Speed Limits: Balancing Marketing Automation with Compliance

Abstract: The panel explores how banks can innovate responsibly in a highly regulated environment. Larry Jacobs emphasized that compliance should not be seen as a constraint but as a foundational element of marketing strategies, advocating for internal “speed limits” to balance velocity with value. Lipika Sahoo highlighted the importance of collaboration across legal, tech, and marketing teams, showing how integrating compliance into martech workflows enables faster yet safe personalization. Mark Mountan stressed the need for unified data models and embedded regulatory logic to unlock real-time engagement and reduce manual risk. The discussion concluded with examples of modularity, test-and-learn strategies, and agile cross-functional teams as keys to shortening go-to-market timelines while maintaining compliance—demonstrating that when executed well, compliance can be a catalyst, not a constraint, for bold, customer-centric innovation.

Steve Dobrenski: Our topic is “Speed Limits: Balancing Marketing Automation with Compliance and Personalization.” Let us get started. Larry, what impact does compliance have on the efforts to shift from campaign-based marketing to automated, next-best-action marketing at pace and scale?

Larry Jacobs: I know the title implies that compliance is a speed limit, but I see it differently. Compliance is core to everything we do. It is embedded in our campaign-based processes, and as we move toward automation, it will be built in there too. I do not see compliance as a speed bump or a limiter.

The real risk arises when we chase volume and velocity so aggressively that we outpace strategy and value. Gary mentioned the concept of speed limits recently, and it stuck with me. Speed limits are not inherently good or bad—they exist for a reason. Just because you can drive 100 kilometers an hour does not mean you should drive that fast through a subdivision. Likewise, we must set internal speed limits to ensure our pace does not exceed the value and strategy behind what we are doing. That means applying methods like test-and-learn to scale velocity responsibly.

Steve Dobrenski: That makes sense. Lipika, many say compliance is a license to operate, but is it also a creativity killer? With generative AI and hyper-personalization advancing rapidly, can marketing still be bold when legal is in the back seat pulling the handbrake?

Lipika Sahoo: I bet some legal folks in the room are thinking, “Back seat? I am in the driver’s seat—I prevent you from crashing.” I love tech and innovation. I am a techie at heart, and my role is to bring personalized transformation to customers.

But I constantly remind myself: I am not in the business of tech; I am in the business of applying innovation to meet customers’ financial needs. When we choose GenAI use cases, marketing might lead, but we bring everyone with us. I ask legal for proper disclosures, alignment with tone and brand, compliance with data handling, access management, privacy laws, and consent management. The whole organization becomes part of the use case.

Balancing speed and compliance comes down to three things: (1) having a shared goal, (2) creating collaborative spaces, and (3) building regtech and martech integration. That is where the value lies. Integrating compliance workflows, legal approvals, and pre-approved templates into marketing automation lets us move fast—but safely. You can have a great ride if you wear your seatbelt.

Steve Dobrenski: That is a great perspective. Mark, you have worked across many martech and compliance ecosystems. What value does a shared data model unlock, and is the martech stack fundamentally broken in banking?

Mark Mountan: Good questions. From what I have seen, especially in large banks, it is not that there is a lack of great ideas. The limitation is the business and technical architecture needed to execute those ideas effectively. Hyper-personalization means shifting from broad campaigns to engaging individuals in real time.

We see three key opportunities in banking: (1) acquisition and conversion with regulatory triggers (e.g., soft credit checks for credit card offers), (2) digital onboarding, and (3) early-stage servicing. These are ripe for personalization.

The challenge is orchestration. First, data is decentralized—customer data is scattered across product, servicing, marketing, sales, and even B2B units. Second, manual workflows introduce compliance risk. Third, we need privacy by design and consent-driven marketing. Embedding regulatory logic into the data and decisioning layers enables faster, compliant action. Compliance does not have to be a handbrake—it can be an accelerator.

Steve Dobrenski: Mark and I are based in the United States and work with large banks, some with over 80 million customers. The complexity is comparable, if not greater, than what Canadian banks face. After a decade in Canada, I believe the U.S. challenges are highly relevant here too.

Larry, what has RBC learned in transitioning from traditional campaign marketing to next-best-action marketing?

Larry Jacobs: As Mark mentioned, getting all the data in one place is essential. Communication needs to be choreographed, timely, and centered on the client. Let me leave you with two sound bites:

First: Do not be an autodialer. Email, like an autodialer, is powerful but easily overused. You must avoid overcommunication. A self-imposed speed limit might be as simple as: ensure your opt-out rate does not exceed your lift.

Second: Do not shrink yourself to greatness. Hyper-targeting is effective, but too much precision can cost you the scale that makes campaigns impactful. Balance personalization with broader engagement to maintain reach and value.

Steve Dobrenski: Lipika, what is more dangerous—going too fast or too slow? Also, when you make requests for personalization at scale, how does your technology team respond?

Lipika Sahoo: It depends on the use case. For low-risk areas like GenAI-driven content or knowledge management, the risk is minimal, and the efficiency gains are high—those should be accelerated. But for high-risk areas like AI making investment trades on a customer’s behalf, we should be cautious.

You need explainability and risk-aware design in your stack. Most value lies in mid-risk use cases where you can move quickly but still involve human oversight. As for tech partners, many capabilities rely on vendor-managed services. The issue is not willingness—it is data silos and organizational inertia.

Tech teams are usually aligned, but legacy systems and fragmented data models slow us down. Progress depends on cross-functional cooperation, not just flipping a switch.

Steve Dobrenski: Mark. When systems are disparate and lack a shared data model, what value can banks unlock by unifying them?

Mark Mountan: When customer data and intent signals—whether from sales, marketing, or service—are centralized, banks can unlock powerful, real-time personalization. With third-party cookies disappearing, we are seeing a shift to first-party data and consent-driven engagement.

The next step is streamlining workflows for pricing, disclosures, and digital asset management. You need centralized data, but also a workflow that allows dynamic interaction with regulatory and product components. Some institutions use composable stacks; others still rely on homegrown tools. Either way, the answer lies in integrating workflow, data, and compliance logic into a cohesive, real-time system.

Steve Dobrenski: It is an iterative journey. You cannot undo years of investment in legacy systems overnight, but you can build forward from where you are.

Larry, how do you automate the execution of personalized offers once next-best-action identifies them? Many U.S. banks say that process takes 120–180 days.

Larry Jacobs: With next-best-action, we had a clean slate. We structured dedicated, client-centric pods with representation from all core delivery partners. That eliminated the need to queue for resources.

We also adopted a “fewer, faster, frequent” mindset—focusing quarterly on key priorities. Finally, we embraced modularity. Rather than building offers from scratch, we assembled them from a shelf of components: offers, disclosures, fraud messages, etc. This allowed faster assembly rather than end-to-end construction.

Steve Dobrenski: That modular approach is critical, especially when you target smaller segments. Lipika, have you had to kill an exciting idea due to compliance or cost?

Lipika Sahoo: Yes. We tested fully AI-generated ads with a baked-in approval process, but it did not fly. We are still in early stages, and human oversight remains essential. We hit several roadblocks.

Steve Dobrenski: Larry?

Larry Jacobs: We have had issues when people try to bypass compliance by pushing directly through a channel. Compliance is built into everything—there is no skipping it.

Here are 10 key insights from the panel:

1. Compliance is foundational, not a constraint – Larry Jacobs reframed compliance as a core design principle rather than a speed bump, emphasizing its integration into both campaign and automated marketing strategies.

2. Internal “speed limits” ensure strategic pacing – Just as speed limits protect communities, marketers must self-impose guardrails to balance volume, velocity, and value in personalization.

3. Bold marketing is possible—with collaboration – Lipika Sahoo stressed that marketing can still be innovative if legal, compliance, and tech are brought in early to co-design solutions.

4. Regtech and martech integration accelerates safely – Embedding legal reviews, consent management, and data privacy directly into marketing systems enables compliant, rapid deployment.

5. Data centralization is the gateway to personalization – Mark Mountan emphasized that fragmented data across business units is the biggest obstacle to real-time, hyper-personalized experiences.

6. Composable tech stacks offer scalability and speed – Banks that adopt modular, composable systems can deliver faster with pre-approved components like disclosures and offer templates.

7. First-party, consent-driven data is the future – With the demise of third-party cookies, banks must shift toward unified, privacy-compliant first-party data strategies for long-term engagement.

8. Legacy systems slow progress—but don’t block it – Transformation is iterative; banks must evolve forward by layering new solutions onto old systems while avoiding full replacements.

9. Cross-functional pods drive faster execution – RBC’s “next-best-action” success stemmed from client-centric teams that combined delivery partners, avoiding bottlenecks in execution.

10. Not every idea will survive compliance—but most can evolve – Some AI-driven ideas were killed due to risk or cost, but test-and-learn cultures allow banks to refine bold concepts into workable solutions.

Sign up for the CLA Finance Summit Series