Need-to-know enforced by access control survives an audit. Need-to-know enforced by good intentions doesn't.
In most corporate and investment banks, information barriers are operated socially: a distribution list, a verbal reminder, a "please don't forward". Everyone behaves well — until a deal gets exciting, a calendar invite goes wide, or an examiner asks for evidence that the wall held on a specific Tuesday in March.
The platform alternative makes the wall structural. Each mandate is a deal record with an explicit team; access is granted by membership and stage, not by inbox discipline.
When the question comes — who could see this mandate, when, and who approved the change? — the answer is a report, not an investigation. That difference is hours versus weeks, and it's the difference between a control that exists on paper and one that exists.
Take one live mandate and list everyone who can currently see anything about it, then compare that list with who should. The gap is your barrier risk — and closing it with platform rules is configuration, not a surveillance programme.
One conversation with the architect — and a clear view of what your bank could ship next quarter. If we're not the right fit, we'll tell you in that call.