Three Things Compliance Leaders Can’t Afford to Ignore in 2026
- FinScan
- 13 hours ago
- 5 min read
As published in: FinCrimeTech50 2026
There’s a noticeable shift happening in financial crime compliance, and it’s not being driven by a single regulation, technology, or enforcement action. It’s the convergence of all three.
Regulators are moving faster and aligning across jurisdictions. Payments are accelerating toward real time. And fintechs, once seen as disruptors operating ahead of regulation, are now firmly in the regulatory spotlight.
Individually, each of these trends is manageable. Together, they are reshaping what “effective compliance” actually means.
For compliance leaders, the challenge isn’t just keeping up. It’s understanding where expectations are heading next and whether current operating models can support them.
Here, FinScan experts Steve Marshall, Chris Ostrowski, and Becki LaPorte provide their insights on the three areas that demand immediate attention.
1. Regulatory Change Is No Longer Episodic—It’s Continuous and Coordinated
According to Steve Marshall, Director – Advisory Services at FinScan, recent regulatory developments across the UK, EU, and US point to a clear pattern: AML and sanctions expectations are becoming more standardized, more data-driven, and more
operationally demanding.
The UK’s latest amendments to its Money Laundering Regulations are a good example. On paper, the changes appear incremental: tightening crypto oversight, refining customer due diligence, and updating trust registration requirements. But the
real shift is more subtle.
“Regulators are no longer asking whether firms have controls.
They are asking whether those controls work in practice,
at scale, and under scrutiny. This distinction matters,” said
Marshall.
Across jurisdictions, expectations are converging around a few
key themes:
Effectiveness over existence: Policies are no longer enough. Execution must be demonstrable and consistent
Broader definitions of risk: Moving beyond customer-level risk to include counterparties, networks, and transaction flows
More centralized supervision: Particularly in the EU, where AMLA is pushing toward a single rulebook and standardized oversight
Data as the foundation: Risk assessments, decisioning, and auditability all depend on clean, connected, explainable data
At the same time, enforcement signals are getting louder. The past month alone saw major penalties tied to failures in surveillance, escalation, and governance—often where fraud and AML risks intersect.
Regulatory change is no longer something that happens in cycles. It’s a continuous, coordinated process, and firms are expected to keep pace in real time.
2. Payments Are Moving in Real Time, But Compliance Still Isn’t
If regulatory expectations are accelerating, payments are
moving even faster.
In the view of Chris Ostrowski, Head of Product Management at FinScan, real-time rails, instant settlement, digital wallets, agentic commerce, and stablecoins are fundamentally changing how money moves. What used to be a batch-based, reviewable process is now a sub-second decisioning challenge.
And yet, as he states, much of the compliance infrastructure supporting payments hasn’t caught up.
Stablecoins are a clear example. Once considered niche, they are now behaving like operational payment rails, with transaction volumes rivaling traditional networks. But many firms still treat them as a separate or emerging risk category.
That’s a mistake.
From a regulatory perspective, a payment is still a payment, regardless of whether it moves over SWIFT, RTP, or a blockchain network. Screening obligations at origination still apply. Sanctions risk doesn’t disappear because the asset is tokenized.
What does change is the execution model.
Compliance programs must now operate in environments
where:
Decisions must be made in milliseconds, not hours.
Data arrives in fragmented or non-standard formats (e.g., ISO 8583 vs. ISO 20022 vs. blockchain metadata).
Risk is contextual, requiring dynamic rules based on corridor, counterparty, and transaction attributes.
Straight-through processing (STP) is essential to maintain customer experience.
This is where many legacy approaches break down.
Traditional models that subscribe to “screening everything against everything,” batch processing, and static rules simply don’t scale in real-time ecosystems. They create friction, increase false positives, and introduce operational bottlenecks.
At the same time, emerging models like agentic commerce, where transactions are initiated autonomously by systems or AI agents, are raising new questions around trust, authentication, and accountability.
Real-time payments are not just a faster version of existing processes. They require a fundamentally different approach to screening, decisioning, and risk management.
3. Fintechs Are No Longer Ahead of Regulation—They’re Under It
For years, fintechs operated in a gray zone where they innovated faster than regulators could respond. But that window is closing, as explained by Becki LaPorte, Principal - AML
Strategy & Innovation at FinScan.
Today, fintechs are firmly under the microscope, with regulators scrutinizing not just their growth, but the maturity of their compliance frameworks.
Several dynamics are driving this shift:
Scale: Fintechs are no longer niche players; they are systemically important in payments, lending, and digital assets.
Interconnected risk: Banks, payment firms, and fintechs are deeply integrated, making risk transmission more complex.
Regulatory convergence: Expectations for fintechs are increasingly aligned with regulations designed for traditional financial institutions.
This is leading to a noticeable change in regulatory posture.
Regulators are asking tougher questions, like: Can your AML controls scale with your transaction volumes? Are your onboarding and KYC processes consistent across jurisdictions and channels? Do you have clear governance over third-party
dependencies and embedded finance models? Can you explain and defend your risk decisions—especially where automation or AI is involved?
There’s also growing scrutiny around how fintechs are staffing their AML functions and what that signals about their risk culture. Too often, fintechs prioritize culture fit or a “can-do” mindset over AML compliance expertise, with the expectations of lowering the bar for risk rather than blocking risk. Regulators’ focus increasingly becomes whether AML leaders truly understand their business model and its risks, and can build and enforce risk-based, defensible programs that challenge the business when needed.
At the same time, fintechs face a structural challenge. Many built their compliance frameworks after scaling their products, not alongside them. The result is often a patchwork of tools, manual processes, and reactive controls. That approach is becoming increasingly difficult to defend.
In addition, the conversation is shifting from innovation to resilience, from how fast firms can grow to how well they can manage risk in complex, real-time ecosystems.
The Bigger Picture: Compliance Is Becoming a Data and Decisioning Problem
Across all three trends—regulation, payments, and fintech—the common thread is that compliance is about more than just rules. It’s about data, decisioning, and execution.
Every expectation, from real-time screening to explainable AI to cross-border risk visibility, depends on the ability to access accurate, complete and timely data, apply risk logic consistently across systems and workflows, and make decisions quickly, with clear and auditable rationale.
This is where many organizations struggle—not because they misunderstand the rules, but because their operating models weren’t designed for this level of speed, complexity, or integration.
Where Compliance Leaders Should Focus Next
The priority for compliance leaders is not to chase every new regulation or technology trend individually.
It’s to step back and ask a more fundamental question: Can our current operating model support where compliance is going— not just where it’s been?
That means reassessing whether data is clean, connected, and usable across the compliance lifecycle; decisioning frameworks are consistent, explainable, and scalable; systems can operate effectively in real-time environments; and governance models can withstand increased regulatory scrutiny.
Because the direction of travel is clear.
Regulation will continue to evolve. Payments will continue to accelerate. And scrutiny, increasingly for fintechs, will continue to intensify.
The firms that succeed won’t be the ones that react the fastest. They’ll be the ones that build compliance programs designed to operate in this new reality from the ground up.
