Permissions and OKYC

Transforming a fragmented, legacy permission and consent system into a single, clear experience — navigating complex regulatory requirements across 26 million customers and 7 product squads.

RoleLead UX Designer

SectorFinancial Services · Lloyds Banking Group

Scale26 million customers

Squads7 cross-functional teams

The Problem

Consent buried in complexity.

"I have no idea what I've agreed to or where to change it. It feels like they make it hard on purpose."

Lloyds Banking Group's permission and consent architecture had evolved organically over decades — resulting in a fragmented landscape where customers had no single place to understand, manage, or update their data sharing preferences and regulatory consents.

Permissions were scattered across multiple touchpoints — onboarding flows, account settings, product journeys, and paper-based processes that had never been digitised. The introduction of OKYC (Ongoing Know Your Customer) regulatory requirements added a new layer of complexity: the business needed to periodically verify and update customer data, but the experience for doing so was broken.

Three compounding problems drove the redesign:

01 Fragmentation. Customers needed to navigate up to six different areas of the app to manage all their permissions — with no consistent language, interaction pattern, or visual hierarchy across them.
02 Regulatory opacity. Legal language around OKYC obligations was presented verbatim — without translation, context, or guidance — leaving customers confused about what they were being asked to confirm and why.
03 Delivery inconsistency. With 7 squads each interpreting requirements independently, implementations had diverged significantly — creating design debt, inconsistent experiences, and a fragile system that was expensive to maintain.

The Solution

One place. Clear language. Full control.

Cross-squad design system alignment

Before designing a single screen, we spent the first six weeks auditing the current state across all 7 squads — cataloguing every permission touchpoint, its language, its interaction pattern, and its underlying policy driver. This produced a shared source of truth that became the foundation for the redesign and eliminated the duplication of effort that had driven divergence.

Unified permissions hub

We designed a centralised permissions and consent hub — a single destination in the app where customers could view, understand, and manage all their data sharing preferences, marketing choices, and regulatory consents in one place. Permissions were grouped by theme rather than by the internal system that owned them, reflecting how customers actually think about their data.

Plain-language regulatory translation

Working closely with legal and compliance teams, we developed a content framework for translating regulatory obligations into plain English — preserving legal accuracy while making each consent genuinely understandable. Every OKYC confirmation step was tested with customers until comprehension rates exceeded 85% without assistance.

Shared component library

All permission-related UI patterns were consolidated into a shared component library — documented, versioned, and handed to all 7 squads with clear usage guidance. This created a single source of truth that reduced bespoke design and engineering work, accelerated delivery, and ensured consistency regardless of which squad was touching a permission-related journey.

The Results

Faster delivery. Consistent experience.

40%

Faster delivery cycles

Shared components and a single source of truth eliminated duplicated design and engineering effort across all 7 squads.

Squads aligned

First time all permission-related product teams operated from the same design system, language framework, and UX patterns.

Source of truth

A unified permissions hub replaced 6+ fragmented touchpoints — giving customers full visibility and control in one place for the first time.