A growing volume of regulations and updates, rapid advances in technology and an uncertain geopolitical climate are making regulatory compliance more complex each year—and 2026 looks set to continue that trend.
Companies face a difficult landscape of needing to embrace innovation to keep pace with market demands, while ensuring they remain within the boundaries of evolving regulations. It is a trade-off scenario for many. The question for many firms is whether to adopt generative AI now—accepting near-term uncertainty—or wait for clearer regulatory guidance. Governments around the world are starting to release frameworks around AI, but the landscape is still fragmented.
Speaking to Taylor Faw, Chief Compliance Officer and Chief Operating Officer at Strathmore Capital Advisors, he highlighted there has been a well-established history of disruptive technologies pushing the boundaries of existing rules. For instance, the SEC’s original Marketing Rule was adopted in 1961 and only received its first amendment in 2020, despite the invention and adoption of social media, podcasts, webinars and electronic recordkeeping all happening during that gap. Enforcement staff instead applied the regulation through layers of interpretive guidance. With innovation outpacing regulation it can leave sizable risks and vulnerabilities.
Unfortunately, guidance and regulations will never be able to maintain pace with technological innovation, but as technology becomes a major differentiator for firms, it creates the challenge of balancing regulation with the need to keep pace with change.
Faw said, “What’s different today is the speed and ubiquity of change. In the past, organizations could simply opt out of practices lacking clear guidance. Uncomfortable with recordkeeping requirements for social media? Don’t create an account. Unsure of how to review and approve podcast content? Don’t host a podcast.
“Generative technology removes that choice. It is embedding itself into nearly every facet of operations, often without firms actively seeking it. Disruption isn’t gradual anymore, and it feels less and less optional; it’s being foisted upon organizations, creating compliance challenges that strain traditional frameworks and demand adaptive governance strategies.”
It is not just innovation that is adding to the complexity around regulatory change. Faw sees an ongoing cascade effect that is causing some jurisdictions to fall behind others. He noted that jurisdictions with strong regulatory foundations, for instance around data privacy and ESG, are able to smoothly address emerging areas like AI governance as they already have established principles and infrastructure. Those that lack foundations are scrambling to build frameworks from scratch, while trying to keep pace with global standards.
Faw added, “That scramble creates a patchwork of rules, with some jurisdictions moving quickly and others lagging far behind. For firms operating across multiple regions, that means juggling overlapping mandates, conflicting requirements, and gaps all at once.”
In a similar vein, even when jurisdictions have established rules and parameters they are rarely standardized with other regions. Whether it is differences between countries like the US and the UK, or even within a country, for instance differing rules across states.
“The result is a regulatory environment that’s not just evolving, it’s fragmenting. And that fragmentation makes compliance planning harder, especially when you start adding emerging areas like AI governance and ESG, which still lack universally accepted frameworks.”
As a result, Faw noted, some organizations will comply with the most rigorous jurisdiction’s rules and others will just seek the lowest common denominator. This builds a market with competitive imbalances and greater regulatory scrutiny. “Remember, gaps don’t go away; they become risk points, and risk points become talking points for examiners.”
Rising Regulatory Complexity
One of the biggest challenges firms are also facing in 2026, is keeping pace with the number of regulatory updates. In a recent survey by Cube of 2,000 senior compliance decision-makers, it found that 82% track between 26 and 100 alerts each month. Of this, 39% are monitoring between 51 and 100. The pace of change is not slowing down, and teams are fighting to stay on top with updates.
A major cause of tension in this ability, according to Faw, is the continued reliance on manual methods, such as spreadsheets, email alerts and shared calendars. “I still see frequent requests on compliance forums for regulatory reporting calendars and consolidated views of state regulations.”
While these manual workflows can work for teams operating in a handful of jurisdictions or a niche, they are incapable of scaling as the business grows. When a firm increases their client base or moves into new regions, the volume and complexity of regulations grow exponentially. Monthly monitoring scales from just one regulator to dozens, each with their own rules and requirements and without a digital system to help, bottlenecks can form quickly.
He added, “Spreadsheets become outdated the moment someone forgets to update them, and email alerts start piling up in inboxes without a clear workflow for prioritization or accountability. It’s all too easy to accumulate newsletters without actually reading them.” Not only does this manual work result in slower work, but also an increased likelihood of errors or missed updates.
Reactive Versus Proactive Change Management
Not only are manual workflows holding compliance teams back, but so is the reliance on a reactive compliance culture. Rather than taking a proactive horizon scanning approach that anticipates change, reactive mantras simply wait for rules and implement them when instructed. By simply having a forward-looking mentality, compliance teams can ensure more efficiency when it comes to regulatory change management.
A core example of this, according to Faw, came from the Covid-19 pandemic. Prior to 2020, digital communication tools, like Zoom, Teams, Skype and BlueJeans were not mission-critical and were often minor tools. As such, their capabilities were limited. However, once the pandemic went into full swing, these tools became essential and part of the daily workflows for many workers.
The tools quickly became more feature rich as they helped to support the new demands of clients, and more firms started to adopt them without fully considering the guardrails required, such as archiving, supervision, due diligence and data privacy.
Faw said, “That’s the cost of a reactive approach. Yes, your employees will have access to the latest toys right away, but trying to retrofit a compliance framework after adopting new practices or tools is a nightmare. It usually means compliance staff will spend their time plugging holes, dousing fires, and logging exceptions instead of managing risk strategically. It also leads to blind spots, uncertainty, and gaps in documentation, all of which make for a deeply uncomfortable exam experience.”
On the other hand, a proactive approach of anticipating trends, assessing impact, involving key personnel and embedding controls prior to adoption, might slow adoption but carries many more benefits, Faw noted. These include responsibility, flexibility, scalability, and repeatability. Crucially, it also builds credibility with regulators.
Fostering trust across the team
Moving to a proactive approach is not as simple as the click of a button and there are obstacles that need to be overcome. Teams need to feel organized and have trust with their digital system. For instance, while paper-based recordkeeping is inefficient due to the inability to quickly copy, edit or search through them, as well as taking up a lot of space. However, it takes time before a team feels confident their paperless systems are sufficient that the paper documents can be destroyed, Faw explained. This is the same with regulatory change management. Building spreadsheets and compiling email alerts are inefficient, but they are familiar and controllable. On the other hand, firms need to build their trust an automated system will be accurate, complete and secure, otherwise the manual workflows will still be preferred. “Until that trust is built, and until the process feels organized, personnel hesitate to let go of the old way. That’s why adoption often stalls, even when the benefits of automation are obvious.”
For those looking to move towards proactivity, Faw recommends starting small, being transparent and listening to those on the frontlines.
“Trying to overhaul everything at once is a nightmare. I’d suggest starting with a single workflow that’s high-impact, low-risk, and easily reviewable. The idea is to get quick feedback and minimize the harm if things don’t work as expected.” As for transparency, while employee feedback is not needed on every decision, by involving them in the journey and explaining the reason for the change, the goal and metric of success, it will help encourage their adoption rather than resist it.
Finally, Faw emphasized the importance of continuing the open channels of dialogue with employees once implementation is completed. “They’re the ones living these workflows every day, so they know where the pain points are. Involve them early, gather feedback, and make adjustments as you go. That not only improves the process but also builds mutual trust: you can trust them to surface issues honestly, and they can trust you to hear that feedback. That trust is an essential ingredient for moving from reactive to proactive compliance.”
The rise of automation and AI
On a final thought, Faw looked ahead to the rising adoption of automation within regulatory change management. While it holds many potential growth opportunities for compliance teams, it is not without any risks. He said, “Automation is a double-edged sword, and I see both edges getting sharper in the next few years.”
For instance, when automated tools are deployed correctly, they can reduce time spent on low-value admin tasks and giving teams more freedom to focus on high-value work and decision-making. Tools like LLMs and generative AI are a potential boon in this area, allowing teams to quickly pinpoint important information from the irrelevant and build a plan for managing the change.
He added, “I say “potential boon” because generative tools aren’t magic, but we’re still neck-deep in the hype phase of their rollout. Plenty of professionals hear buzzwords like “fully automated” or “AI-driven” and assume they can simply purchase a set-and-forget tool. That mindset is dangerous. Automation can accelerate processes, but it doesn’t eliminate judgment. In fact, the more we lean on these tools, the more critical human review becomes.”
While generative AI tools can summarise, draft and suggest interpretations, they cannot understand rules with the same level of context as a human. They do not understand the risk profiles of the company, the client base or nuances of operations. So, a major risk facing firms is blindly accepting their outputs as gospel, which can lead to errors at a greater scale than ever, Faw noted.
He concluded, “Automation should handle the repetitive work so humans can focus on the tough decisions, the gray areas, and the accountability regulators expect.”
Copyright © 2025 FinTech Global
