

This approach is consistent with prior interpretive IS research, which emphasises iterative theory development grounded in conceptual synthesis (Myers, 1997; Walsham, 2006).

3.3 Data Sources: Secondary and Conceptual Evidence Base

Given the conceptual nature of the research, the study relies exclusively on secondary data sources. The primary dataset consists of peer-reviewed academic literature and authoritative institutional publications across the following domains:

• Information Systems and digital transformation

• Financial regulation and supervisory governance

• Innovation management and organisational theory

• Governance, Risk, and Compliance (GRC) literature

• FinTech and Regulatory Technology (RegTech) research

Sources were selected based on three criteria:

1. Scholarly credibility, prioritising peer-reviewed journal publications

2. Theoretical relevance, focusing on compliance, innovation, and digital governance

3. Recency and influence, with emphasis on post-2010 publications and highly cited works

Institutional and regulatory reports were also included to ensure alignment with contemporary regulatory practice, particularly from authorities such as the European Central Bank (ECB) and the Financial Conduct Authority (FCA).

This multi-source approach is consistent with qualitative theory-building research, which often integrates academic and institutional knowledge bases to develop robust conceptual frameworks (Yin, 2018).

3.4 Literature Analysis Method: Thematic Synthesis

The analysis of the literature followed a structured thematic synthesis approach, which is widely used in qualitative research to develop higher-order conceptual models from heterogeneous sources.

The process was conducted in four iterative stages:

Stage 1: Open Coding

The literature was systematically reviewed to identify recurring concepts and patterns related to compliance, innovation, regulation, and technology. Initial codes included:

• Compliance automation

• Regulatory adaptation

• Innovation governance

• Digital risk management

• Enterprise architecture integration

• RegTech systems

Stage 2: Axial Coding and Thematic Grouping

Initial codes were grouped into higher-order categories reflecting structural dimensions of the compliance–innovation relationship:

• Regulatory evolution and reflexivity

• Technological embedding of compliance

• Organisational governance fragmentation

• Innovation under regulatory constraint

• Socio-technical governance systems

Stage 3: Pattern Identification and Cross-Thematic Comparison

Relationships between themes were analysed to identify recurring tensions, complementarities, and structural dependencies. Particular attention was paid to:

• Control versus flexibility tensions

• Standardisation versus innovation dynamics

• Centralisation versus decentralisation in governance systems

This stage enabled identification of systemic patterns rather than isolated thematic insights.

Stage 4: Conceptual Abstraction

Emergent themes were abstracted into higher-order theoretical constructs, forming the building blocks of the CICEM framework. This involved iterative refinement of causal relationships between regulatory systems, organisational structures, and technological infrastructures.

This approach is consistent with grounded theory-inspired abstraction techniques used in interpretive IS research (Glaser and Strauss, 1967; Strauss and Corbin, 1998).

3.5 Analytical Lens: Socio-Technical Systems and Institutional Theory

The analysis is grounded in two complementary theoretical lenses:

3.5.1 Socio-Technical Systems Theory

Socio-technical systems theory conceptualises organisational outcomes as the result of interactions between social and technical subsystems (Baxter and Sommerville, 2011). In financial services, this implies that compliance and innovation are not separate domains but are jointly produced through interactions between:

• Digital infrastructures (e.g., cloud platforms, AI systems)

• Organisational structures (e.g., governance, risk functions)

• Regulatory frameworks (e.g., supervisory rules and standards)

This perspective enables a shift from viewing compliance as an external constraint to understanding it as an embedded system property.

3.5.2 Institutional Theory

Institutional theory provides a complementary perspective by explaining how organisational behaviour is shaped by formal rules, norms, and cognitive frameworks (Scott, 2014). Financial institutions operate in highly institutionalised environments where compliance is not optional but structurally mandated.

At the same time, institutions evolve in response to technological innovation, creating recursive feedback loops between regulatory systems and organisational behaviour (North, 1990). This reinforces the co-evolutionary logic underlying the CICEM framework.

3.6 Model Development Process

The development of the Compliance–Innovation Co-Evolution Model (CICEM) followed an iterative conceptual construction process comprising four stages:

1. Cross-disciplinary literature synthesis across IS, regulatory studies, and innovation theory

2. Identification of structural tensions between compliance and innovation across domains

3. Abductive refinement of relational mechanisms linking regulation, technology, and organisational behaviour

4. Integration into a multi-layer conceptual architecture consisting of regulatory, organisational, and technological layers

The resulting model represents a middle-range theory that explains observed patterns of interaction rather than predicting deterministic outcomes.

3.7 Research Quality and Evaluation Criteria

The study follows established quality criteria for interpretive and conceptual research in information systems.

Credibility

Credibility is ensured through engagement with a broad, interdisciplinary, and highly cited body of literature spanning IS, regulation, and organisational theory.

Theoretical Generalisability

The findings are intended to be analytically generalisable to similar socio-technical environments, particularly highly regulated digital industries such as banking and insurance.

Transparency

The analytical process is explicitly documented through stepwise coding and synthesis procedures, ensuring traceability of conceptual development.

Theoretical Coherence

The resulting framework maintains internal consistency across regulatory, organisational, and technological dimensions, ensuring alignment between theoretical constructs.

3.8 Methodological Limitations

Several limitations should be acknowledged.

First, the study does not include primary empirical data collection such as interviews, surveys, or ethnographic fieldwork. This limits the ability to validate the framework against organisational behaviour in practice.

Second, reliance on secondary literature introduces potential bias arising from publication selection and disciplinary dominance within existing research streams.

Third, the conceptual and interpretive nature of the study limits its ability to make statistically generalisable claims.

Finally, the rapid evolution of financial technologies—particularly AI-driven compliance systems and real-time regulatory technologies—means that elements of the framework may require ongoing refinement.

Despite these limitations, the methodological approach is appropriate for early-stage theory development in an emerging and structurally complex research domain.

4. Conceptual Framework: The Compliance–Innovation Co-Evolution Model

4.1 Introduction

This section develops the Compliance–Innovation Co-Evolution Model (CICEM), which conceptualises compliance and innovation as dynamically interdependent systems embedded within regulatory, organisational, and technological structures. The model responds to limitations in traditional information systems and regulatory governance literature, which often conceptualises compliance as a constraint on innovation rather than as an enabling and co-constitutive mechanism.

The framework is grounded in socio-technical systems theory (Baxter and Sommerville, 2011), enterprise architecture theory (Ross, Weill and Robertson, 2006), and institutional perspectives on regulation and innovation (North, 1990; Scott, 2014). It also draws on emerging literature in Regulatory Technology (RegTech) and digital governance (Arner, Barberis and Buckley, 2017).

4.2 Core Proposition of the Model

The central proposition of the CICEM is as follows:

Compliance and innovation co-evolve through continuous feedback loops mediated by regulatory structures, organisational governance systems, and technological infrastructures.

This proposition challenges linear models of compliance as a constraint on innovation (Henderson and Venkatraman, 1993) and instead aligns with co-evolutionary perspectives in organisational theory (Lewin and Volberda, 1999).

In this framing, compliance and innovation are not independent variables but mutually constitutive processes that evolve through interaction over time.

4.3 Theoretical Foundations

The CICEM integrates four foundational theoretical streams:

4.3.1 Socio-Technical Systems Theory

Socio-technical systems theory posits that organisational outcomes emerge from the interaction between social structures and technical systems (Baxter and Sommerville, 2011). In financial services, this implies that compliance is not merely a regulatory function but is embedded within digital infrastructures such as transaction systems, identity management platforms, and risk engines.

This perspective supports the view that compliance and innovation are co-produced through system design rather than externally imposed constraints.

4.3.2 Institutional Theory

Institutional theory explains how regulatory structures shape organisational behaviour through formal rules, norms, and cognitive frameworks (Scott, 2014). Financial institutions operate within highly institutionalised environments where compliance requirements are not optional but structurally embedded.

At the same time, institutions evolve in response to technological change, creating a recursive relationship between regulation and innovation (North, 1990). This reinforces the co-evolutionary logic of the model.

4.3.3 Enterprise Architecture Theory

Enterprise Architecture (EA) provides a structural lens for understanding alignment between business strategy, IT systems, and governance structures (Ross, Weill and Robertson, 2006). EA frameworks function as coordination mechanisms that translate regulatory constraints into system design principles.

EA is therefore conceptualised not only as an IT discipline but as a mediation layer between compliance and innovation domains.

4.3.4 Innovation and Regulatory Adaptation Theory

Innovation theory emphasises that organisational innovation is shaped by both internal capabilities and external institutional constraints (Teece, 2007). In regulated environments, innovation is particularly sensitive to regulatory uncertainty and compliance burden.

Recent literature on regulatory sandboxes demonstrates that adaptive regulation can actively facilitate innovation by reducing uncertainty and enabling controlled experimentation (Alaassar, Mention and Aas, 2020; Zetzsche et al., 2017).

4.4 Three-Layer Architecture of CICEM

The CICEM is structured around three interdependent layers: regulatory, organisational, and technological.

4.4.1 Regulatory Layer

The regulatory layer consists of supervisory authorities, legal frameworks, and compliance standards that define the boundaries within which financial innovation occurs. Key actors include institutions such as the Swiss Financial Market Supervisory Authority (FINMA) and the European Central Bank (ECB).

This layer is characterised by:

• Formal regulatory rules (e.g., Basel III/IV frameworks)

• Supervisory enforcement mechanisms

• Innovation-oriented instruments such as regulatory sandboxes (FCA, 2015)

• Increasingly machine-readable regulatory initiatives

Rather than acting solely as a constraint, the regulatory layer increasingly functions as an adaptive governance system that co-evolves with technological innovation (Arner, Barberis and Buckley, 2017).

4.4.2 Organisational Layer

The organisational layer comprises governance structures, operational units, and decision-making processes within financial institutions. This includes:

• Governance, Risk and Compliance (GRC) functions

• IT and enterprise architecture teams

• Product development and innovation units

• Risk and audit committees

A key challenge in this layer is structural fragmentation, which creates coordination inefficiencies between compliance and innovation functions (Weill and Ross, 2004). Misalignment between business, IT, and risk functions often leads to delayed decision-making and duplicated control mechanisms.

However, integrated GRC frameworks are increasingly used to address this fragmentation by embedding compliance into operational workflows (Racz, Weippl and Seufert, 2010).

4.4.3 Technological Layer

The technological layer consists of digital infrastructures that operationalise both compliance and innovation processes. This includes:

• Core banking systems

• Cloud computing platforms

• Data governance and analytics systems

• Artificial intelligence and machine learning models

• Regulatory Technology (RegTech) solutions

This layer is increasingly critical because compliance is no longer enforced manually but embedded directly into system architecture through automation and code-based controls (Arner, Barberis and Buckley, 2017).

This shift enables what is often described as “compliance-as-code,” where regulatory logic is implemented within software systems rather than interpreted after execution.

4.5 Interaction Mechanisms in the Co-Evolution Model

The CICEM identifies four primary mechanisms through which compliance and innovation interact.

4.5.1 Constraint-Driven Innovation

Regulatory constraints often act as boundary conditions that shape rather than suppress innovation. In line with constraint-based innovation theory (Stokes, 2006), limitations imposed by regulation can lead to:

• Architectural simplification

• Process optimisation

• Secure system design

• Increased standardisation

Rather than reducing innovation, constraints can redirect it into more structured and scalable forms.

4.5.2 Compliance Embedding (Compliance-as-Code)

A key transformation in digital financial systems is the embedding of compliance rules directly into technological infrastructures. This includes:

• Automated KYC/AML systems

• Continuous transaction monitoring

• Policy-as-code frameworks in DevSecOps environments

This reflects a shift from ex-post compliance verification to ex-ante and real-time enforcement (Arner, Barberis and Buckley, 2017).

In this mechanism, compliance becomes a distributed property of the system rather than a discrete organisational function.

4.5.3 Regulatory Uncertainty Reduction and Innovation Enablement

Regulatory clarity reduces uncertainty and enables innovation by lowering perceived risk and facilitating investment in new technologies (Teece, 2007). Regulatory sandboxes exemplify this mechanism by allowing firms to test innovations under controlled supervisory conditions (Zetzsche et al., 2017).

This mechanism highlights the enabling role of regulation in innovation ecosystems.

4.5.4 Feedback Loop Adaptation

The final mechanism is a recursive feedback loop between regulation and innovation:

1. Innovation introduces new technologies and risks

2. Regulators adapt frameworks and supervisory tools

3. Compliance systems evolve through technological integration

4. New regulatory constraints reshape subsequent innovation cycles

This aligns with co-evolutionary theory in organisational research, where systems evolve through mutual adaptation rather than linear causality (Lewin and Volberda, 1999).

4.6 Model Representation

The CICEM can be summarised as a dynamic interaction model:

Compliance ⇄ Governance ⇄ Technology ⇄ Innovation ⇄ Regulation

This structure reflects continuous feedback loops rather than hierarchical or linear relationships. Stability in the system emerges through ongoing equilibrium between regulatory adaptation, organisational coordination, and technological evolution.

4.7 Theoretical Contributions

The model contributes to existing literature in three key ways:

(1) Reframing Compliance

Compliance is reconceptualised as a dynamic socio-technical capability rather than a static control mechanism (Scott, 2014).

(2) Introducing Technology as a Governance Actor

Technology is positioned as an active governance layer that shapes how compliance is enforced and how innovation is executed (Arner, Barberis and Buckley, 2017).

(3) Moving Beyond Linear Alignment Models

Traditional alignment theories (Henderson and Venkatraman, 1993) are extended toward co-evolutionary systems theory, where alignment is continuous, adaptive, and emergent rather than static.

4.8 Summary

This section has developed a co-evolutionary conceptual framework that explains how compliance and innovation interact within modern financial systems. By integrating regulatory, organisational, and technological perspectives, the CICEM provides a structured explanation of how compliance evolves from a constraint-based function into an enabling and embedded system capability.

5. Empirical Interpretation: Compliance–Innovation Dynamics in Banking Contexts

5.1 Introduction

This section applies the Compliance–Innovation Co-Evolution Model (CICEM) to banking environments in order to interpret how compliance and innovation interact in practice. While the study remains conceptual and interpretive rather than statistically empirical, it draws on established patterns documented in information systems, regulatory, and financial innovation literature.

The banking sector provides a particularly suitable context for analysis due to its high regulatory density, complex legacy infrastructures, and increasing reliance on digital platforms and data-driven decision systems. These characteristics make it an archetypal socio-technical environment in which compliance and innovation are continuously negotiated rather than separated (Baxter and Sommerville, 2011; Scott, 2014).

5.2 Compliance as Embedded Infrastructure

A key empirical shift identified in the literature is the transformation of compliance from an external oversight mechanism into an embedded infrastructure within banking systems.

Traditionally, compliance was implemented through manual processes such as audits, periodic reporting, and post-transaction review. However, in contemporary banking environments, compliance is increasingly integrated directly into system architecture through automated controls, data pipelines, and software-driven governance mechanisms.

This shift is closely associated with the rise of Regulatory Technology (RegTech), which enables compliance to be operationalised through automated, real-time systems (Arner, Barberis and Buckley, 2017). Examples include:

• Automated KYC/AML verification systems

• Real-time transaction monitoring platforms

• Embedded audit logging and traceability mechanisms

• Policy-as-code implementations within DevSecOps environments

This reflects a broader transformation in which compliance is no longer applied to systems after execution, but designed into systems during development and operation.

From an institutional perspective, this represents a shift from ex-post governance to continuous embedded regulation (North, 1990).

5.3 Innovation Under Regulatory Constraint

Contrary to traditional assumptions that regulation suppresses innovation, empirical patterns in banking suggest that regulatory constraints often reshape rather than reduce innovation activity.

Three key structural effects can be identified.

5.3.1 Architectural Compression Effect

Regulatory requirements often force banks to simplify and standardise system architectures. This includes:

• Consolidation of fragmented legacy systems

• Standardisation of APIs and data models

• Reduction of redundant infrastructure layers

Such compression effects can paradoxically enhance innovation by reducing system complexity and improving interoperability across platforms (Ross, Weill and Robertson, 2006).

5.3.2 Channelled Innovation Pathways

Innovation in regulated banking environments is rarely unrestricted. Instead, it is typically channelled into regulatory-compliant pathways such as:

• Open banking ecosystems

• Regulated API marketplaces

• Compliant digital onboarding platforms

This reflects a structural condition in which innovation is not eliminated but redirected into governance-compatible trajectories (Alaassar, Mention and Aas, 2020).

5.3.3 Controlled Experimentation Spaces

Many financial institutions now develop internal “sandbox-like” environments to simulate regulatory conditions while enabling innovation. These include:

• Isolated cloud testing environments

• Synthetic data laboratories

• Feature-flagged production systems

These internal mechanisms mirror external regulatory sandboxes introduced by institutions such as the Financial Conduct Authority (FCA), which allow controlled experimentation under regulatory supervision (Zetzsche et al., 2017).

5.4 Enterprise Architecture as a Mediating Structure

Enterprise Architecture (EA) emerges as a critical mediating mechanism between compliance and innovation in banking systems. Rather than functioning solely as an IT design discipline, EA operates as a governance translation layer that connects regulatory requirements with technological implementation.

This mediating role can be understood through four interrelated functions.

5.4.1 Regulatory Translation

EA translates regulatory requirements into technical design constraints, such as:

• Data retention rules → storage architecture design

• Audit requirements → logging and observability frameworks

• Access control regulations → identity and authentication systems

This reflects the structural alignment function of EA described in enterprise architecture literature (Ross, Weill and Robertson, 2006).

5.4.2 Complexity Reduction

By standardising architectures and eliminating redundant systems, EA reduces organisational complexity. This is particularly important in banking institutions with historically fragmented IT landscapes.

5.4.3 Innovation Enablement

Contrary to its control function, EA also enables innovation by providing reusable architectural components and modular system structures that support rapid development and integration.

5.4.4 Governance Mediation

EA acts as a negotiation space between competing organisational logics:

• Compliance and risk management requirements

• Business innovation objectives

• IT operational constraints

This positions EA as a socio-technical arbitration layer within banking institutions (Baxter and Sommerville, 2011).

5.5 Governance Fragmentation and Decision Latency

A persistent empirical issue in banking organisations is governance fragmentation across multiple institutional actors, including:

• Risk and compliance departments

• IT architecture governance boards

• Product development teams

• Cybersecurity and operational risk units

This fragmentation leads to structural inefficiencies, including:

Decision latency

Regulatory approval cycles and internal governance processes often delay innovation deployment and product release cycles.

Interpretive divergence

Different organisational units interpret regulatory requirements differently, leading to inconsistent implementation strategies.

Local optimisation

Departments optimise for their own performance objectives rather than system-wide efficiency.

These issues reflect broader coordination challenges identified in governance and IT alignment literature (Weill and Ross, 2004).

5.6 RegTech as a Structural Transformation Mechanism

Regulatory Technology (RegTech) plays a central role in transforming compliance–innovation dynamics by shifting compliance from manual governance to automated system-level enforcement.

Three key transformations are observed.

5.6.1 Real-Time Compliance Monitoring

Modern banking systems increasingly operate continuous monitoring mechanisms that detect regulatory breaches or anomalies in real time. This reduces reliance on periodic audits and post-hoc review processes.

5.6.2 AI-Augmented Risk Detection

Machine learning systems are increasingly used to identify fraud patterns, assess transaction risk, and support regulatory reporting. These systems extend compliance capabilities through predictive analytics.

5.6.3 Automated Reporting Systems

Regulatory reporting is increasingly generated automatically from operational data flows, reducing manual intervention and improving consistency and traceability (Arner, Barberis and Buckley, 2017).

Collectively, these developments transform compliance into a computational governance system embedded within financial infrastructure.

5.7 Organisational Tensions in Practice

Despite technological advances, several persistent tensions remain within banking institutions.

5.7.1 Performance versus Compliance Trade-offs

Compliance mechanisms such as encryption, monitoring, and logging can introduce performance overheads, including latency and increased computational cost. This creates ongoing negotiation between technical teams focused on efficiency and compliance teams focused on control.

5.7.2 Security versus Innovation Speed

Security and compliance requirements can slow down product development cycles, particularly in cloud migration and API integration projects.

5.7.3 Standardisation versus Flexibility

While standardisation improves compliance and operational efficiency, it can limit organisational flexibility and reduce experimentation capacity (Teece, 2007).

5.8 Emergent Governance Pattern: Controlled Autonomy

A dominant governance pattern emerging in banking institutions is “controlled autonomy.” This model is characterised by:

• Decentralised innovation within business units

• Centralised compliance and governance frameworks

• Automated enforcement of regulatory constraints

• Continuous monitoring rather than periodic auditing

This model reflects a practical instantiation of co-evolutionary governance, where innovation is decentralised but bounded within system-wide compliance architectures.

5.9 Synthesis: Empirical Support for Co-Evolution

The empirical interpretation supports the central proposition of the CICEM framework: that compliance and innovation co-evolve within socio-technical systems rather than existing as opposing forces.

Specifically, the analysis demonstrates that:

• Compliance is increasingly embedded within technological infrastructure

• Innovation is structurally shaped by regulatory boundaries

• Enterprise Architecture mediates between control and creativity

• RegTech enables continuous compliance–innovation integration

• Organisational structures determine the efficiency of co-evolution

This supports co-evolutionary theory in organisational studies, which emphasises reciprocal adaptation between organisations and their environments (Lewin and Volberda, 1999).

6. Discussion

6.1 Reframing the Compliance–Innovation Relationship

The findings of this study fundamentally challenge the dominant assumption that compliance and innovation operate as structurally antagonistic organisational forces, a view deeply rooted in classical organisational theory that positions control and exploration as competing logics (March, 1991; Tushman and O’Reilly, 1996). While this dichotomy has been influential in explaining tensions between efficiency and adaptability, it becomes analytically insufficient in digitally mediated financial environments characterised by continuous technological integration and regulatory complexity (Yoo, Henfridsson and Lyytinen, 2010; Vial, 2019).

The persistence of this dualistic framing can be traced to theoretical models that implicitly conceptualise compliance as an external, human-mediated control function, enacted through audits, reporting, and ex-post verification mechanisms (Power, 2007; Mikes, 2009). However, such assumptions are increasingly untenable in contexts where regulatory logic is embedded directly within technological infrastructures and operationalised through automated systems, as evidenced by the rise of Regulatory Technology (RegTech) and data-driven governance mechanisms (Arner, Barberis and Buckley, 2017; Anagnostopoulos, 2018). In these environments, compliance is no longer temporally or structurally separable from operational processes, but is instead enacted in real time through computational systems.

This study demonstrates that compliance and innovation are more accurately understood as mutually constituted within socio-technical systems, where regulatory constraints, organisational processes, and technological architectures are tightly coupled and co-evolve through continuous interaction (Baxter and Sommerville, 2011; Lewin and Volberda, 1999). From this perspective, compliance does not merely shape innovation exogenously by imposing constraints; rather, it is actively involved in the production of innovation through its embedding within digital infrastructures, influencing system design, architectural modularity, and permissible innovation pathways (Ross, Weill and Robertson, 2006; Nambisan, Wright and Feldman, 2019).

This reframing shifts the analytical focus away from managing trade-offs between control and flexibility toward understanding how system design governs the conditions under which both emerge simultaneously. In digitally transformed environments, governance is increasingly instantiated through architecture and code, suggesting that the relationship between compliance and innovation is best understood not as a balance to be achieved, but as a co-produced outcome of socio-technical system design (Yoo, Henfridsson and Lyytinen, 2010; Arner, Barberis and Buckley, 2017).

6.2 Theoretical Contributions

This study makes four interrelated theoretical contributions that extend and challenge existing literature in information systems, regulatory governance, and innovation theory. Collectively, these contributions reposition compliance and innovation as structurally intertwined processes within digitally mediated institutional environments, rather than analytically separable organisational functions.

6.2.1 From Functional Dualism to Embedded Co-Evolution

First, this study challenges the dominant dualistic framing of compliance and innovation as inherently conflicting organisational logics. While prior literature has largely conceptualised compliance as a constraint on exploratory activity (March, 1991; Henderson and Venkatraman, 1993), this perspective is shown to be theoretically insufficient in digitally mediated environments.

The findings demonstrate that such dualism rests on an implicit assumption that compliance operates externally to innovation processes. This assumption no longer holds in contexts where regulatory logic is embedded directly into technological infrastructures. In these environments, compliance and innovation do not merely interact—they are co-produced through shared socio-technical systems.

By extending co-evolutionary theory (Lewin and Volberda, 1999), this study introduces the concept of embedded co-evolution, in which regulatory constraints, technological architectures, and innovation processes evolve through continuous, infrastructure-mediated feedback loops. This reframing shifts the analytical focus from inter-functional tension to system-level interdependence.

6.2.2 Compliance as Computational and Distributed Capability

Second, the study reconceptualises compliance as a computational and distributed socio-technical capability, rather than a discrete organisational function or procedural mechanism.

Existing regulatory and governance literature predominantly treats compliance as an interpretive, human-mediated activity enacted through audits, reporting, and ex-post verification (Power, 2007). This paper demonstrates that such conceptualisations fail to capture the structural transformation introduced by RegTech and digital infrastructures.

In contemporary financial systems, compliance is increasingly operationalised through:

• automated rule execution

• real-time monitoring systems

• machine learning–based risk detection

• policy-as-code implementations

As a result, compliance becomes encoded within software systems, distributed across data flows, and enacted continuously rather than episodically. This shifts compliance from a governance activity to an architectural property of digital systems.

This reconceptualisation extends socio-technical systems theory by positioning compliance not as a constraint imposed on technology, but as a capability instantiated through it.

6.2.3 Enterprise Architecture as Regulatory Mediation Infrastructure

Third, this study extends enterprise architecture (EA) theory by repositioning it as a regulatory mediation infrastructure, rather than solely a mechanism for IT–business alignment.

Traditional EA literature conceptualises architecture as a tool for achieving strategic alignment and operational efficiency (Ross, Weill and Robertson, 2006). While this perspective captures the integrative function of EA, it under-theorises its role in regulated environments.

This study demonstrates that EA performs a critical mediating function between:

• regulatory requirements (institutional layer)

• organisational governance structures

• technological implementation

Specifically, EA translates regulatory constraints into technical design principles, embeds compliance logic into system architectures, and enables modular innovation within controlled boundaries. In doing so, it operates as a governance infrastructure that simultaneously constrains and enables innovation.

This reconceptualisation contributes to both IS and governance literature by identifying architecture as a site of regulatory enactment, rather than merely a coordination mechanism.

6.2.4 From Static Alignment to Continuous Regulatory–Technological Adaptation

Fourth, the study challenges static conceptions of alignment in information systems research by introducing a model of continuous regulatory–technological adaptation.

Traditional alignment models (Henderson and Venkatraman, 1993) assume that organisations move toward a stable equilibrium between business strategy and IT capabilities. However, this assumption is incompatible with environments characterised by:

• continuous regulatory change

• real-time data processing

• automated compliance enforcement

• rapid technological innovation

The findings indicate that alignment in such contexts is:

• temporally unstable

• continuously renegotiated

• mediated by technological systems rather than solely managerial decision-making

This study therefore reframes alignment as an ongoing co-evolutionary process, in which regulatory systems, organisational structures, and technological infrastructures adapt recursively to one another.

By integrating dynamic capability theory (Teece, 2007) with socio-technical and institutional perspectives, the paper advances a model of alignment that is processual, infrastructure-dependent, and inherently dynamic.

6.2.4 Concluding Remarks

Taken together, these contributions shift the theoretical understanding of compliance from an external constraint on innovation to an embedded, computational, and co-evolving system property, thereby redefining governance in digitally transformed financial environments.

6.3 Practical Implications for Financial Institutions

6.3.1 Governance Design Implications

Financial institutions should move away from siloed governance models that separate compliance, risk, IT, and innovation functions. Instead, they should adopt integrated governance architectures that enable coordinated decision-making across organisational domains.

This is consistent with integrated GRC approaches that emphasise unified visibility and control across organisational processes (Racz, Weippl and Seufert, 2010).

6.3.2 Enterprise Architecture as Strategic Infrastructure

Enterprise Architecture should be repositioned from a documentation or modelling function to a strategic governance infrastructure. In this role, EA is responsible for embedding regulatory constraints directly into system design while enabling modular innovation.

This elevates EA from an IT support function to a core organisational governance capability (Ross, Weill and Robertson, 2006).

6.3.3 RegTech as Core Financial Infrastructure

Regulatory Technology (RegTech) should be treated as core financial infrastructure rather than a peripheral efficiency tool. In modern banking systems, RegTech underpins:

• Real-time compliance enforcement

• Automated regulatory reporting

• Predictive risk detection

• Continuous auditability

Failure to integrate RegTech at architectural level exposes institutions to higher compliance costs and slower innovation cycles (Arner, Barberis and Buckley, 2017).

6.3.4 Managing the Compliance–Performance Trade-off

A persistent operational tension in banking systems is the perceived trade-off between compliance enforcement (e.g., encryption, logging, monitoring) and system performance.

However, this study suggests that this should not be treated as a binary trade-off but as an optimisation problem within architectural design constraints. Approaches such as selective encryption, distributed processing, and policy-driven architecture can mitigate performance impacts while maintaining compliance integrity.

This reflects a shift toward design-based governance rather than post-hoc control mechanisms.

6.4 Policy Implications

6.4.1 Adaptive Regulatory Design

Regulators should increasingly adopt adaptive regulatory models that evolve in response to technological innovation rather than relying solely on static rulebooks. This aligns with emerging regulatory sandbox approaches introduced by institutions such as the Financial Conduct Authority (FCA) and the European Central Bank (ECB) (Zetzsche et al., 2017).

6.4.2 Technology-Aware Supervision

Regulatory authorities must develop deeper technical understanding of:

• Cloud-native architectures

• AI and algorithmic decision systems

• Data governance frameworks

• Real-time compliance infrastructures

This reflects a broader shift toward technology-enabled supervision and supervisory technology (SupTech) development.

6.4.3 Machine-Readable Regulation

Future regulatory systems are likely to move toward machine-readable and partially automated enforcement models, where compliance requirements are encoded directly into computational systems.

This would further reinforce the convergence between regulatory structures and technological infrastructures.

6.5 Limitations of the Study

Several limitations must be acknowledged.

First, the study is conceptual and does not include primary empirical data such as interviews, surveys, or organisational field studies. As such, the framework requires further empirical validation in real-world financial institutions.

Second, reliance on secondary literature introduces potential bias related to publication selection and disciplinary focus.

Third, the analysis is primarily focused on banking environments and may not fully generalise to less regulated sectors.

Finally, the rapid evolution of financial technologies—particularly AI-driven compliance systems—means that elements of the framework may require ongoing refinement.

Despite these limitations, the study provides a theoretically grounded foundation for future empirical and applied research.

6.6 Summary

This section has demonstrated that compliance and innovation should not be understood as competing organisational functions but as co-evolving socio-technical processes. By integrating institutional theory, socio-technical systems theory, and dynamic capability perspectives, the study advances a unified conceptualisation of compliance–innovation dynamics in financial services.

7. Conclusion

7.1 Summary of the Study

This paper set out to examine the evolving relationship between compliance and innovation in digitally transformed financial services, with a particular focus on highly regulated banking environments. The motivation for this study emerged from a growing empirical and theoretical tension in the literature: while compliance is traditionally conceptualised as a constraint on innovation, contemporary digital financial systems increasingly demonstrate that compliance and innovation are deeply interdependent.

To address this tension, the study developed a socio-technical and institutional perspective grounded in interpretivist information systems research (Walsham, 1995; Myers, 1997). Through a structured synthesis of literature across information systems, financial regulation, innovation theory, and governance studies, the paper proposed the Compliance–Innovation Co-Evolution Model (CICEM).

The model conceptualises compliance, innovation, regulation, and technology as dynamically interacting systems embedded within organisational structures rather than isolated functional domains.

7.2 Key Findings

Three central findings emerge from the analysis.

First, compliance has undergone a structural transformation from a static, audit-based control function into an embedded, continuous, and automated capability within digital systems. This transformation is driven largely by the rise of Regulatory Technology (RegTech), which integrates compliance logic directly into technological infrastructure (Arner, Barberis and Buckley, 2017).

Second, innovation in regulated financial environments is not suppressed by compliance but is structurally shaped by it. Regulatory constraints act as architectural forces that redirect innovation pathways, enforce standardisation, and enable controlled experimentation within defined boundaries (Alaassar, Mention and Aas, 2020).

Third, Enterprise Architecture and digital governance systems function as mediation infrastructures between compliance and innovation. These structures translate regulatory requirements into technical constraints while simultaneously enabling modular, scalable innovation (Ross, Weill and Robertson, 2006).

7.3 Theoretical Contributions

This study makes four primary contributions to academic literature.

7.3.1 Co-Evolutionary Model of Compliance and Innovation

The study advances a co-evolutionary theoretical model in which compliance and innovation are mutually constitutive processes rather than opposing forces. This extends co-evolution theory in organisational research by explicitly incorporating regulatory systems as active evolutionary agents (Lewin and Volberda, 1999).

7.3.2 Compliance as Embedded Socio-Technical Capability

The paper reconceptualises compliance as a distributed socio-technical capability embedded within digital infrastructures rather than a standalone organisational function (Janssen, 2012; Kotusev, Kurnia and Shanks, 2020; Simon, Fischbach and Schoder, 2013). This shifts compliance from a governance activity to an architectural property of digital systems, reflecting how enterprise systems increasingly encode regulatory and organisational constraints within their technical and structural design (Tamm et al., 2011; Ross, Weill and Robertson, 2006).

7.3.3 Enterprise Architecture as Regulatory Mediation Layer

Enterprise Architecture is repositioned as a mediation layer between regulatory systems and innovation processes (Boh and Yellin, 2006; Haffke, Kalgovas and Benlian, 2017). Rather than serving solely as an alignment mechanism, EA becomes a governance infrastructure that translates regulatory constraints into system design while enabling innovation through modularity and standardisation (Ross, Weill and Robertson, 2006; Kotusev, Kurnia and Shanks, 2020). This perspective is further supported by emerging work on regulation-by-design, which highlights how digital architectures increasingly operationalise regulatory intent directly within technical systems (Almada, 2023).

7.3.4 Dynamic Alignment in Regulated Digital Environments

The study challenges traditional IT–business alignment theory by demonstrating that alignment in regulated digital environments is not a static condition but a continuously evolving process shaped by regulatory, technological, and organisational change (Henderson and Venkatraman, 1993; Teece, 2007).

7.4 Practical Implications

The findings have significant implications for financial institutions, regulators, and technology architects.

7.4.1 Implications for Financial Institutions

Banks and financial organisations should move toward integrated governance models that unify compliance, risk, IT, and innovation functions. Siloed governance structures create fragmentation and delay innovation cycles, whereas integrated models enable faster and more coherent decision-making.

Enterprise Architecture should be elevated from a technical discipline to a strategic governance function responsible for embedding regulatory logic into system design.

7.4.2 Implications for Regulatory Authorities

Regulators should increasingly adopt adaptive, technology-aware regulatory frameworks that reflect the realities of digital financial systems. This includes the use of regulatory sandboxes, machine-readable regulation, and real-time supervisory technologies.

Institutions such as the Financial Conduct Authority (FCA) and the European Central Bank (ECB) already demonstrate movement toward such adaptive regulatory approaches (Zetzsche et al., 2017).

7.4.3 Implications for Technology and Architecture Design

RegTech should be treated as core infrastructure rather than auxiliary compliance tooling. Its integration into system architecture enables real-time compliance enforcement and reduces operational friction between innovation and regulation.

Design approaches should prioritise compliance-by-design principles, embedding regulatory logic directly into software development lifecycles and cloud architectures.

7.5 Contribution to Practice and Theory Integration

A key contribution of this study lies in bridging the gap between theoretical models of regulation and practical implementations in digital financial systems. While prior research has often treated compliance and innovation as separate domains, this study demonstrates that they are structurally integrated within modern socio-technical systems.

By combining institutional theory, socio-technical systems theory, and innovation management perspectives, the paper provides a unified framework for understanding governance in digital finance.

7.6 Limitations and Future Research

Despite its contributions, this study has several limitations.

First, the research is conceptual and does not include primary empirical validation. Future research should apply the CICEM framework to empirical case studies within banking institutions to test and refine its explanatory power.

Second, the analysis is primarily grounded in the banking sector. Future studies should explore whether the co-evolutionary dynamics identified here also apply to adjacent sectors such as insurance, capital markets, or digital platform ecosystems.

Third, the rapid evolution of artificial intelligence in compliance systems may significantly reshape the compliance–innovation relationship, requiring ongoing theoretical refinement.

Future research should also investigate the operationalisation of compliance-as-code and the implications of fully automated regulatory environments for organisational governance and accountability.

7.7 Final Reflection

The central argument of this paper is that compliance and innovation should no longer be viewed as competing forces but as interdependent components of a unified socio-technical system.

In digitally transformed financial environments, compliance is no longer external to innovation—it is part of its architecture. Similarly, innovation is no longer independent of regulation—it is shaped by it at every stage of its lifecycle.

The future of financial services governance therefore lies not in balancing compliance and innovation as opposing priorities, but in designing systems where both evolve together through continuous interaction between regulatory structures, organisational capabilities, and technological infrastructures.

8. References

Alaassar, A., Mention, A.L. and Aas, T.H. (2020) ‘Exploring how regulatory sandboxes facilitate FinTech innovation’, Technological Forecasting and Social Change, 157, 120088.

Alaassar, A., Mention, A.L. and Aas, T.H. (2022) ‘Facilitating innovation in FinTech ecosystems through regulatory experimentation’, Review of Managerial Science, 16(5), pp. 1345–1372.

Anagnostopoulos, I. (2018) ‘Fintech and RegTech: Impact on regulators and banks’, Journal of Economics and Business, 100, pp. 7–25.

Arner, D.W., Barberis, J. and Buckley, R.P. (2017) ‘FinTech, RegTech and the reconceptualization of financial regulation’, Northwestern Journal of International Law & Business, 37(3), pp. 371–413.

Autio, E., Nambisan, S., Thomas, L.D.W. and Wright, M. (2018) ‘Digital affordances, spatial affordances, and the genesis of entrepreneurial ecosystems’, Strategic Entrepreneurship Journal, 12(1), pp. 72–95.

Avgouleas, E. and Cullen, J.G. (2015) ‘Market discipline and EU corporate governance reform in the banking sector: Merits, fallacies, and cognitive boundaries’, Journal of Law and Society, 42(1), pp. 28–50.

Basel Committee on Banking Supervision (2011) Basel III: A global regulatory framework for more resilient banks and banking systems. Basel: Bank for International Settlements.

Baxter, G. and Sommerville, I. (2011) ‘Socio-technical systems: From design methods to systems engineering’, Interacting with Computers, 23(1), pp. 4–17.

Benner, M.J. and Tushman, M.L. (2003) ‘Exploitation, exploration, and process management: The productivity dilemma revisited’, Academy of Management Review, 28(2), pp. 238–256.

Black, J. (2002) ‘Critical reflections on regulation’, Modern Law Review, 65(1), pp. 1–27.

Blind, K. (2016) ‘The impact of regulation on innovation’, Handbook of Innovation Policy Impact

Boh, W.F. and Yellin, D. (2006) ‘Using enterprise architecture standards in managing information technology’, Journal of Management Information Systems, 23(3), pp. 163–207.

Bromberg, L., Godwin, A. and Ramsay, I. (2017) ‘FinTech sandboxes: innovative regulation or regulatory evasion?’, Stanford Journal of Law, Business & Finance, 23(1), pp. 85–122.

Butler, T. and O’Brien, L. (2019) ‘Understanding RegTech for digital regulatory compliance’, Information Systems Frontiers, 21(6), pp. 1237–1249.

Calderon-Monge, E. and Ribeiro-Soriano, D. (2024) ‘The role of digitalization in business and management: A systematic literature review’, Review of Managerial Science, 18, pp. 449–491.

Chen, M., Martins, T.S., Zhang, L. and Dong, H. (2025) ‘Digital transformation in project management: A systematic review and research agenda’, Systems, 13(8), p. 625.

Christensen, C.M. (1997) The Innovator’s Dilemma. Boston: Harvard Business School Press.

Dang, D.D. and Pekkola, S. (2017) ‘Problems of enterprise architecture adoption in the public sector’, Electronic Journal of e-Government, 15(1), pp. 66–79.

Fenwick, M., McCahery, J.A. and Vermeulen, E.P.M. (2017) ‘The end of “corporate” governance: Hello “platform” governance’, European Business Organization Law Review, 18(2), pp. 171–199.

Fenwick, M., Kaal, W.A. and Vermeulen, E.P.M. (2018) ‘Regulation tomorrow: What happens when technology is faster than the law’, Stanford Journal of Blockchain Law & Policy, 1(1), pp. 1–34.

Figueredo Jr, E. and Silva, L.C.S. (2026) ‘Challenges of digital services in public administration in the era of digital transformation: A systematic literature review’, Journal of the Knowledge Economy.

Glaser, B. and Strauss, A. (1967) The Discovery of Grounded Theory. Chicago: Aldine.

Gomber, P., Kauffman, R.J., Parker, C. and Weber, B.W. (2018) ‘On the fintech revolution: Interpreting the forces of innovation, disruption, and transformation in financial services’, Journal of Management Information Systems, 35(1), pp. 220–265.

Hamidan, R., Sitorus, A.T. and Sucipto, P.A. (2025) ‘Digital capabilities and IT governance as drivers of firm performance: A multilevel study in emerging markets’, Data: Journal of Information Systems and Management, 3(2), pp. 123–134.

Henderson, J.C. and Venkatraman, N. (1993) ‘Strategic alignment: leveraging information technology for transforming organizations’, IBM Systems Journal, 32(1), pp. 4–16.

Lewin, A.Y. and Volberda, H.W. (1999) ‘Prolegomena on coevolution: A framework for research on strategy and new organizational forms’, Organization Science, 10(5), pp. 519–534.

Ley, K. and Perry, R.L. (2026) ‘Digital transformation in public sector governance: A decade in review’, Inclusive Growth and Governance Quarterly

March, J.G. (1991) ‘Exploration and exploitation in organizational learning’, Organization Science, 2(1), pp. 71–87.

Markus, M.L. and Loebbecke, C. (2013) ‘Commoditized digital processes and business community dynamics’, MIS Quarterly, 37(3), pp. 649–672.

Maulana, R.Y. and Dečman, M. (2023) ‘Collaborative governance in the digital transformation age: A systematic literature review with bibliometric mapping’, Central European Public Administration Review, 21(1), pp. 31–60.

Mikes, A. (2009) ‘Risk management and calculative cultures’, Management Accounting Research, 20(1), pp. 18–40.

Myers, M.D. (1997) ‘Qualitative research in information systems’, MIS Quarterly, 21(2), pp. 241–242.

Nambisan, S., Wright, M. and Feldman, M. (2019) ‘The digital transformation of innovation and entrepreneurship’, Research Policy, 48(8), 103773.

North, D.C. (1990) Institutions, Institutional Change and Economic Performance. Cambridge: Cambridge University Press.

Philippon, T. (2016) ‘The FinTech opportunity’, NBER Working Paper No. 22476 (widely cited in peer-reviewed finance literature).

Pinto, A.S., Abreu, A., Cota, M.P. et al. (2025) ‘Mapping the process of digital transformation in shared services centers: A scoping literature review’, Future Business Journal, 11, p. 228

Racz, N., Weippl, E. and Seufert, A. (2010) ‘A framework for research on governance, risk and compliance (GRC) systems’, Proceedings of the 43rd Hawaii International Conference on System Sciences.

Ross, J.W., Weill, P. and Robertson, D.C. (2006) Enterprise Architecture as Strategy. Boston: Harvard Business School Press.

Sanjay Dhingra, Abhijeet Jaiswal(2025) ‘Determinants of digital transformation in organisation: A systematic literature review’, Software Impacts, Article 102129.

Scott, W.R. (2014) Institutions and Organizations: Ideas, Interests, and Identities. 4th edn. Thousand Oaks: Sage.

Singh, R. and Singla, A.R. (2025) ‘Digital technologies and public governance: A literature review’, Empirical Economics Letters, 24(Special Issue 3).

Strauss, A. and Corbin, J. (1998) Basics of Qualitative Research. 2nd edn. Thousand Oaks: Sage.

Sun, Y. and Guo, J. (2024) ‘How does digital transformation affect corporate governance paradigms? A synthesis of the literature’, Frontiers in Systems Journal, 7(2).

Tallon, P.P., Kraemer, K.L. and Gurbaxani, V. (2000) ‘Executives’ perceptions of the business value of information technology: A process-oriented approach’, Journal of Management Information Systems, 16(4), pp. 145–173.

Power, M. (2016) ‘Riskwork: Essays on the organizational life of risk management’, Oxford University Press.

Racz, N., Weippl, E. and Seufert, A. (2010) ‘A frame of reference for research of integrated governance, risk and compliance’, IFIP Advances in Information and Communication Technology, 339, pp. 106–117.

Teece, D.J. (2007) ‘Explicating dynamic capabilities: the nature and microfoundations of (sustainable) enterprise performance’, Strategic Management Journal, 28(13), pp. 1319–1350.

Thakor, A.V. (2020) ‘Fintech and banking: What do we know?’, Journal of Financial Intermediation, 41, 100833.

Tushman, M.L. and O’Reilly, C.A. (1996) ‘Ambidextrous organizations: Managing evolutionary and revolutionary change’, California Management Review, 38(4), pp. 8–30.

Vaya-Arboledas, Á., Ferrer-Oliva, M. and Medina-Merodio, J.A. (2025) ‘Evolution and perspectives in IT governance: A systematic literature review’, Computers, 14(12), p. 520.

Verhoef, P.C. et al. (2021) ‘Digital transformation: A multidisciplinary reflection and research agenda’, Journal of Business Research, 122, pp. 889–901.

Vial, G. (2019) ‘Understanding digital transformation: A review and a research agenda’, Journal of Strategic Information Systems, 28(2), pp. 118–144.

Walsham, G. (1995) ‘Interpretive case studies in IS research’, European Journal of Information Systems, 4(2), pp. 74–81.

Walsham, G. (2006) ‘Doing interpretive research’, European Journal of Information Systems, 15(3), pp. 320–330.

Wijayanti, Handayani Tri (2025) ‘Exploring the Impact of Fintech Innovation on Financial Stability and Regulation: A Qualitative Study

Ashraf, N., Narayanan, A. and Ozyildirim, A. (2020) ‘Regulation and innovation: Evidence from fintech’, Journal of Financial Stability, 47, 100717.

Weill, P. and Ross, J.W. (2004) IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Boston: Harvard Business School Press.

Yin, R.K. (2018) Case Study Research and Applications. 6th edn. Thousand Oaks: Sage.

Yoo, Y., Henfridsson, O. and Lyytinen, K. (2010) ‘Research commentary—The new organizing logic of digital innovation’, Information Systems Research, 21(4), pp. 724–735.

Zetzsche, D.A., Buckley, R.P., Barberis, J.N. and Arner, D.W. (2017) ‘Regulating a revolution: from regulatory sandboxes to smart regulation’, Fordham Journal of Corporate & Financial Law, 23(1), pp. 31–103.

Zetzsche, D.A., Buckley, R.P., Arner, D.W. and Barberis, J.N. (2020) ‘Decentralized finance’, Journal of Financial Regulation, 6(2), pp. 172–203.