Financial institutions (FIs) face a dynamic and increasingly complex regulatory environment, a situation that is particularly acute for those operating across multiple countries. Regulatory changes put pressure on technology teams responsible for providing the tooling and infrastructure to enable continued compliance. Technology that enhances agility in navigating this environment is increasingly a source of competitive differentiation.
To set their technology strategies and enable outperformance, technologists at FIs need to understand several critical regulatory trends.
So What
The ability to comply with regulatory requirements has become a key source of competitive advantage for financial institutions. Firms that can nimbly adapt to regulatory changes can retain their focus on growth, customer experience, and other strategic initiatives; those that struggle to do so must dedicate ever-increasing time and resources to compliance activity, crowding out other efforts.
Technology teams are central to firms’ ability to respond to changing regulations. Regulatory requirements affect how firms tackle data management, permissions management, customer interfaces, risk management, regulator engagement, and more—areas that rely heavily on technology systems and tools.
How can technology teams best support their firms’ efforts to respond nimbly to changing regulatory requirements? It starts with understanding regulatory trends and building capabilities a step ahead of government enactment of regulations. We explore those trends below.
Subscribe to our Risk Management and Compliance E-Alert.
Go Deeper
Although the future of the global regulatory landscape remains uncertain, firms can use five key trends to anchor their strategies for ensuring adaptive readiness. (See the exhibit.)
These global trends shape the direction of regulations across the globe, but it is critical to capture country-specific nuance as well. For example, although Brazil’s Lei Geral De Proteção de Dados (LGPD) largely echoes the privacy framework of the EU’s General Data Protection Regulation, it differs in some material ways; for example, there is no “right to be forgotten” in LGPD. And countries themselves are not monolithic. In the US, for instance, states increasingly promulgate their own regulations, complicating the task of achieving compliance nationwide.
In the rest of this section, we explore in detail the five themes noted in the exhibit and discuss how technology teams can support their firms in ensuring readiness for each.
Single-Customer View
Regulators increasingly want FIs to create and maintain a single view of customers that captures their entire relationship, driving consistency in customer treatment, compliance, and reporting. As a result, regulators are becoming less tolerant of institutions that maintain separate client records across different businesses. In the UK, for instance, as part of their deposit insurance scheme, all banks must maintain a single customer view to be sent to the regulator within 24 hours, if needed to process claims. The challenge is that silo breaking, already on the corporate agenda, can be a multiyear process.
What to do: Explore architectural changes that will allow the company to trace customers across their entire life cycle, and identify integrations that will be needed to synthesize data across the full range of sources and customer channels.
Resilience Management
Regulators today demand more than traditional business continuity plans. They want a tiered approach to services, with the most critical services designed to remain operational even under extreme stress or system failure. Key challenges include defining service tiers and mapping dependencies across today's complex tech environments. The EU’s Digital Operational Resilience Act, which came into force in January, for example, raises the bar in areas such as risk management, threat-led testing, and evaluation of risks from third-party digital suppliers.
What to do: Use proactive incidence management to monitor and report anomalies. Assess data replication, fault tolerance, and high-availability network design at an infrastructure level. Upgrade to automated testing with enhanced cutover strategies to de-risk business disruptions. Upgrade the vendor evaluation process to continuously monitor for compliance and performance.
Data Localization
More and more governments worldwide are regulating how companies process and access data. In India, the Digital Personal Data Protection Act of 2023 and Reserve Bank of India regulations set strict, complex rules governing the transfer of personal financial data outside the country. This push raises costs, adds complexity, and can hinder digital transformation by limiting vendor options.
What to do: Review and refine data set tagging to track residency requirements and time limits for data stored or accessed outside its originating jurisdiction. On infrastructure, assess the impact of data localization when designing a cloud strategy (for example, determine which data should be processed locally rather than sent—potentially offshore—to the cloud).
Real-Time Payments
Payment speed is accelerating, as consumer demand increases for instant experiences enabled by instant payment services and infrastructure. For FIs, risk and compliance processes that used to operate on a time scale of days or hours must now operate on a timescale of seconds. To adapt to this new paradigm, FIs must reinvent transaction monitoring processes, sanctions screening, fraud risk identification, and more.
What to do: Urgently modernize outdated payment infrastructure to ensure efficiency, security, and access. To better manage liquidity, adopt technology that can provide improved cashflow visibility. Assess the feasibility of building a rail-agnostic ecosystem that supports scalable delivery of operations regardless of payment method.
Regulatory Transparency
As regulators adopt more proactive supervision and demand faster responses, FIs must design systems and processes that deliver heightened levels of transparency. The key challenge is to unify and ensure the accuracy of data that regulators demand at speed, often pulled from legacy systems, without relying on time-consuming manual processes.
What to do: Consider modernizing processes with automation that uses advanced technologies such as AI or GenAI to handle recurring reports. More broadly, serve or preempt ad hoc requests from regulators by creating an automated data reconciliation framework that powers traceability and consistency.
Now What
This fast-moving mix of global regulations puts acute pressure on technology teams that are responsible for developing and maintaining systems and infrastructure that enable compliance. Technologists must figure out how to provide scaled delivery of services while also ensuring that these services are extensively customizable to meet local requirements. We recommend focusing on four key areas:
- Governance. Determine the feasibility of developing data reconciliation frameworks for compliance. Begin to reimagine cross-functional teaming—rethinking cross-functional collaboration, vendor management, and the policy life cycle.
- Data and Business Services. Improve data traceability and usability. Break down silos to boost compliance and unlock broader benefits. Build modular systems that can be customized as needed, such as configurable common core solutions with some (but minimized) geospecific customizations.
- Infrastructure. Revisit components of cloud strategy. Optimize spending and network performance, and ensure industry-leading customer experiences (for example, a rail-agnostic foundation, service level agreements governing network latency and high availability, and data mirroring across smaller geoclusters).
- Security and Monitoring. Prioritize real-time alerts and automated compliance monitoring, leveraging local and cloud partners. Automating compliance and monitoring in real-time can quickly address anomalies, easing many regulatory issues.
The Big Opportunity
The role that technology plays in ensuring regulatory compliance is another example of how technology provides essential support for accomplishing a firm’s strategy and helping it build competitive advantage. In an increasingly complex and dynamic regulatory landscape, technology teams must move quickly to future-proof their technology infrastructure and achieve reliable ongoing compliance.
