70% faster deployment lead time for a UK retail bank.
The bank’s digital division had 40+ engineering teams and a single route to production: a change advisory board that met twice a week and took a median of 12 days to approve a release. The control was real — this is an FCA-regulated institution — but it was enforced by meetings and spreadsheets, which meant it was slow and only as consistent as the people in the room.
Teams had responded the way teams always do: batching changes into large, risky releases, or finding routes around the process. Risk was rising while delivery slowed — the worst of both. The mandate we were given was precise: cut lead time dramatically without weakening a single control the audit function relied on.
We started by encoding what the change board actually checked. Six weeks of discovery turned its implicit checklist — segregation of duties, rollback plans, dependency freezes, evidence capture — into explicit, testable policies. This step mattered more than any technology choice: it converted a governance ritual into a specification.
Then we built the platform: an EKS-based Kubernetes estate with paved-road pipelines in GitHub Actions and ArgoCD. Every policy from the change board became an OPA gate in the pipeline — enforced on every change, with the evidence written to an append-only audit log at the moment of enforcement. A release that passed the gates was, by construction, a release the old board would have approved.
Migration ran team by team, never big-bang. Each team moved with a two-week embedded pairing period, and the old route stayed open until its traffic fell to zero on its own — teams left the change board because the new path was better, not because it was mandated.
Architecture · EKS (multi-cluster, per-environment) Pipelines · GitHub Actions → ArgoCD (GitOps) Controls · OPA/Rego gates encoding CAB policy Evidence · Append-only audit log, query-on-demand Migration · Team-by-team, parallel routes, zero mandates
Median lead time fell from 12 days to 3.5 — a 70% reduction — while release size dropped and change failure rate fell with it. The migration itself caused zero P1 incidents across nine months. The audit position strengthened: at the following internal audit, evidence requests that had previously taken weeks were answered with queries against the audit log, in hours. The change board still exists — it now reviews exceptions, which is what it was always best at.