The regulatory system has more and more influence on our software development. Regulatory authorities, external and internal Auditors are increasingly examining our IT and not longer only our business processes and balance sheets. Some of them have better trained IT experts as we can find on the free market. General standards such as ISO/IEC 2700X but also banking-specific standards such as BAIT and MaRisk now pose challenges that generally only large software manufacturers know. Approximately 40 % of our projects are now regulatory-driven. Therefore, we are currently redefining our development process in order to implement the following requirements, among others * Unchangeability of the tested artefacts after the test * Functional segregation * Detection of accidental changes or intentional manipulations of the application The lecture shows the vision of such a safe process. It shows the current status of implementation in SOA and ADF development, for example: Migration of version management to GIT in Atlassian BitBucket Application and selection criteria for a branching model Mandatory code reviews in Atlassian BitBucket Build and Deployment Pipelines in Jenkins Automatic documentation in JIRA Issue via Bitbucket and Jenkins. Maybe you too can minimize the additional work and continue to work agile to meet such requirements.