Change Management: 4 Barriers Slowing Organisational Adoption
Compliance functions are spending billions on new technology but consistently failing to invest in the organisational change needed to embed it.
In 2024, the Financial Conduct Authority issued 27 enforcement actions worth a combined £176 million, a 230% increase on the previous year. Starling Bank was fined £28.9 million for inadequate sanctions screening. In 2025, the penalties continued. Nationwide Building Society received £44.1 million for failures in systems and controls. Monzo was hit with £21.1 million after rapid growth outpaced its compliance infrastructure. In each case, the regulator found the same thing: overreliance on manual processes that increased operational risk. These were not policy failures. They were change management failures, rooted in an industry-wide inability to move from legacy systems to modern ones.
The technology to fix this exists and has done for some time. RegTech platforms, AI-driven monitoring, automated regulatory tracking. An EY survey of 300 compliance and legal decision-makers found that 94% described digital tools as extremely or very important. Only 55% had actually implemented or optimised them. A FinregE case study of a large global bank offers one illustration of the gap: before adopting an automated system, the bank’s compliance team had been reviewing roughly 1,500 regulatory publications a week, spread across thousands of pages, using five full-time employees and Excel spreadsheets.
The tools are available. The budgets are following. The change management required to embed any of it has, for most firms, not materialised. What follows are the four failures that recur most consistently, and the reasons they prove so difficult to fix.
1. Overcoming the “good enough” mindset
Compliance professionals are trained to distrust disruption. A spreadsheet that tracks regulatory obligations may be imperfect, but it is known. A new platform is not. In a function where errors carry regulatory consequences, that distinction matters more than it should.
An academic review led by Ray Panko at the University of Hawaii, spanning decades of research, concluded that 94% of spreadsheets used in organisational decision-making contained errors serious enough to affect outcomes. PwC’s Global Compliance Survey 2025, which gathered responses from 1,802 executives across 63 territories, found that 63% of compliance professionals say the complexity and disaggregated nature of their data is actively making their work harder. The same survey found that only 7% of organisations consider themselves compliance leaders, though 38% aspire to be within three years.
The gap between aspiration and action is not new. What is new is the pace at which manual processes are degrading. Regulatory obligations are multiplying. The spreadsheets are not getting better. Change management in these environments stalls not because people refuse to move, but because caution has calcified into inertia, and nobody with sufficient authority is naming it.
2. Keeping sponsors engaged beyond sign-off
Prosci’s benchmarking research, drawn from thousands of change initiatives, shows that projects with strong change management practices are six times more likely to meet their objectives. The single most important variable, across every edition of the study, is active and visible executive sponsorship.
In compliance, that sponsorship tends to evaporate early. A chief compliance officer secures the budget. The board approves the programme. A project team is assembled. And then the sponsor returns to their own priorities. Governance meetings get delegated downward. Communication to the team dries up.
What happens next is predictable but worth stating plainly. In hierarchical compliance functions, where deference to seniority runs deep, the absence of a visible sponsor is not interpreted as an oversight. It is interpreted as permission to disengage. Nobody rebels against the new system. They simply do not adopt it. Middle managers wait. The old process quietly reasserts itself.
The organisations that avoid this tend to do something unglamorous: they write sponsorship into the programme governance as a defined role with specific obligations, not a standing invitation. When the sponsor changes, which in compliance happens often, the handover is treated as a programme risk. PwC’s survey found that 82% of compliance functions plan to increase their technology investment. Whether that money lands in organisations capable of absorbing it depends, in most cases, on whether someone senior enough is prepared to stay in the room long after the cheque has cleared.
3. Managing adoption in overstretched teams
The EY survey surfaced a finding that compliance technology vendors would prefer not to dwell on. When asked to name their primary barrier to adopting new technology, 47% of compliance leaders cited lack of time. Not budget. Not scepticism about the tools. Time.
This is not an excuse. It is a description of operating conditions. Compliance teams have spent the past five years absorbing successive waves of new regulation: GDPR and its progeny, sanctions expansions, ESG reporting mandates, the EU AI Act, DORA. Each has demanded process overhauls, system updates, and retraining. The people doing this work are not resistant to change. They are saturated by it.
Industry research consistently finds that organisations allocate a small fraction of their transformation budgets to change management, despite strong evidence that investing in the people side of change produces significantly better outcomes. In compliance, this underinvestment collides with a workforce that has no slack left to give. The departments most in need of better technology are the ones least able to absorb the disruption of adopting it.
The functions that navigate this well tend to treat change management as a capacity problem, not a communications problem. They sequence initiatives rather than stacking them. They build training into the working week in short, repeated sessions rather than compressing it into a single day the team cannot afford to lose.
4. Building ownership that lasts past go-live
The project team delivers the platform, runs the training, publishes the user guides, and disbands. The operational team inherits a system it did not design. Questions go unanswered. Workarounds develop. Teams drift back to what they know. There is no formal decision to abandon the new tool. It simply ceases to be the path of least resistance.
This pattern has a structural cause. Most compliance functions treat change management as a subset of project delivery, something that ends when the project ends. But the period after go-live is precisely when adoption is won or lost. Users encounter edge cases the training did not cover. Processes designed in theory collide with operational reality. Without someone accountable for navigating that friction, the system loses ground week by week.
Prosci’s research indicates that initiatives with dedicated change management resources after go-live achieve significantly higher success rates than those without. Compliance functions rarely fund this work. The technology is treated as the deliverable. Adoption is treated as someone else’s problem. In a function where poor adoption carries direct regulatory exposure, this is a remarkable allocation of priorities.
Measuring success by go-live date rather than sustained usage is the compliance equivalent of judging a controls framework by whether the policy document exists, rather than whether anyone follows it.
What the enforcement record suggests
In 2024, eight of the FCA’s 27 enforcement actions cited breaches of Principle 3, which concerns systems and controls, accounting for more than £100 million in penalties. The regulator is no longer interested in whether firms have policies on paper. It wants evidence that those policies are supported by systems that work in practice.
The four challenges described here are not new. They appear in change management literature going back decades. What is new is the enforcement climate in which compliance departments now operate, and the narrowing distance between a manual process and a regulatory finding. The firms that will avoid the next round of penalties are unlikely to be those with the largest technology budgets. They will be those that recognised, early enough, that change management is not a line item to be trimmed from the project plan. It is the thing that determines whether the project plan was worth funding at all.
