Our Compliance through Continuous Delivery report examined various aspects of financial industry services, focusing on security and compliance patterns in relation to software deployment. We uncovered counterintuitive patterns for how approval strategies impact delivery throughput in regulated organizations. With the Digital Operational Resilience Act (DORA) now in force since January 2025, we sought to understand how financial services organizations strike a balance between the need for control and the demand for speed.
The software delivery industry has long recommended lightweight change approvals, where peer review and automation replace lengthy approval chains. The State of DevOps research highlights streamlined change approvals as a core capability, with heavyweight approval processes having no impact on reducing failure rates; they merely slow down delivery.
In this post, you’ll discover which approval chain processes drive performance in regulated industries. You’ll find out what to include, what to exclude, and why where you capture approvals matters as much as the approvals themselves.
How managers improve approval flow
When examining approval chains across regulated organizations, you’ll notice some clear patterns in the sign-off chains they use. Some approvals are routed through team managers, while others are sent directly to other departments. We found that involving the team’s manager improved the approval flow and increased throughput for development teams.
Approval chains that involve team managers enhance performance when external approval is required. More surprisingly, they outperform single-step approvals that don’t include the team manager.
Why does this happen? The data suggests that when direct managers respond faster to reviews that the team has already checked, other departments respond to these managers faster than they would react to the team directly. Managers are accelerators of the process rather than gatekeepers.
From an organizational perspective, this makes sense, as change requests arriving from managers who have already completed initial reviews are more likely to be trusted. Managers possess a comprehensive understanding of both the technical aspects and business context, enabling them to serve as an effective bridge between the development team and compliance requirements.
Including other departments in the approval chain showed varied performance scores, suggesting that outcomes depend on factors like information flow and process efficiency. However, when structured correctly, with the team and manager serving as the foundation for all approval chains, departmental approvals can enhance delivery performance.
The problem with committee approvals
Of all of the findings, this was the most absolute: committees are detrimental to software delivery throughput. No approval chain could salvage delivery performance when a cross-department committee was involved. It didn’t matter if you had the perfect team-manager setup beforehand. Cross-department committees become the primary constraint on deployment velocity.
This is likely due to scheduling issues within the committee, which can cause automatic delays. As a result, information and context can get lost or miscommunicated, and changes that require approval may have to wait for a review cycle.
This proved to be a significant barrier to success. Organizations using cross-department committee approvals showed scores that were approximately 40-60% lower than those using a very complex multi-step approval chain process without committees. Scheduling alone can add days or weeks to what should be a smooth and efficient process.
Measuring the approval impact
While the team-manager combination can optimize complex approval chains, the overall trend remains clear: more manual approvals means lower delivery performance. Organizations with a single approval achieved median scores 3x higher than those requiring 6 approvals.
A crucial component influencing software delivery performance is where the approval process takes place. How and where you capture these approvals matters almost as much as how many you have:
- 65% of organizations capture approvals within tools that form the deployment pipeline.
- 43% use service management or compliance platforms.
- The remainder rely on meetings, emails, or other methods of internal communication.
Many organizations disadvantage themselves with multi-modal approval captures. This occurs when specific approvers are reluctant to use appropriate tools, forcing teams to collect approvals through meetings or emails before manually progressing them for deployments.
Deployment and service management tools streamline the approval process and provide auditability. When approvals depend on emails or meetings, audit complexity increases. Organizations may fail to meet audit requirements not because the process wasn’t followed, but because the evidence can’t be found.
Engineering your approval chain
Based on our Compliance through Continuous Delivery report, here are the key steps to improve delivery performance through an approval chain process that balances control with speed:
- Start within the team, as they have a better understanding of the changes than anyone else and can catch issues before they escalate.
- Add in the direct manager, as they act as an accelerator when positioned correctly in the chain.
- Strategically include other departments as needed for security and compliance measures, as the manager facilitates the approval process to ensure these measures are processed efficiently and effectively. Resist the urge to add approval stages “just in case”.
- Automation is crucial and should let security scans, compliance checks, and code quality scanners run automatically, escalating to human review only if problems are detected.
- Skip the committee; even if multiple stakeholders need input, you can instead use parallel approvals through your deployment tools.
- Capture approvals in tools, solving both velocity and audit issues.
Financial services organizations face growing regulatory demands that highlight inefficiencies in the approval chain. Our research indicates that the perceived control versus speed trade-offs are avoidable, with organizations implementing manager and team-inclusive chains, asynchronous processes, and tool-based approval capture as significant factors in achieving high-performance metrics. Effective approval chains, not elimination, drive these improvements.
Happy deployments!
Tags:
