Target Operating Models in a highly regulated environment: Striking the balance between compliance and responsiveness

In today’s highly regulated industries — from finance to pharmaceuticals to public services — organizations face a delicate balancing act. They must operate with stability, precision, and predictability, ensuring full compliance with evolving regulatory requirements, while also staying responsive to shifting customer expectations, competitive pressure and changes in legislation. Designing and implementing an effective operating model that enables an organization to tackle both these sides can be challenging.

There are many reasons why organizations in a highly regulated industry find it challenging to develop an effective and long-term operating model that strikes the balance between responsiveness and operational stability. Highberg has identified a set of key factors that, in our experience have a strong impact on achieving this golden balance: complex regulations and compliance, siloed organizational designs, and lastly, a risk-averse culture and mindset.

placeholder

Commenly experienced challenges when developing an operating model in a highly regulated environment

Complex regulations and compliance

1. Structural inertia in the form of silos

Organizational silos are one of the biggest barriers to becoming more responsive to change. When teams operate in isolation, they limit the flow of information, ideas, and collaboration that responsiveness depends on. Each department tends to focus on its own priorities, tools, and goals, creating blind spots and missed opportunities for creative cross-pollination. Knowledge gets hoarded instead of shared, slowing down decision-making and stifling momentum. Worse, silos often breed a culture of “not my job,” where employees resist stepping outside their defined roles — a mindset that runs counter to the curiosity and collaboration a customer centric organization should thrive on. Responsiveness to change is iterative and interdisciplinary; it demands open feedback loops, diverse perspectives, and a willingness to experiment across traditional boundaries. When silos prevent those conditions from forming, they don’t just slow progress — they shut it down.

2. Striking the balance between innovation and risk aversion

Organizations operating in highly regulated environments tend to be dominated by an inherently risk-averse culture, largely driven by the fear of non-compliance and the severe consequences that can follow. Whether it's financial penalties, legal action, reputational damage, or even loss of licensure, the stakes of falling short of regulatory requirements are high. As a result, organizations often prioritize consistency, control, and process adherence over experimentation or innovation. Decision-making can become slow and cautious, with new ideas facing intense scrutiny and lengthy approval cycles. While this approach helps safeguard against regulatory breaches, it can also discourage creative thinking and proactive change, ultimately making it harder for such organizations to adapt quickly in fast-evolving markets.

In this article, we explore a set of practices that Highberg has found to be effective mitigation measures to overcome these challenges. Highberg utilizes the concepts of value streams and portfolio management to set the foundation of an effective operating model to create a balance between responsiveness and organizational stability. That ultimately allows organizations in a highly regulated environment to perform to the best of their abilities and remain a competitive advantage within the boundaries of compliance.

Approaches to effectively mitigate the indentified challenges and set the foundation of an operating model

1. Value streams

Organizing around value streams is a powerful way to both break down organizational silos and integrate compliance into the flow of work. By aligning cross-functional teams — including roles from product, engineering, operations, compliance, and legal — around the delivery of customer value, companies eliminate the fragmentation that silos create. This structure encourages shared ownership, faster decision-making, and clearer communication across previously isolated departments. In regulated environments, value streams also enable what’s known as “shift-left” compliance: embedding regulatory requirements, risk controls, and audit readiness directly into day-to-day workflows. Compliance is no longer a separate gatekeeping function but an integrated part of the delivery process, allowing teams to identify and address risks early while maintaining speed and agility. The result is a more collaborative, adaptive organization where compliance is continuously met without sacrificing innovation or delivery velocity.

2. Portfolio Management

Effective portfolio management plays a critical role in tackling a risk-averse mindset while ensuring compliance across the organization. Highberg recognizes ‘portfolio management’ as the process of selecting, prioritizing, and managing a collection of projects, programs, and initiatives to achieve an organization’s strategic objectives. At its core, it focuses on balancing the allocation of resources, managing risks, and maximizing value across all initiatives. It helps ensure that the right work is being done in alignment with business goals, while optimizing performance and outcomes.

By strategically balancing a mix of initiatives — from low-risk, compliance-driven projects to more innovative, exploratory efforts — portfolio management enables organizations to take calculated risks without compromising core obligations. It shifts the focus from avoiding risk entirely to managing it intelligently, using data-driven insights to support informed decision-making. At the same time, portfolio governance structures embed compliance into the lifecycle of each initiative, ensuring that regulatory requirements and risk controls are addressed early and consistently. This integrated approach allows organizations to prioritize high-value work, stay aligned with strategic goals, and build a culture that supports adaptability, innovation, and accountability — even in highly regulated environments.

Conclusion

Navigating the tension between compliance and responsiveness is one of the most pressing challenges for organizations in highly regulated industries. The interplay between complex governance requirements, entrenched silos, and a deeply rooted risk-averse culture can make transformation feel daunting. However, as this article has shown, it is not only possible but essential to strike a balance that enables both stability and agility. By leveraging value stream structures, organizations can foster cross-functional collaboration and embed compliance directly into the delivery process. At the same time, portfolio management provides the strategic oversight needed to manage risk intelligently, prioritize initiatives, and create space for innovation. Together, these practices form the foundation for a resilient and adaptable operating model — one that enables organizations to deliver customer value, meet regulatory demands, and remain competitive in an ever-evolving landscape.

Related Insights

divider