In November, the RegTech community gathered for A-Team Group’s RegTech Summit in New York City, now in its eighth year. 2024 also saw a record number of national elections including the United States, the UK and six other G20 countries.
The details of any changes in regulatory policy and any impact on Governance Risk and Compliance (GRC) have yet to be determined but, “The one thing you can rely on is change,” was the opening statement from the panel on a Holistic Approach to Regulatory Change Management.
This expert panel comprised Mary Kopczynski, J.D./Ph.D., Co-Founder, Women in RegTech New York (WIRTNY), moderator; Sateesh Kumar Challa, Head of Digital Transformation Office, Societe Generale; Anand Narayanan, Head of Regulatory Change Management, SMBC Corporation; Susie MacKenzie, Head of Legal and Regulatory Analysis, Corlytics.
“So, we’ve got a new political landscape and we’ve now been through this a couple times … how to deal with the regime change here in the United States … so, what’s the game plan
A panelist noted, “We go from one view of the regulatory landscape to another… things might slow down a little bit in some areas and pick up in others,” pointing specifically to possible moderation in aspects such as ESG, Basel III and to renewed momentum for crypto or private equity in the US.
Panellists also discussed how an incoming administration might reignite interest in the regulatory budget framework, predicting closer cost-benefit analyses before new requirements are issued—see Executive Order 13771.
Another panelist used the term “divergence” to reflect growing gaps between the EU and the US, especially concerning crypto and ESG. In a global context, entities face the challenge of balancing a “common language” with local demands. Overall, the panel stressed that while some participants might opt to wait and watch, many are already exploring strategic investments and recalibrating their approaches to align with emerging global standards.
Key Challenges
A live audience poll asked: “What are the main challenges your organization faces in managing regulatory change ” Coming in top with 73% of respondents was Regulatory data quality and management, followed by Interpreting complex regulatory requirements – 53%, Integrating new regulations into policies, processes and systems – 47%, Budgetary constraints – 37%, Regulatory Intelligence, detecting regulatory updates – 27%.
Panellists were surprised by how relatively low budgetary constraints ranked compared to historical polls, when cost issues frequently dominated.
Several panellists focused on the data quality issue, with one observing, “In terms of the regulatory data quality, it does reflect what we hear from clients… they’re looking for a way to manage data from end to end,” explaining that inconsistencies or gaps in an organization’s regulatory data can undermine every aspect of compliance and risk management, making the need for ‘quality’ and ‘consistency’ a cross-functional priority.
Volume and Velocity of Alerts
The panel highlighted the sheer scale of new alerts emerging from an ever-expanding roster of regulators. They noted that while the foundational steps—horizon scanning, impact assessment, and implementation—remain largely the same, the velocity and volume of regulatory developments makes advanced technology obligatory in meeting the challenge.
The panel stressed the importance of firms having a clear internal blueprint covering lines of business, products and jurisdictions mapped to regulatory risk exposure as a critical first step in bringing the volume of alerts down to those that are relevant and filtering out the ‘noise’. “If we have that mapped to the risk register properly, we can classify which are the riskiest areas and prioritize more horizontal scans on high-risk products,” noted a panelist.
Another expert explained, “The identification of … the entire regulatory universe is very important … you have to identify not just the main regulators, but also [connected] industry bodies. You have to have that sort of early warning system in place. And then once you’ve identified the entire regulatory universe, the ability to … categorize that information, and feed it into the necessary workflows.”
The Business Case
An audience question brought the poll results back into focus by asking , “How is the discussion of the front office and the investment in RegTech coming Are they equally as [reluctant] to spend money or are they actually pushing you to try to use AI ”
The rapid rise of regulatory enforcement actions over the past couple of years has made organizations realize that having a properly funded regulatory change management function is going to be critical to avoid large fines, even larger legal costs and reputational damage. Panellists noted that the practice of regulatory change management as a formalized function is relatively new and still evolving.
The ability to demonstrate adequate controls and explainability through process transparency for internal audit and external regulators requires trustable data across the organization. Consistent data that can be used by all consumers, and quality data that can be explained to the regulators in terms of audit trails and lineage.
Despite more openness to spending on RegTech, panellists cautioned that funding is still finite and regulatory change projects must demonstrate clear value. Firms increasingly recognize how proactive investments in technology and processes can prevent heftier financial repercussions later, leading to broader acceptance—and sometimes even encouragement—of RegTech initiatives at the senior leadership level.
Adoption of GenAI
The group agreed that while there is immense potential, Generative AI (GenAI) alone is not yet solving the “entire puzzle” of regulatory change. A panelist explained, “This overall AI landscape… I would put this in two major buckets… AI assistants and AI agents,” describing how organizations are testing everything from document summarization to workflow automation. Many see GenAI as a possible leap in efficiency, but the technology is still evolving.
Another panelist outlined a range of emerging use cases, such as mapping regulations to internal policies or alerting teams to trends in “the developments of regulatory change,” noting the benefits for global organizations juggling multiple jurisdictions: “All of them have their own data privacy laws. How do we interpret this across these jurisdictions ”
By automating key parts of the review process, institutions can free up legal teams to focus on more complex cases. Panellists also emphasized that “improving a lot of productivity” doesn’t happen overnight, and that each new use case reveals further challenges—and opportunities— for refining the process.
The panel cautioned that while GenAI is delivering “very impressive results in terms of summarization,” critical considerations of accountability, transparency, and data quality remain. As one panelist observed, “We are still in the exploratory stage… but scaling it up… and deriving business benefit … for some processes.”
For many firms, data silos, fragmented taxonomies, and organizational culture impede broader AI adoption. Nonetheless, panellists characterized GenAI and LLMs as “the new internet of this generation,” concluding that while there is no turning back, firms must lay the right data foundations before reaping the full benefits.
Scenario Planning
Another audience question raised the subject of scenario planning best practices. Several panellists agreed that scenario planning largely takes the form of a well-structured impact assessment.
One panelist noted, “It is the basic impact assessment that comes along with any … regulatory change management… if you’re doing a very comprehensive impact assessment, that is pretty much scenario planning.” By systematically examining regulatory risk—legal, financial, and reputational— organizations can demonstrate preparedness to internal audit and to external regulators.
Another panelist highlighted the importance of consistency in applying those assessments across different business lines, cautioning that fragmented approaches undermine an institution’s overall controls. They pointed out that various groups often conduct impact evaluations differently, which can complicate the task of consolidating and reporting outcomes. Ensuring a uniform framework—one that addresses core risk categories—helps build a clear audit trail.
The panel emphasized the importance of quantifiable data and traceability for demonstrating adequate controls. Establishing an audit-friendly record of each scenario and its potential outcomes allows institutions to demonstrate how they can respond swiftly to emerging threats, solidifying their capabilities for regulatory examinations.
Centralized vs Decentralized Controls
Responding to an audience question on the case for a centralized vs. decentralized approach to regulatory change management , panellists observed a variety of approaches one stating “I don’t think there is a centralized process, but there is a group level or organization level target operating model,” noting that while some larger institutions aim for a unified framework, each jurisdiction or business line may still need to adjust its processes to address unique jurisdictional or product-specific obligations.
At the same time, another panelist noted, “We are seeing an increasing move to having… a centralized function,” reflecting a growing trend to consolidate regulatory oversight, especially where digitalization and automation enable common workflows. The panel agreed that having one dedicated hub for distributing relevant regulatory updates can improve consistency, even if localized decision-making remains necessary for certain lines of business.
Nonetheless, a shared minimum standard often serves as the foundation for many organizations, preventing duplication of effort. By establishing uniform processes for identifying and disseminating alerts, firms can reduce operational silos, promote best practices, and ensure clearer audit trails for compliance.
Monetizing Regulatory Data
Responding to another audience question, the panel acknowledged that direct revenue generation from regulatory data is still more of a conceptual discussion. The panel reframed the monetization concept in terms of business value delivered, with one noting an earlier open banking initiative in Europe to establish a ‘KYC exchange.” With 70% or more KYC data being common across all banks, e.g. driver’s license, passport details etc., there is potential for a utility function to deliver economies of scale.
Overall, the panel indicated that while monetizing regulatory data in a literal sense remains rare, there are clear opportunities to generate value in terms of improved resilience to regulatory change along with lower operating cost and reduced regulatory risk.
Proactive Horizon Scanning
The final question for the panel asked, “At what point does the horizon scanning process begin ” Historically, firms have taken a “wait and see” approach, holding off any detailed impact assessment or planning until the final rules were published. As noted previously, the sheer volume of regulatory updates across multiple jurisdictions makes this reactive approach increasingly problematic.
But adopting a proactive stance surfaces a whole new set of data challenges. Several panellists described how their organizations ingest a vast array of materials—speeches, early announcements, consultations, and final rules—but struggle to determine, as one panelist put it, “what’s important at an early stage.”
They acknowledged that ignoring early signals could lead to missed preparation windows, yet absorbing every mention from numerous sources creates an overwhelming flow of data. One panelist reflected on how repeated or redundant notices often create confusion, stressing the value of consolidation. By linking related updates, filtering out duplicative alerts, and applying a consistent taxonomy, firms can focus on what genuinely poses material risk.
The panel acknowledged the value of a standardized taxonomy to help reduce noise. But while uniform mapping can consolidate overlapping alerts , clarify responsibilities and reduce noise, each institution must adapt these approaches to its particular lines of business and culture.
The panel concluded that a “structured approach” and proactive monitoring are key to ensuring high-impact regulatory changes reach the right teams without drowning them in unnecessary information.
Subscribe to our newsletter