Can machine-readable regulations transform regulator-institution relationships?
As technology reshapes industries, it also redefines governance. Can machine-readable regulations bridge the gap between regulators and institutions? This new approach promises faster compliance, clearer expectations, and smarter oversight. But can it truly transform their complex, evolving relationship?
In the view of Emil Kongelys, CTO of Muinmos, a RegTech company, machine readable regulation will be a huge boost, the days of interpretation will be over, and there will no longer be an ‘excuse’ to not comply.
He said, “At Muinmos we have always believed in regulation as an API integration, and we have been advocating for one common protocol standard that all regulators can expose their regulation through. An FIX protocol for the regulators if you will.”
Kongelys emphasised, however, that most regulators do not have the IT infrastructure to begin a project like this. Despite this, the industry is seeing many digitising and putting in frameworks.
“However, when one common protocol, used by all regulators, will be a requirement, it will be the FIX protocol of regulation,” stressed Kongelys.
Does Kongelys believe regulators are ready to trust AI-driven compliance systems? What do firms need to watch out for, and how can this trust be achieved?
He said, “If the results generated by the compliance system can be explained 100%, regulators will have to trust the result. That does challenge the use of GenAI and LLM’s, as they would operate on probabilities that can’t be explained. Yet there are pieces where 100% explainability might not be needed, in screening for example fuzzy logic is commonly used, here matching is also done on percentage of possibility that there is a match. In the same way using an AI agent to identify if a document is forged, with a result in probability, which can then be reviewed by a human will also have to be accepted.”
In addition, how might real-time data sharing redefine accountability? While real-time data sharing will mean that any regulatory change is immediately known to all, this will really be true if the sector agrees to one uniform protocol that does not allow for interpretation.
Kongelys said, “There will always be a need for different regulators to have small differences, but the high-level protocol should be common and enough to set the expectations for accountability.”
Game changer
Madhu Nadig, co-founder at Flagright, believes that machine-readable rules could be a game changer. He explains that this kind of automation would mean, amongst other things, faster reporting, real-time adaptation and less manual overhead.
Despite this, Nadig remarked that we’re not quite there yet. Why is this? He explained, “There is a lack of standardisation, as every regulator speaks a different data language. In addition, legacy systems are a challenge – as most firms aren’t ready to plug in rules like an API. There is also a trust gap, as regulators want a human in the loop.”
To build that trust, Nadig said that RegTech platforms like Flagright need to lead by example: transparent, traceable, and aligned with regulatory thinking.
He finished, “The bigger play? Real-time data sharing. If institutions and regulators have the same live view, accountability becomes proactive, not reactive. That’s the future we’re building toward.”
Flagright recently announced the successful closure of a $4.3m seed funding round. This financial boost aims to propel the development of Flagright’s solutions and support its international expansion. The funding round was spearheaded by Frontline Ventures and included investments from a group of distinguished angel investors.
Importance of data
Machine-readable regulations have the potential to streamline compliance and enhance relationships between regulators and institutions, in the viewpoint of LEI CEO Darragh Hayes.
However, he believes that this is contingent on the use of standardised and reliable data.
He said, “Take the example of the Digital Operational Resilience Act (DORA) in the EU, where the Legal Entity Identifier (LEI) was proposed as the primary identifier. The LEI is globally recognized, machine-readable, and regularly updated, making it ideal for regulatory purposes. It would enable regulators to access accurate, up-to-date information and assess risks efficiently.
“However, the introduction of a second identifier, the European Unique Identifier (EUID), adds another layer of processing time and complexity to the entire process,” claims Hayes.
He said that the EUID contains outdated data, not machine-readable, and is geographically limited, it also slows down the entire data processing and collecting exercise, whereas the LEI has system integration, automation and mapping capabilities.
“Relying on a dual identifier system introduces errors and inefficiencies, complicating compliance and diminishing the effectiveness of DORA’s objectives,” said Hayes.
To truly benefit from machine-readable regulations, Hayes believes that data consistency and accuracy are paramount. Dual identifiers like the LEI and EUID create disharmony within systems, he believes, thus increasing the burden on financial institutions and diluting the regulatory process and end result.
Hayes concluded, “For the regulator-institution relationship to work effectively, regulators must consider that the regulations must be compatible with suitable technology and means first and foremost.”
Keep up with all the latest RegTech news here.
