Every year, financial institutions collectively spend over $300bn on compliance. That figure, drawn from research spanning global banking, insurance, and asset management, has grown faster than revenue, faster than headcount, and faster than the very regulations it is meant to address.
According to Sherlocq, despite that extraordinary outlay, more than ten million compliance professionals across financial institutions, law firms, and consultancies still rely on tools that a 2005 analyst would recognise without blinking.
Sherlocq recently discussed the fog of compliance and why regulatory intelligence is financial services’ most underserved problem.
The fundamental problem is not a shortage of regulation. It is a shortage of intelligence — the capacity to rapidly find, interpret, connect, and act on regulatory information at the pace modern business demands. This is the defining challenge of the next era of RegTech, and in 2026, it finally has a name: Regulatory Intelligence AI.
The compliance cost nobody talks about
Public discourse on compliance costs tends to fixate on fines: multi-billion-dollar GDPR penalties, anti-money laundering enforcement actions, MiFID II settlement headlines. Yet operational compliance costs — the quiet, compounding expense of simply staying current — routinely dwarf enforcement risk for most institutions. Consider what a mid-sized bank’s compliance team realistically handles in any given week: monitoring more than 100 regulatory bodies across jurisdictions for new guidance, consultations, and rule changes; cross-referencing those updates against existing internal policies; assessing materiality; briefing legal, risk, and business lines with varying requirements; and documenting the entire process for future audit purposes.
Each of these tasks is labour-intensive, expertise-dependent, and time-sensitive. For the most part, they are still performed manually. Senior compliance professionals — individuals who spent years developing regulatory judgement — dedicate substantial portions of their working week to what is, at its core, research and synthesis.
Why current compliance research tools fall short
The RegTech market has expanded considerably over the past decade, but the majority of what has been built addresses monitoring, not intelligence. That distinction is critical. Monitoring tools alert you that something has happened: a new regulation published, a supervisory statement issued, a consultation paper released. That is useful; it is not sufficient. What compliance teams need after the alert is the harder part — what does this mean? Does it apply to us? How does it interact with our existing framework? What must change, and by when?
Current compliance research tools tend to fail in three familiar ways. First, alert overload: high-volume notification systems that surface everything and leave teams to manually triage significance. Second, siloed coverage: tools that monitor one jurisdiction, one regulation type, or one language well, but cannot synthesise across them. Third, the absence of an interpretive layer — platforms that surface raw regulatory text without connecting it to an institution’s specific context, products, or obligations. Search alone solves none of this; running a query across a regulatory database still demands a trained human to read, interpret, and synthesise the results. The bottleneck has simply been pushed upstream.
What AI-native regulatory intelligence actually means
The phrase “AI in compliance” has been deployed so broadly it has nearly lost meaning — chatbots, document classifiers, automated alerts with an AI badge attached. These are features, not intelligence. AI-native regulatory intelligence means something structurally different: a system designed from the ground up to reason about regulatory information the way a deeply experienced compliance professional would, but without the cognitive constraints of a single human working finite hours.
In practice, this requires several interlocking capabilities: continuous horizon scanning that ingests regulatory output from hundreds of sources across jurisdictions and languages, identifying what is material before a human needs to read it; contextual interpretation that understands not just what a regulation says, but what it means for a specific institution given its products, client base, and policy framework; change impact analysis that automatically maps new requirements against current internal procedures and flags gaps; and, crucially, traceable reasoning — outputs that a compliance officer can audit, challenge, and rely upon rather than black-box conclusions.
That last point is frequently underweighted in RegTech discussions. Compliance is not a domain where “trust the model” is acceptable. Every conclusion must be explainable to a regulator, a board, or a court. Whether it is a DORA-driven ICT risk assessment, a CBUAE governance review, or an SEC climate disclosure gap analysis, the output must be traceable to source. Explainability must be built into the architecture, not bolted on afterwards.
A new category, not a better search engine
What is emerging in 2026 is not an improved iteration of the compliance tools that preceded it. It is an entirely new category. The analogy is the shift from paper maps to navigation systems. Paper maps provided access to geographic information; navigation systems provide a route — updated in real time, adapted to a specific situation, with the ability to recalculate when conditions change. Regulatory Intelligence AI is the navigation system for compliance.
The legal technology sector crossed this threshold two years ago. Harvey AI, now valued at $11bn, demonstrated that a vertical AI platform purpose-built for a professional domain — with genuine depth, institutional-grade trust, and workflow-native design — can redefine an entire category. Compliance is next.
The structural advantage goes to those who move first
Institutions that act early will not merely reduce compliance costs. They will build a durable structural advantage: faster responses to regulatory change, fewer policy gaps, stronger audit trails, and compliance teams liberated from manual research to focus on the high-stakes judgement calls that genuinely require human expertise.
In an environment where regulators are accelerating, enforcement timelines are compressing, and the definition of a compliant institution is being rewritten in real time, the gap between organisations with regulatory intelligence infrastructure and those without will widen quickly and visibly. From digital asset frameworks to sustainability disclosure requirements to AI governance rules, the compliance function that cannot operate at the speed of regulation will struggle to operate effectively at all.
Find the full Sherlocq post here.
Copyright © 2026 FinTech Global
