Buy vs build Vendor strategy Onboarding

Knowing when
to stop building

KYB/KYC checks were entirely home-built — every new market, rule and risk signal became an engineering ticket. I made the call that verification is infrastructure to partner on, not a differentiator to maintain, and led the move to a specialist KYB/KYC provider.

My role

[e.g. Lead PM, owned the decision]

Timeframe

[e.g. ~6 months]

Team

[e.g. Eng, Risk, Compliance, Ops]

[X]

eng-weeks per quarter reclaimed from maintenance

[Y]

markets / checks shipped config-not-code

[Z]%

faster time-to-verify a customer

The situation

A stack nobody owned as a product

A home-grown verification stack that no one owned as a product. Every new market, rule and risk signal turned into an engineering ticket, and the cost was paid quietly across the roadmap — the build-vs-partner question had simply never been asked.

[Add the concrete pain: how long a new market took, how much eng time was sunk, what kept breaking.]

The bet

Verification is infrastructure, not advantage

Verification is commoditising. The durable advantage isn't the plumbing — it's the risk policy and orchestration layered on top. So the thesis was simple: partner for verification, keep decisioning and policy in-house.

That reframed a vague "our KYC is painful" complaint into an explicit, defensible capital-allocation decision.

The decision, on four axes

← Build in-houseBuy / partner →

Differentiation

Total cost of ownership

Regulatory surface

Speed to be right

Every axis pointed the same way: verification is low-differentiation, high-TCO and regulator-heavy. The one axis we kept in-house — risk policy and orchestration — is the one that actually compounds. [Nudge any marker if your read differs.]

How I led

From a complaint to a decision the whole org backed

Built the buy-vs-build thesis with a rubric

Differentiation, total cost of ownership, regulatory surface, and speed-to-right — scored honestly so the answer was the rubric's, not mine.

Ran the vendor evaluation

[How you evaluated providers — criteria, who you shortlisted, what won it.]

Aligned Risk, Compliance, Eng and Ops

Each function resisted differently — owning their objections directly, not papering over them, was what turned a contested call into a shared one.

Sequenced the migration so onboarding never broke

Held the team on migration over new work, and phased the cutover so live customer onboarding never took a hit.

What changed — a new check, before & after

Before New market / rule→ Eng ticket→ Eng builds & tests→ Ships [weeks each time]

After New market / rule→ Config change→ Ships [same day]

Verification work moved off the engineering critical path — new checks became configuration, not code.

The outcome

Compliance became a configurable capability

[Quantify it: eng capacity reclaimed, new markets/checks now shipped without engineering, time-to-verify change, timeframe. Ranges are fine.]

Beyond the numbers, the deeper shift: compliance stopped being a roadmap tax and became a configurable capability the business could move on at will.

"Verification is infrastructure to partner on, not a differentiator to maintain."