Blog AI Artificial Intelligence (AI)

The Build vs. Buy Question Has a New Answer in the AI Age

By Gaby Young

Pop up November 2024(160 x 600 px) (2)

AI tools make in-house builds look faster than ever. But in regulated industries, speed without compliance is not an advantage. It is a liability that compounds for years.

The Build or Buy Question Has a New Variable: AI

For decades, the build vs. buy debate in enterprise software came down to a familiar set of trade-offs: customisation and control on one side, speed and proven capability on the other. Most regulated enterprises, in banking, lending, insurance, and telecoms, landed on "buy" for good reason. The cost and complexity of building production-grade, compliance-ready software internally was simply too high.

Then AI arrived, and the conversation shifted. Suddenly, internal teams had access to tools that could generate code in minutes. The argument became: "We can build this now, and it won't take long." For many technology leaders, the calculus appeared to change overnight.

But here is the problem. AI tools speed up the coding part of a build. They do not speed up the compliance review, the legal sign-off, the security assessment, or the UAT process. In regulated industries, those are not minor inconveniences. They are the work. And they have not gotten faster.

This article draws on Lightico's research into the full technical and organisational requirements of building a compliant customer journey platform in-house. The conclusion is consistent: buying the right platform to build on top of is faster, safer, and less expensive than building from scratch, and that advantage has grown in the AI age, not shrunk.

See Lightico's compliant infrastructure for customer journeys. Request a Demo.

Fast Builds Create Slow Problems

The allure of an AI-assisted in-house build is real. Your team moves fast. You control the roadmap. You avoid vendor dependency. On paper, it looks compelling.

What it does not show is what happens twelve months later.

The numbers on in-house builds are sobering. A 2025 Gartner survey of 3,186 CIOs and technology executives found that only 48% of digital initiatives meet or exceed their business outcome targets. BCG and McKinsey research consistently puts the failure rate for digital transformation initiatives at 70%. Bain's 2024 analysis goes further, finding that 88% of business transformations fail to achieve their original ambitions. Budget overruns are endemic: industry research shows 47% of ERP implementations alone experience budget overruns averaging 35% over plan, with average delays of 18 months. That was before AI tools accelerated the coding phase. Now the coding is faster, but the headline delivery date looks even more achievable, and teams commit to it. The compliance and security phases still arrive on schedule. The timeline pressure does not go away. It gets worse.

AI-assisted development accelerates the build. It does not accelerate the Phase Two realities that define success in regulated environments: compliance review, legal sign-off, security assessment, audit readiness, and ongoing regulatory change.

The result is a pattern that compliance and operations leaders in regulated enterprises know well: a product that ships technically but is not audit-ready. The technical build completes. The compliance posture lags. The gap between the two is where regulatory exposure lives.

What a compliant customer journey actually requires you to build

The technical requirements for a production-grade digital customer journey platform include seven core components. Each is non-optional in a regulated industry. Each is something your team would build once and own indefinitely.

No-code workflow engine. Without this, every regulatory change becomes an IT sprint. Drag-and-drop journey configuration requires years of platform engineering to do correctly.

Scalable cloud infrastructure. Real-time scale-in and scale-out across endpoints takes years to build and requires continuous development as volumes and use cases evolve.

Security and data labelling. Every data element needs its own policy for visualisation, editing, and storage. Failure here risks multi-million-pound fines and permanent customer trust damage.

Integrations. Core banking, CRM, ID verification, e-signature, telephony: each built from scratch with custom code, fragile by nature, owned by your team in perpetuity.

Compliance layer. eSign Act, HIPAA, ADA, FCA, GDPR, AML. Each certification carries initial and ongoing fees. Every regulatory change requires internal resource to update the system.

Cloud-agnostic architecture. Preferred by most enterprises for flexibility and risk management, but expensive and complex to build from scratch. Extends your timeline. Delays time to ROI.

The Build Is Year One. The Burden Is Forever.

There is a framing problem in the build vs. buy debate. Teams evaluate the cost of building. They rarely evaluate the cost of having built.

Once an in-house platform is live, the following obligations do not end. They compound:

  • Regulatory changes require internal resources to identify, assess, and apply updates to the system. In markets like the UK, EU, and US, these are frequent and non-negotiable.
  • Integration debt. Every time a connected system releases an update, your team absorbs the impact. Core banking, CRM, IDV, eSignatures, payments: each connection is a maintenance burden your team owns indefinitely.
  • Staff turnover means compliance logic and security architecture knowledge walks out the door. The institutional memory required to maintain the system safely does not transfer automatically.
  • Technology evolution means code that was current on launch becomes stale. Stale code is a security risk. Keeping it current competes with every other organisational priority.
  • Audit readiness is not a one-time event. It requires ongoing evidence, documentation, and process review. Your team owns all of it.

The in-house platform is not the company's only software or objective. By virtue of that, it will always be competing with other priorities for the resources it needs to stay current, compliant, and secure.

The organisations best positioned to sustain this are those with strong innovation cultures, deep domain expertise in regulated digital interactions, and dedicated teams not pulled in other directions. For most enterprises, that description does not fit. There are too many competing priorities, too many brushfires, and too many initiatives for a non-core platform to receive the continuous investment it needs.

Why AI Makes the Build Case Weaker, Not Stronger

The instinct is understandable. If AI can write code faster, then building must be more viable than ever. But the data tells a different story. The shift from generative AI that answers questions to agentic AI that takes action inside real customer workflows is already underway. In regulated industries, that shift does not just require better AI. It requires a compliant infrastructure layer underneath it. One that connects systems, enforces business rules, creates court-ready audit trails, and adapts as regulations change. Most in-house builds are not designed for this. Lightico is. Gartner reports that about half of companies were developing their own AI tools in late 2023, but that figure fell to around 20% by the end of 2024, as high POC failure rates and compliance complexity drove CIOs back to commercial platforms. IDC found that 88% of AI proof-of-concept projects never made it into wide-scale deployment. The build impulse is understandable. The outcomes tell a different story.

The audit exposure problem gets worse

AI-generated code that ships before compliance review is complete creates audit exposure that can move quickly from an internal issue to a board-level conversation. The speed of code generation does not align with the pace of compliance review. The faster you ship, the larger the gap between what is live and what is fully signed off. In regulated industries, that gap is where fines happen.

Agentic AI needs a compliant layer underneath it

The next wave of AI is not just generating code. It is operating autonomously inside your customer workflows. AI agents will validate documents, initiate compliant interactions, and produce audit trails. Those agents need a compliant journey layer underneath them to operate safely. The faster AI develops, the more urgently you need that layer in place. Building it takes time your competitors are not waiting for. With Lightico, the compliant governance layer for agentic AI is already there, MCP-connected, audit-ready, and operating from day one.

MCP readiness changes the connectivity question

MCP (Model Context Protocol) is the emerging standard that allows AI agents to connect to external platforms without custom integration code. Think of it as a universal plug socket for AI agents. Lightico is already MCP-connected. Your AI agents can integrate with Lightico today, without a custom build. A self-built platform has no MCP connectivity. Your team would need to build and maintain that too.

Lightico Is the Infrastructure for Your Customer Journeys

The reframe that matters most in this conversation is this: Lightico is not an alternative to building. Lightico is the governance layer for regulated customer journeys in the agentic age. It is the infrastructure layer that regulated enterprises build their customer journeys on top of. Think of it the way you think of an operating system: you do not build the foundation before you write your application. You build on top of it. Lightico provides the compliance layer, the integration connectors, the audit trail architecture, and the MCP connectivity, so your team can focus on configuring the journeys that differentiate your business. This is precisely the shift Gartner identified in its 2025 forecast: "Ambitious internal projects from 2024 will face scrutiny in 2025, as CIOs opt for commercial off-the-shelf solutions for more predictable implementation and business value."

Your team still owns the journeys. You still configure, adapt, and iterate. What you do not own is the compliance risk, the integration upkeep, or the security architecture. Those live with Lightico.

What Lightico has already built for you

  • Regulatory knowledge built in from day one. FCA ID requirements, AML document triggers, GDPR data labelling: embedded in the platform from years of deployments across regulated industries. You inherit it. You do not rebuild it and you do not own every update as regulations evolve.
  • A no-code workflow engine. Business teams configure and adjust customer journeys without an IT sprint. When a regulation changes, the response is days, not quarters.
  • Pre-built integrations. Core banking, CRM, ID verification, e-signature, telephony: the connections are built, maintained, and updated by Lightico, not your team.
  • Purpose-trained AI document intelligence. Lightico's purpose-trained SLMs outperform general-purpose LLMs by 11.5% on accuracy and 25.7% on recall, at 33x lower cost per token. Built specifically for regulated document types across banking, lending, and insurance.
  • MCP connectivity for AI agents. Your AI agents connect to Lightico today. No custom integration. No build. No maintenance.
  • Audit-ready from day one. Compliance is part of the platform design, not retrofitted after the build completes. Every customer interaction produces a clean, structured audit trail.

Build vs. Buy: Side by Side

Dimension Build it yourself Build on Lightico
Time to live 12 to 24 months Significantly faster than building from scratch
Compliance layer You build it. You own every update. Pre-built, always current, audit-ready
Regulatory updates Internal resource required every time Lightico owns it. Your team configures the response.
Journey changes IT sprint required Business team configures. No IT cycle.
Audit exposure High: AI builds frequently skip compliance review None: compliance built in from day one
Agentic AI readiness You build the compliant journey layer too Already there. Agents operate inside it from day one.
MCP connectivity Custom build. Maintained forever. Native MCP. Plug in today. No code.
Integration maintenance Your team owns it indefinitely Lightico manages it as part of the service
Cost of delay 18+ months of manual ops, risk, lost customers Strong ROI within months of going live

The Honest Checklist

Before committing to a build, answer these questions with the operational buyer in the room, not just the IT team:

  • Does your organisation have dedicated personnel committed exclusively to this build, not split across other projects?
  • How long did your last compliance journey take from sign-off to live? Does your build timeline account for that?
  • When a regulation changes, how long does it currently take to update affected workflows, and who owns that work?
  • Who owns the compliance logic when team members leave?
  • While the build runs for 18 months, what does it cost to keep the current manual process running?
  • Does your Head of Operations know how long this build will actually take?
  • Does your team have deep domain expertise in building secure, regulated digital interactions across mobile and web?

If several of those questions are uncomfortable, that discomfort is data. It is the real cost of the build, surfacing before the commitment is made.

HSBC, Santander, BT, EE, and GM Financial all chose Lightico. See why. Request a Demo.

Frequently Asked Questions

How long does it actually take to go live with Lightico?

Lightico customers go live significantly faster than a comparable in-house build. The timeline covers configuration, integration, and testing. It does not require building compliance infrastructure, a workflow engine, or integration layers from scratch, because all of those are already part of the platform. In contrast, building an equivalent capability in-house typically takes 12 to 24 months in regulated industries, once compliance review, legal sign-off, security assessment, and UAT are factored in.

We have a strong internal IT team. Why can't we build this ourselves?

Strong IT teams can absolutely build digital journey platforms. The question is whether that is the best use of their capability. The technical requirements include a no-code workflow engine, scalable cloud-agnostic infrastructure, full data labelling and security architecture, a compliance layer covering FCA, AML, GDPR and other frameworks, plus pre-built integrations to core banking, CRM, ID verification, and e-signature platforms. Every one of those components is built once and owned indefinitely. As regulations change, integrations update, and technology evolves, the maintenance burden compounds. Lightico absorbs all of it, allowing your IT team to focus on what actually differentiates your business.

AI tools mean our developers can build faster now. Doesn't that change the calculus?

AI tools accelerate the coding phase. They do not accelerate compliance review, legal sign-off, security assessment, or UAT, which are the phases that determine when a regulated digital journey can actually go live. In practice, AI-assisted builds often create a new risk: code that completes quickly but deploys before the compliance layer is ready, creating audit exposure. Lightico removes that risk by making compliance part of the platform design, not a phase that happens after the build.

What is MCP and why does it matter for our AI strategy?

MCP stands for Model Context Protocol. It is the emerging standard that allows AI agents to connect to external platforms and data sources without requiring custom integration code. Think of it as a universal plug socket for AI agents. Lightico is already MCP-connected, which means your AI agents can plug in today with no custom build. A self-built platform would require your team to build and maintain MCP connectivity themselves. As AI agents become central to how regulated enterprises operate customer journeys, having a platform already wired for agentic AI is a significant strategic advantage.

How does Lightico handle compliance as regulations change?

Lightico embeds regulatory knowledge from years of deployments in regulated industries across banking, lending, insurance, and telecoms. When regulations change, Lightico updates the platform. Your team configures the business response. You do not need to identify the regulatory change, assess its impact on your system, compete for internal IT resources to implement the update, and then re-validate the platform. That entire cycle lives with Lightico.

What is the ROI of using Lightico vs. building in-house?

Lightico customers typically recover a strong ROI within months of going live. Reported outcomes include 40% OPEX reduction, 90% less manual document review, and 13% sales uplift from faster customer journeys. The ROI calculation for a build must also factor in 18 or more months of continued manual operations costs while the build runs, the full cost of the internal team, integration and compliance infrastructure build, ongoing maintenance, and the compliance and audit risk carried during that period. When all factors are included, the build option is consistently more expensive and significantly slower to positive return.

Can Lightico integrate with our existing systems, or does it replace them?

Lightico is designed to integrate with your existing systems, not replace them. Pre-built integrations connect to core banking platforms, CRM systems, ID verification providers, e-signature tools, and telephony infrastructure. Lightico can also be deployed without integration in cases where customer journeys are standalone. The integration layer is built and maintained by Lightico. Your team does not carry the maintenance burden.

How does Lightico's document intelligence compare to building with a general AI model?

Lightico uses purpose-trained Small Language Models (SLMs) specifically trained on regulated document types across banking, lending, and insurance. These models outperform general-purpose Large Language Models by 11.5% on accuracy and 25.7% on recall, at 33x lower cost per token. Building equivalent document intelligence in-house would require years of model training, labelled data collection, and continuous retraining as new document formats enter your processes. Your team would own all of that indefinitely. This capability is genuinely not worth replicating in-house.

Glossary: Key Terms Explained

What is MCP (Model Context Protocol)?

MCP is an emerging standard that allows AI agents to connect to external platforms and data sources without custom integration code. Often described as a universal plug socket for AI agents, it means any AI agent can plug into a compatible platform without your team writing bespoke connectors. Lightico is MCP-native, meaning your AI agents can connect today without a custom build.

What is an SLM (Small Language Model)?

A Small Language Model is a compact, purpose-trained AI model designed for a specific domain or task. Unlike general-purpose LLMs, SLMs trained on regulated document types deliver higher accuracy, better recall, and significantly lower cost per token for document verification and extraction in banking, insurance, and lending. Lightico's SLMs outperform general-purpose LLMs by 11.5% on accuracy at 33x lower cost per token.

What is an LLM (Large Language Model)?

A Large Language Model is a broad-purpose AI model trained on general data, such as GPT-4 or Claude. While powerful for general tasks, LLMs are outperformed by purpose-trained SLMs on regulated document intelligence tasks and carry significantly higher cost per token. For document-heavy regulated workflows, a purpose-trained SLM is the more accurate and cost-effective choice.

What is Agentic AI?

Agentic AI refers to AI that operates autonomously inside workflows, taking actions and making decisions without constant human input. In customer journey contexts, agentic AI validates documents, initiates compliant interactions, and generates audit trails. It requires a compliant journey layer underneath it to operate safely in regulated industries. Lightico provides that layer out of the box.

What is Journey Orchestration?

Journey Orchestration is the capability to design, automate, and manage the end-to-end steps a customer takes to complete a business transaction, across any channel and any touchpoint. Lightico's Journey Orchestration platform goes beyond individual interactions to coordinate the full sequence of events: document collection, ID verification, consent capture, e-signature,  IDP (intelligent document processing) and payment, in a single structured, compliant flow.

In regulated industries including banking, lending, insurance, and telecoms, journey orchestration must do more than connect steps. It must enforce compliance rules at every touchpoint, produce a complete audit trail for every interaction, adapt instantly when regulations change, and allow business teams to update journey logic without raising an IT ticket. Lightico delivers all of this out of the box.

Unlike in-house builds that require years of compliance infrastructure work before a single journey goes live, Lightico's Journey Orchestration platform is pre-built, audit-ready, and MCP-connected for AI agents from day one. Enterprises including HSBC, Santander, BT, EE, and GM Financial use Lightico to orchestrate compliant customer journeys at scale, without the overhead of building or maintaining the underlying infrastructure themselves.

What is an Audit Trail?

An audit trail is a structured, time-stamped record of every action taken within a customer journey, including who did what, when, and how. Regulators in banking, insurance, and telecoms require it. It cannot be retrofitted after a platform is built. It must be designed into the architecture from day one, which is how Lightico builds it.

What is a No-Code Workflow?

A no-code workflow is a platform capability that allows non-technical business users to design and update customer journeys using a visual interface, without writing code or raising an IT ticket. In regulated industries this is critical: when a compliance requirement changes, a no-code workflow engine means the business can respond in days rather than waiting for an IT sprint.

What is the FCA?

The FCA (Financial Conduct Authority) is the UK regulatory body governing financial services firms. FCA compliance requirements for digital customer journeys include specific standards for ID verification, consent capture, document handling, and audit trail structure. Lightico's platform incorporates FCA requirements by design, so customers do not need to build compliance logic from scratch.

What is AML?

AML stands for Anti-Money Laundering. It refers to the regulatory requirements mandating financial institutions to verify customer identity, screen against sanctions lists, and flag suspicious transactions. AML document triggers are built into Lightico's platform for relevant journey types, removing the need for financial institutions to build and maintain this logic internally.

What is GDPR?

GDPR (General Data Protection Regulation) is the EU regulation governing how organisations collect, store, process, and share personal data. Compliance in a digital journey platform requires data labelling, granular access controls, consent management, and documented data handling policies. These requirements are embedded in Lightico's platform rather than left to the customer to build.

What is TCO (Total Cost of Ownership)?

Total Cost of Ownership is the full cost of a technology decision over its lifetime, including initial build or purchase, integration, ongoing maintenance, compliance update costs, staff training, and the opportunity cost of internal resource distraction. TCO analysis consistently favours buying Lightico over building an equivalent platform in-house once maintenance, compliance, and integration overhead are included.

What is UAT?

UAT stands for User Acceptance Testing. It is the final phase of software testing in which end users validate that a system meets their requirements before it goes live. For regulated digital journey platforms, UAT must also include compliance validation and security sign-off, adding significant time to any build project regardless of how quickly the development phase completes.

Ready to build faster, with compliance built in? Request a Demo.

Read This Next

Closing Banking’s Experience Gap – The Executive’s Guide to Digitizing Regulated Customer Journeys

What if your bank could reduce mortgage application time from 21 days to under 2…

Read More

Rethinking Regulated Journeys – How Three UK Turned Compliance into a CX Win

What Telcos Can Learn From Three’s Award-Winning Customer Experience Strategy When compliance becomes a source…

Read More

15 KPIs Every Captive Auto Lender Should Track

15 KPIs Every Captive Auto Lender Should Track  Captive lenders occupy a unique position in…

Read More
stars logo

reviews"Great tool to expedite customer service"

The most helpful thing about Lightico is the fast turnaround time, The upside is that you are giving your customer an easy way to respond quickly and efficiently. Lightico has cut work and waiting time as you can send customer forms via text and get them back quickly, very convenient for both parties.
stars logo

"Great Service and Product"

I love the fact that I can send or request documents from a customer and it is easy to get the documents back in a secured site via text message. Our company switched from Docusign to Lightico, as Lightico is easier and more convenient than Docusign, as the customer can choose between receiving a text message or an email.