Case Study Compliance Engineering SecOps Financial Services

85% Compliance. 5 People. Not 200 Analysts.

After a $3.2B regulatory fine, TD Bank hired 200+ compliance analysts. Six months later, compliance sat at 38%. As Program Manager and Technical Product Owner for Configuration Compliance Management, I built an integrated seven-system platform instead. Within 18 months: 85% compliance, 45-day remediation, and $23.35M in annual savings over the analyst model.

$23.35M
Annual savings vs. the 200-analyst operating model
85%
Compliance rate, up from 38% at programme start
18x
ROI on platform investment versus headcount model
45 days
Avg remediation (down from 120)
7
Compliance systems integrated
15K+
Manual tickets automated annually
80%
Reduction in audit evidence collection time
5
Person team vs. 200-analyst model
Role
Program Manager / Technical Product Owner
Domain
Configuration Compliance Management (CCM)
Organisation
TD Bank - Dallas, TX
Duration
July 2025 to Present
Certifications
SAFe 6.0 POPM | A-CSPO
Problem Statement

TD Bank hired 200 analysts to fix compliance. Compliance got worse. The problem was never headcount.

Following a $3.2B regulatory fine, one of the largest in U.S. banking history, TD Bank's immediate response was to add headcount. Two hundred compliance analysts, costing $24.7M annually. Six months later, compliance rates sat at 38% and remediation averaged 120 days. More people made it measurably worse. The root cause was fragmentation: seven security tools generating data that never connected, an asset inventory 40% inaccurate, and an escalation process that lived in email threads. I joined with a mandate not to manage the analyst army but to build the platform that would make one unnecessary.

01
Linear Scaling Fails at Enterprise Volume
50,000 assets generating 15,000 new vulnerabilities monthly means each analyst tracks 300+ items. 60% of analyst time went to copying data between disconnected systems. The backlog grew faster than any headcount model could close it. Hiring more people accelerated the problem, not the solution.
02
Manual Processes Guarantee Statistical Failure
Analysts working in spreadsheets produced 12 to 15% error rates in compliance reporting. At scale across 200 people working from disconnected exports, compliance failure was not a risk. It was a mathematical certainty built into the operating model. No QA layer resolves that at enterprise scale.
03
Headcount Cannot Fix Broken Architecture
If security tools do not communicate with the ticketing system, if asset ownership data is 40% inaccurate, if escalation lives in email chains, adding headcount only scales the dysfunction. The root cause is always architecture. A 5-person platform team out-delivered 200 analysts operating in a broken system.
Solution Architecture

One integrated platform. Seven previously siloed systems. Every stakeholder served without analyst intermediaries.

The solution was not another tool. It was a product strategy decision: build an integrated compliance architecture where CCM+Qualys, IVM, IVR, AVR, CVR, Threat Intel, and the Protect Executive dashboards shared a single data layer, automated what was manual, and gave every stakeholder exactly the visibility they needed without intermediaries.

01
🧠
Splunk as the Unified Intelligence Layer
All 7 compliance systems fed into a single Splunk data lake. Risk scoring, trending, and cross-system correlation happened in one place for the first time. Analysts had been doing this manually across disconnected exports, consuming the majority of their capacity. The platform made it instant and continuous.
02
⚙️
ServiceNow CCM as the Action Layer
When Qualys identified a vulnerability, a ServiceNow ticket was automatically created, assigned to the correct asset owner via CMDB relationships, SLA clock started, and escalation path set. 15 common vulnerability patterns triggered fully automated remediation: patch deployed, compliance verified, ticket closed. Zero analyst touch on those patterns.
03
📊
Protect Executive Dashboards as the Trust Layer
Tableau dashboards gave regulators and senior leadership real-time compliance posture across all 7 systems. Regulators stopped requesting evidence packages and accessed the portal directly. Audit evidence collection dropped from a 6 to 8 week exercise per quarter to a live self-service feed. Transparency rebuilt regulatory trust where the analyst model had damaged it.
04
🚨
Consequence Models as the Enforcement Layer
Dashboards alone did not change behaviour. Automated escalation to managers at 30 days, senior management at 60, and HR at 90 created the accountability structure the dashboards could only surface. SLA adherence jumped from 68% to 99.2% after consequence models activated. Visibility informs. Consequence models act.
Implementation

First results in 90 days. No big-bang launch.

Delivery was sequenced to ship working value every quarter rather than accumulating 18 months of risk in a single launch. Each phase reduced manual burden and built stakeholder confidence before the next phase raised ambition. Compliance teams became internal advocates six months before the full platform was complete.

Months 1 to 3
Foundation: Data Lake and CMDB Accuracy
Stood up the Splunk data lake. Integrated Qualys as the first security feed. Prioritised ServiceNow CMDB accuracy to 95%+, the critical dependency for correct automated ticket assignment. Every stakeholder pushed back on time spent here. It was the highest-leverage investment of the programme.
Months 4 to 6
Workflow Automation and Escalation Framework
Deployed ServiceNow CCM with custom assignment logic. Built the multi-tier escalation framework. Integrated CrowdStrike and Akamai feeds. First operational dashboard went live for compliance teams, who immediately reported measurable time savings.
Months 7 to 12
Stakeholder Enablement
Deployed role-based dashboards for executives, audit, regulators, asset owners, and SecOps. Launched the self-service regulatory portal. Activated automated remediation for 15 common vulnerability patterns, eliminating the single largest category of analyst work entirely.
Months 13 to 18
Optimisation and Enterprise Scale
Activated consequence models driving 99.2% SLA adherence. Added predictive analytics for compliance risk trending. Expanded from the original CCM scope to all 7 compliance systems enterprise-wide, making the platform the bank's compliance intelligence backbone.
Final Outcomes

Numbers that survived four regulatory reviews.

Measured after 60 days of phased launch, validated through OCC consent order quarterly reviews and third-party audit cycles.

85%
Compliance rate across all 7 systems, up from 38% at programme start with the 200-analyst model
45 days
Average remediation time, down from 120 days under the analyst-driven operating model
$23.35M
Annual savings vs. the $24.7M all-in cost of the 200-analyst model, at 85% compliance vs. their 38%
72 hrs
Full Log4j remediation across 2,847 affected assets. Previous baseline for comparable events: 30 to 45 days.
60%
Fewer third-party audit findings through continuous compliance visibility across all 7 integrated systems
Zero
Repeat findings in all OCC consent order quarterly reviews since platform launch. Regulatory trust rebuilt.
Lessons Learned

What I would repeat exactly, and what surprised me.

CMDB Accuracy Is the Real MVP
Three months on CMDB before any dashboard work felt like delay to everyone watching. It was the highest-leverage investment of the programme. If asset ownership data is wrong, automation assigns tickets to wrong people and every subsequent workflow compounds the error. Data accuracy is product work, not a prerequisite to it.
Visibility Does Not Drive Behaviour
Dashboards showing compliance status did not materially change compliance rates on their own. SLA adherence did not move significantly until consequence models connected non-compliance to professional accountability. Accountability structures change behaviour. Dashboards show whether it worked.
Ship Something Operational Early
The operational dashboard going live in Month 6, twelve months before the full platform, turned compliance teams from sceptics into advocates. Their endorsement unlocked executive sponsorship for the more expensive analytical and strategic layers. Early value creates political capital for later ambition.
The Premise Was Wrong, Not the Analysts
The 200 analysts were competent people working in a broken system. The instinct to hire more when compliance fails is rational from a short-term risk management perspective. What is wrong is the assumption that headcount can substitute for architecture at enterprise scale. It cannot, ever.

If you are building something that cannot afford to fail, let's talk.

Complex programmes. Regulated environments. High-stakes stakeholder landscapes. That is where I do my best work.

Start a Conversation View Full Portfolio
More Case Studies
OCC Renaissance ↗ Compliance Governance ↗ Compliance Intelligence Platform ↗ VoteGuard ↗ Family Wealth Simulator ↗ EmPact ↗
Disclaimer: The views, analysis, and observations expressed in this case study are solely my own and do not represent the positions, strategies, or opinions of TD Bank or any affiliated entity. This case study is published for professional visibility and portfolio purposes only. All figures referenced are based on my personal recollection and have been generalised where appropriate to protect confidential information.