The banner took three days to approve. The event lasted two hours.

Nobody says this out loud

A local branch of a bank wants a roll-up banner and a floor sticker for an event they're running Thursday afternoon. Two hours, maybe three. Some clients, some coffee, a local sponsorship activation. They submit the request on Monday. Legal needs to review it. Brand needs to sign off. Compliance needs to check the disclaimer. By Thursday morning, the approval is still pending.

So they make something themselves. Canva. PowerPoint. An old template someone saved on their desktop. The event happens. The assets are there. Nobody in the room knows they're off-brand, missing the disclaimer, or technically non-compliant. The compliance process didn't stop the risk. It just made sure the risk happened without a paper trail.

Nobody talks about this. Not publicly. But it happens hundreds of times a day across every regulated industry.

Compliance was the right idea. The process broke it.

The review cycle exists for good reason. Banks, insurers, and pharma companies operate under strict communication rules. Every asset needs to carry the right disclaimer. No misleading claims about returns. The responsible publisher has to be named. In some markets, every single output needs to be archived for regulatory audit. The stakes are real.

But somewhere along the way, the process designed to manage risk became the risk itself.

The two ways it breaks

I've had this conversation maybe thirty times in the last two years. Always with marketing leaders in financial services. Always the same two failure modes.

The first is paralysis. The team submits. Legal is backed up. The compliance officer covers three markets. The average approval cycle in a regulated marketing team runs three to five business days. For a two-hour event, that's already game over.

The second you already know. They don't wait. They go around it.

The review process doesn't prevent bad content. It delays good content and teaches people to go around it.

The wrong question

I was in a meeting recently with a CMO at a major US bank. Big organisation. Dozens of local branches, multiple product lines, external agencies running alongside an internal creative team. Every campaign routes through legal validation, brand review, back and forth before anything goes out.

Then she said something that stuck. The approval process for a local asset often takes longer than the asset will ever actually be used. She wasn't complaining about the reviewers. She understood why the process existed. What she'd realised was that the process had stopped doing its job.

She wasn't looking for a faster approval process. She was looking for a way to make the approval process unnecessary.

You can't run a broken process faster

Adding reviewers doesn't scale. Automating the email routing doesn't solve the problem. Building a project management workflow around the same cycle just makes it slightly more organised. The structural issue stays.

The alternative is to build a system where it is impossible to produce non-compliant content in the first place. Not difficult. Impossible.

If the only templates available are the correct ones, if the disclaimer is baked in and cannot be removed, if the responsible publisher populates automatically based on the branch, if the colour values are locked to the approved palette — there is nothing left to review. The system is the compliance layer. The check becomes redundant.

What it looks like when it works

M&T Bank runs this model across their local branch network. Every branch produces assets for events, co-sponsorships, and local activations. They do it themselves, without routing through central marketing. Every output is on-brand. Every disclaimer is correct. The compliance team is not slower. They are simply not in the loop anymore.

The system handles what the review process was trying to achieve. It does it before the asset is created, not after.

I know what legal will say

The objection is predictable. What if the template itself is wrong? What if the disclaimer changes? What if there's a regional variation nobody anticipated?

Those are real concerns. They are also one-time problems. You fix the template once. The review cycle repeats forever.

Most organisations will still try to fix the process first. They will hire a faster compliance officer. They will add a dedicated brand reviewer. They will run training sessions on the brand guidelines. None of it solves the structural problem. It just makes the existing one slightly more organised.

One last thought

The compliance check was never the point. The point was to make sure nothing wrong went out the door. If you build a system where nothing wrong can be produced, the check becomes a question nobody needs to ask. That is not a faster process. That is a different one entirely.