Back to Blog

Regulated Products

Ryan Frederick | March 31st, 2022

Move fast and break things, ship an initially embarrassing product, don’t worry about security initially, and more can work for unregulated products but not for regulated products.

The rules and terms of engagement for creating regulated products in healthcare, insurance, financial services, defense, and more cannot be taken lightly. A company can find itself at odds with government regulators, customers, the industry, or law enforcement.

One of the challenges we have as a product firm is engaging with clients creating a product in a regulated space but who believe they can approach the product as unregulated. The considerations and work can be vastly different, increasing the length, complexity, and investment required to create a regulated product. There is no throwing it together with a regulated product, yet many clients don’t understand the significant differences between creating a regulated and unregulated product. Here are some of the differences:

  • Security — You can’t take protection lightly with a regulated product. User security, data security, and overall system security have to be in place from the beginning. There is no adding it later. Regulated products are much more likely targets of hackers than the governing bodies and authorities around an industry.
  • Data — Having the proper data architecture, schema, and security is paramount for any regulated product. Improper or lacking data governance will be dealt with harshly by regulators. If uncovered will result in a product losing all credibility in the market.
  • User management — Even unregulated products are now enforcing two-factor authentication and other means to implement account access and management. Some industries require even further user identity confirmation for account access and control.
  • Integrations — Most products require some level of integration with other products for the product to fulfill its potential for users. Unregulated products can take the type and construct of integrations less thoughtfully than regulated products can. Need your social media app to be able to share with other apps? Okay, cool. Need your patient healthcare app to integrate with a medical record management system, not so fast.
  • Architecture — No code and low code tools are great ways to create initial versions of unregulated products. Regulated products don’t afford the same initial technical approaches. A regulated product must be hardened and appropriately approached to even get out of the starting gate.
  • Customer due diligence — Most customers of regulated products will require confirmation of compliance and measures. Many customers won’t take your word for it and will perform their own or hire a third party to validate the veracity of a regulated product’s security and compliance. Customers in regulated industries aren’t going to risk their compliance with a rogue product they haven’t vetted.
  • Pricing — Pricing is an often overlooked aspect of regulated products. Many regulated customers can’t use freemium products because they must pay for goods and services so not to be construed as being given access to something as favoritism. On the flip side, some regulated customers can’t pay above a certain threshold for products and services.
  • Positioning — Product positioning and messaging should never be taken lightly. Still, unregulated products aren’t likely to get you in trouble or turn customers off like they can with a regulated product. A thorough legal review of terms, conditions, and other statements about an e regulated product are essential.

The unregulated product approaches around early products take on more depth, meaning, and consequence when it comes to regulated products. It is easier in unregulated products to decide to care and do more about the factors listed above when there are more users. Some critical assumptions about a product have been validated. Regulated products don’t afford the same luxury of lack of attention to these areas. A regulated product needs to be constructed with much more thought and rigor than an unregulated product.

Many companies wanting to create a regulated product will refer to unregulated products because those are the products they use personally and are the most familiar with. It’s a natural thing to do, but it is also misguided. Comparing a regulated product to an unregulated product is like comparing a certified architect to an uncle who likes to go to Home Depot but doesn’t know how anything should be built.

Being in a regulated industry doesn’t give companies a pass on being bad at creating valuable and successful products. It is more challenging but being a martyr about it is a cop-out. Yes, developing products in a regulated environment means being more thoughtful and intentional, but it doesn’t mean it provides a get-out-of-jail-free card to create bad products that are hard to use and that no one wants to use. Healthcare, banking, and insurance have been some regulated industries with a track record of creating less than excellent products for the customers and team members under the guise of their hands being tied because they are in a regulated environment. Regulation shouldn’t equate to a built-in excuse to be bad at product. The companies in regulated industries that challenge themselves to be great at product inside the regulatory guardrails are the most successful and sustainable in those industries. Great regulated products can be created if a company doesn’t use regulatory guardrails as an excuse and is intentional about being great at product.

If you are creating a regulated product, be aware of the complications associated and ensure your approach is grounded in the realities of such an endeavor, but don’t let the regulatory requirements limit your product execution.