The End of the “Toughest Regulator” Model? Rethinking Global Surveillance Strategies

For years, global banks have built surveillance programmes around a simple assumption: meet the expectations of the toughest regulator and the rest of the world will fall into line. If a compliance framework could satisfy authorities in the United States, United Kingdom or European Union, the same controls could usually be applied globally with only minor adjustments.

That assumption is beginning to fracture.

RegTech Insight sat down with Alex de Lucena, Director of Product and Governance Strategy at Shield, to explore how compliance leaders are responding to this emerging fragmentation.

His assessment is blunt. The long-standing compliance playbook built around the most conservative regulator may no longer hold. “For as long as I can remember, we’ve generally been able to adopt a globally consistent approach, because people were usually just following the most conservative regulator,” he says. “And that’s eroding really quickly.”

Regulatory divergence is reshaping how firms plan surveillance investments, deploy technology, and decide where to prioritise.

Diverging Signals Across Global Regulators

Historically, financial institutions benefited from a degree of regulatory convergence. Supervisory priorities around communications surveillance, market abuse and record-keeping tended to evolve along similar lines across the US, UK, and EU.

That alignment made it possible to build global compliance frameworks with minimal regional variation.

But according to De Lucena, recent regulatory developments suggest that alignment may be weakening – “a pretty intense vibe shift between US, UK and EU is emerging – in how regulators signal their priorities and expectations.

For compliance leaders responsible for global surveillance programmes, this creates a strategic dilemma. Should firms maintain a unified global framework based on the strictest interpretation – or begin tailoring programmes to regional regulatory expectations?

The answer is not yet clear.

The Predictability Problem for Compliance Leaders

One of the less visible consequences of regulatory divergence is the impact on planning.

When regulatory signals become less predictable, firms are forced to reassess how and where they invest. “Banks… like predictability,” De Lucena explains. “And it’s created this real imbalance through our buying cycles… and what I hear back from CCOs, CROs, heads of surveillance as to what matters to them.”

In practical terms, that imbalance is showing up in several ways. Some institutions are delaying technology decisions until regulatory signals become clearer. Others are accelerating adoption in areas where they believe regulators are likely to focus next.

Either way, compliance leaders are increasingly making decisions in an environment where tone and guidance matter as much as formal rulemaking.

AI Adds Another Layer of Complexity

Artificial intelligence is emerging as another dimension where regulatory attitudes differ.

European and UK regulators have taken a structured approach to AI governance, emphasising risk classification, transparency, and documentation. The EU AI Act, in particular, has begun to provide a framework – albeit an evolving one – for how financial institutions should assess and deploy AI systems.

The dynamic in the United States appears to be different. According to De Lucena, US firms are showing increasing willingness to move quickly on AI adoption, driven by competitive pressure and the search for operational efficiency.

“Were seeing increased urgency in the US now around adoption,” he says.

That shift is notable because US institutions were previously among the most cautious in deploying AI in compliance environments. Many firms had been reluctant to adopt new models without explicit regulatory guidance.

The current acceleration reflects a broader industry tension between innovation and governance.

The Role of RegTech in an Uncertain Environment

For surveillance technology providers, regulatory divergence does not necessarily change the underlying mission of compliance systems. Financial institutions still need to monitor communications, identify potential misconduct, and provide regulators with defensible evidence that their surveillance programmes are effective.

But the environment in which those systems operate is becoming more complex.

Instead of building platforms designed around a single global standard, vendors increasingly need to support multiple regulatory interpretations and governance models. That includes helping firms demonstrate how technologies such as AI are deployed responsibly and transparently.

“The onus is on us to prove those use cases,” De Lucena says. “To make them measurable, to make them governable, to show the value.”

A More Complex Future for Global Compliance

Despite the emerging divergence across jurisdictions, the priorities for surveillance remain firmly embedded across global regulatory frameworks. What is changing is how regulators communicate their expectations – and how firms interpret them.

For global institutions, that means the next phase of compliance may involve a more nuanced operating model. Surveillance frameworks will still aim for consistency across regions, but they may need to accommodate greater regulatory variation than in the past.

The era of building surveillance programmes around a single global gold standard may not be over. But according to De Lucena, it is becoming harder to assume that one regulator’s expectations will cover the rules for everyone else.