In our recent profile of Nic Granger, we explored how the Chief Financial Officer and Chief Information Officer of the North Sea Transition Authority (NSTA) is helping shape a more capable and data-literate regulator. With a background that spans finance, systems change and public sector transformation, Granger brings a rare perspective to digital regulation.

In this Q&A, she reflects on the lessons behind successful data initiatives, how NSTA is approaching AI with caution and clarity, and why transformation often hinges less on new tools than on sequencing, culture and listening. The conversation touches on people, process and technology in equal measure.

1. You’ve held both CFO and CIO roles. How do you align financial strategy with digital transformation?

Accountants get a bad name – they’re seen as the people who stop things. I flip that around. You can’t do anything without funding. Finance teams should be seen as the ones enabling projects to happen. When you’re allocating budgets, you should be doing it in line with the organisation’s strategy and purpose. So for me finance and technology are much more aligned than people think.

2. What does transformation really mean for you?

It’s not about the tech. It’s about people and how they do things. Humans generally don’t like change – you like to know your environment. The first thing about bringing people along is making sure everyone understands the purpose and the outcome – how it will make their working day better.

3. You’ve had success with big data initiatives like the National Data Repository (NDR). What made it work?

We grew it from about 15 terabytes to over a petabyte – that’s roughly 16 years of HD Netflix movies. The real success came from clarity of purpose and making it a very team-led process. My role was just removing blockers. The data is now being used to train models for AI to understand the subsurface and for wind rounds in Scotland. It’s not just a repository – it’s creating value.

4. What would you do differently next time?

Not trying to do everything at once. We’re a relatively small regulator and always have more ideas than capacity. We were lucky with the NDR – it went really well because we had a great team. But I’d definitely take a more iterative approach next time. Transformation isn’t a Big Bang anymore. It can and should be done in stages.

5. What does AI use look like at the NSTA right now?

We’ve rolled out Copilot in the browser into a pilot group. But really, we’re starting with automation. We’ve literally taken what was a paper or email print-cart round the office and digitised that. Chatbots and other tools are coming, but we’re being cautious. We started drafting an AI policy, and it was out of date before we finished it. We’re just updating our IT acceptable use policy instead. If you wouldn’t put data into Google, why would you put it into an AI agent?

6. What are your non-negotiables when it comes to AI governance?

Two of our organisational values really matter here: robust and accountable. AI can inform decisions and help us make better ones – but it shouldn’t be making them. Individuals are still accountable, whether it’s a regulatory decision or an operational one. That’s something we’re really clear on.

7. What’s the hardest part of transformation in practice?

Stopping old things. We’re much better at piloting and trying new things than we are at sunsetting legacy systems. People get very personally linked to their processes – it’s not just technical, it’s emotional. So for me it’s about sequencing and listening. You can’t do everything at once. You have to understand what people need and why before you change it.

People get very personally linked to their processes – it’s not just technical, it’s emotional.

8. What has international collaboration taught you that’s changed your view?

A lot, especially with our Norwegian counterparts. The North Sea doesn’t see national borders – so neither can our data. Through the North Sea Data Management Forum, we work with other governments on subsurface data, carbon storage, all kinds of things. Our regimes might differ, but the goals are the same – and learning from each other has been hugely valuable.

9. Where would you invest if you had 10% more budget?

I’d put it into redeveloping legacy platforms. We have systems that were cutting-edge 20 years ago, but now rely on outdated frameworks and shrinking pools of developers who still know how to maintain them. That creates real risk – not just because of the age of the tech, but because those systems often don’t integrate well with each other.

Silos across your technology estate are always going to increase operational risk, even if your cybersecurity posture is strong. For me, reducing our reliance on legacy platforms, portals, standalone applications and spreadsheets – and making sure everything is integrated into a more cohesive, modern digital estate – is where I’d focus investment. It’s not just about performance or innovation. It’s about resilience.

10. Any books or thinkers that have shaped how you lead?

Two. Ernest Shackleton – he ultimately failed in his purpose, but showed a huge amount of resilience and leadership. The team was more important than the goal. And Be More Pirate by Sam Conniff – it’s about constructive disruption. Thinking differently in a good way. I like that combination – endurance and rebellion.

For more on Nic Granger’s career journey, leadership philosophy and approach to modernising regulation, read our companion profile on the CFO–CIO regulator rethinking digital transformation from the inside out.