Case Study · Regulated Financial Services · NDA

From API Catalog to
Governance Workflow Platform

Translating multi-stakeholder compliance challenges into a structured, scalable governance platform for a major international bank.

Role
Sole Designer
Timeline
50 weeks
Multi-phase
Monthly requests
150+
centralized
Key impact
faster approvals
01

Project framing

Context, scope, and what I was actually asked to solve.

A major international bank operating in Mexico faced a critical operational challenge: their API governance process relied on a static catalog and manual email-based reviews — creating compliance risk, limited audit traceability, and cross-team friction as API adoption scaled.

The business environment demanded structured governance: regulatory compliance requirements, cross-functional approval chains spanning legal, security, and operations — and growing pressure to accelerate time-to-market without sacrificing oversight.

Initial Request

The original initiative aimed to improve the API catalog experience. However, early discovery revealed that the real issue was not discoverability — it was workflow governance.

Why This Mattered

Approval cycles were slowing down product delivery and increasing operational friction across teams — directly impacting time-to-market in a regulated financial environment.

Business Environment
  • Compliance and audit requirements from internal regulatory frameworks
  • Cross-team dependencies across legal, security, product, and operations
  • Increasing API integration volume with no scalable review process
  • Limited process visibility creating accountability gaps
02

Fragmented by design

Governance workflows were manual, unstructured, and impossible to audit — in an environment where oversight was non-negotiable.

The API governance process relied heavily on email threads, static documentation, and repeated manual validation cycles. Requests moved across legal, security, and operations teams without a structured system — creating compliance risk, accountability gaps, and limited audit traceability.

"Governance was treated as documentation — not as a workflow system."
Operational Friction
  • Manual documentation review across every request
  • Repeated validation cycles with no clear resolution
  • Email-based approvals with no audit trail
Visibility Gaps
  • No centralized request tracking
  • Unclear approval status across teams
  • Limited audit transparency for compliance
03

Research & discovery

Aligning on the real problem — governance requirements had to meet real operational realities.

Methods
  • Stakeholder interviews across legal, security, and operations
  • Governance workshops with API Requesters and Reviewers
  • Role-based persona definition
  • As-Is workflow mapping sessions
Facilitation Approach

I led governance workshops to surface misaligned expectations and define shared validation criteria. Outputs directly informed the validation engine logic and intake form — translating stakeholder language into system requirements.

API Requesters

Needed clarity on submission requirements and real-time approval status.

Governance Reviewers

Required structured validation criteria and full audit traceability.

Key Insights
  • Validation criteria distributed without structure led to inconsistent review standards
  • Fragmented email threads increased turnaround time and reduced accountability
  • No centralized tracking made compliance oversight nearly impossible
04

As-is workflow

Manual, email-driven approval process with repeated validation loops — no audit trail, no visibility.

API Governance — Before
API Requester
submits via email
Inbox / Email Thread
no structure
Legal Review
manual
Back & Forth
no tracking
Security Review
manual
Decision via Email
no audit trail
Pain Point / Compliance Risk
05

Strategic reframe

The issue was not discoverability — it was workflow governance.

From
API Catalog Improvement
To
Structured Governance Workflow Platform for Regulated Financial Services
Shifted from static documentation to structured, compliant intake
Embedded validation logic to enforce regulatory criteria consistently
Introduced centralized tracking and audit visibility across all teams
06

To-be workflow

Structured, transparent, and auditable — designed to meet compliance and traceability requirements.

API Governance — After
API Requester
structured intake
Validated Form
auto-validated
Gov. Dashboard
centralized
Multi-Team Review
structured
Traceable Decision
audit trail
Notification
compliance-ready
Governance Layer
07

Platform architecture

Enabling structured intake, validation, review, and tracking across all compliance checkpoints.

Intake Layer
Structured Form Field Validation Compliance Check Draft / Submit States
Review Layer
Governance Dashboard Multi-Team Queue Criteria Validation Role-based Access
Tracking Layer
Status Tracking Audit Trail Decision History Notifications
08

Design execution

Governance architecture translated into structured, scalable user experiences.

Governance Platform — Intake Form with validation states
Governance Platform — Dashboard and request queue
01
Standardized Intake Structure

Replaced fragmented email requests with guided form logic — enforcing completeness before submission reaches the review queue.

02
Real-Time Validation States

Reduced incomplete submissions and review cycles by surfacing errors inline, at the point of input.

03
Clear Status Ownership

Defined system states to improve cross-team visibility — every stakeholder could see exactly where a request stood.

04
Reusable Form Patterns

Scalable interaction patterns aligned with governance requirements — enabling consistent compliance review at scale.

09

Results & impact

Measurable governance improvement through structured design.

Faster Approval Turnaround

Structured intake and compliance-aligned validation replaced fragmented review cycles.

150+
Monthly Requests Centralized

Email-based approvals replaced with a unified, auditable governance workflow.

Visibility & Accountability

Real-time tracking and audit traceability established across legal, security, and operations.

10

Designing for AI readiness

How I would enhance this system today using AI and advanced systems thinking.

01
Structured Data Over Free-Form Input

The intake form enforces structured, machine-readable submissions — replacing narrative email threads with typed fields and validation states. This creates the clean data layer required for future pattern detection and intelligent routing.

02
Validation Logic as a Rule Engine

Embedding validation criteria directly into the system means those rules can be versioned, audited, and eventually automated. The design made governance logic explicit and traceable.

03
Audit Trail as a Data Asset

The tracking layer captures decision history with context: who reviewed, what criteria were applied, what was flagged. This structured log is the foundation for future AI-assisted risk scoring and anomaly detection.

What AI Could Augment — Without Replacing Human Oversight
AI as a decision-support layer — augmenting governance clarity while preserving human accountability.
11

Reflection & key takeaways

Designing governance systems requires thinking beyond screens — and into structured operational clarity.

Governance is workflow, not documentation.

Clarity emerges from structured systems — not static guidelines. The shift from catalog to platform was the design insight, not an output.

Visibility reduces operational friction.

Transparent states and clear ownership eliminate unnecessary feedback loops across teams. Ambiguity is a design problem with a design solution.

Validation logic must live inside the system.

Embedding rules within the experience improves scalability and consistency — and creates the data foundation for future automation.

AI should augment — not replace — human expertise.

Decision-support layers can enhance governance without removing oversight. In regulated environments, human accountability is non-negotiable.

NDA · Confidential

This project was completed under NDA — client names and visual artifacts are withheld. Additional documentation, detailed flows, and validation breakdowns are available upon request with discretion.

Next case study
Enterprise Tax Platform
View case study