The challenge.
Asia’s largest Tier-1 bank, mid-transformation: no EA governance body, no standardised coding practices, no consistent CI/CD, no enterprise resource-utilisation visibility, no demand forecasting, no defined project-lifecycle policies, no architectural principles for data / applications / microservices / messaging, no standard templates or playbooks for developers, QA and DevOps.
Result: duplicated investments, security exposure, delivery delays, limited executive visibility. Every team optimising locally; nothing compounding across the enterprise.
The constraints.
- Scale: 1,000+ applications. Anything that couldn’t apply uniformly was operationally invisible.
- Organisation: Multiple siloed teams across geographies; cultural and language differences across Asian delivery hubs.
- Timeline: 6 months. Any approach requiring a 2-year programme would be irrelevant.
- Regulatory floor: Financial-services compliance and security control requirements implicit at every step.
The approach.
1. Stood up the EA Governance Council.
Bank-wide forum with defined decision rights, escalation paths and review cadences. Stopped the “loudest voice wins” pattern.
2. Defined the principles — per domain.
Enterprise-wide principles for data platforms and ownership, application layering and domain boundaries, microservices design and API standards, event-driven and queueing mechanisms. Each principle written for encoding, not aspiration.
3. Standardised delivery substrate.
CI/CD pipelines, coding guidelines, security checkpoints as reusable templates. New services inherited the standards instead of negotiating them.
4. Built portfolio visibility.
Single consolidated view of every project, with a prioritisation framework spanning business value, risk reduction, regulatory impact and technical debt. Executive decision-making moved from anecdote to evidence.
5. Centralised capacity management.
Resource utilisation and demand forecasting consolidated across the enterprise. Talent allocated against the priority queue, not against the loudest internal customer.
6. Remote engagement model.
Delivered remotely from Australia. Worked because we invested in local leadership alignment + visual / simplified artefacts that worked across language barriers — not because the bank’s teams adapted to us.
Outcomes — six months.
visibility
or misaligned initiatives
model adopted
security baselines live
Plus: improved delivery velocity via reusable templates, an enterprise-wide prioritisation framework adopted across business units, and a measurably stronger security and compliance posture through early-stage architecture and design reviews. The cultural shift — siloed to collaborative, architecture-led execution — was the deepest outcome and the hardest to capture in a number.
The job of EA governance isn’t to review decisions. It’s to make the right decisions easier than the wrong ones.
What I would do the same again.
- Council first, principles second. A forum that meets and decides matters more than a principles document that doesn’t get read.
- Visibility before standardisation. Standards are unenforceable without portfolio visibility — you can’t require what you can’t see.
- Visual artefacts for cross-language delivery. Diagrams + simplified writing carry more meaning across language barriers than long documents.
- Templates as the unit of distribution. Standards delivered as ready-to-use scaffolds get adopted; standards delivered as Confluence pages don’t.