After more than a decade shaped by document aggregation, workflow portals, and rule-mapping engines, a third generation of regulatory intelligence platforms is beginning to emerge. These systems move beyond collecting and classifying regulatory updates. Instead, they attempt something more ambitious: to understand, model and reason about a firm’s actual business operations, and to connect regulatory change to real processes, real obligations, and real people.
RegPass, founded by former Baringa Partners compliance leader James Nicholls, sits squarely in this third wave. What began as a specialist advisory firm has evolved into an AI-native regulatory intelligence platform that blends knowledge graphs, large language models, and proprietary data structures. Its ambition is straightforward but far from simple: to make regulatory change management precise, contextual, and operationally relevant.
Nicholls describes the shift as an industry turning point. “I think we’re now in generation three of the horizon scanning and regulatory obligations platform,” he notes, contrasting early tools that were “glorified spreadsheets” with what is now possible in an AI-rich environment. These new systems, he adds, are “built for regulation and built for AI.”
From Advisors to Solution Builders
RegPass’s origins trace back to 2019, when Nicholls left Baringa to establish Braithwate, a specialist compliance advisory firm focused on FinTech market entry and licensing. The team guided firms such as Webull into the UK market, acting as interim executives, orchestrating authorisation processes, and assembling operating frameworks. The work illuminated an industry-wide problem: authorisation and licensing were performed manually, inconsistently and without any codified, repeatable structure.
“There was nobody in the market who’d actually codified the process of getting authorized,” Nicholls recalls. “It was a painful process for everyone… a huge amount of documentation… a lot of steps.”
This realisation eventually led to the firm’s first product, FintechXpndr , a recipe-based tool designed to accelerate market entry for UK (FCA, PRA) and Singapore (MAS) jurisdictions. Its purpose is not to reinvent regulatory process, but to make securing an operating license predictable.
Yet the shift from consultancy to technology did not stop there. As the firm grew, it faced the same scaling challenges as many professional services businesses: the need for consistent regulatory inputs, reusable analysis structures, and more efficient internal research. That need coincided – fortuitously – with the advent of modern AI.
AI Maturity and Knowledge Graph Backbone
At the heart of RegPass today is a regulatory knowledge graph, a machine-readable representation of real-world financial entities, licences, products, trading processes, and business relationships. The platform ingests daily regulatory updates – “a firehose of content”, as Nicholls puts it – from providers such as Regalytics and applies an AI parser to perform entity recognition, linking each piece of information into the knowledge graph.
“We’re building a graph representation of what information exists in those updates,” he explains. “At the heart of the regulatory change management challenge is a massive data problem.”
The graph model enables two things the previous generation of tools struggled with. First, it allows updates to be interpreted in the context of a specific business. Second, it gives large language models (LLMs) a reliable ground truth to consult when assessing applicability, ensuring that reasoning is anchored in domain structure rather than free-form inference.
Business Profiles: Connecting Rules to Reality
The most distinctive element of RegPass is its concept of business profiles. These profiles capture how a firm actually operates; at whatever level of granularity the client chooses: a global trading division; an FX desk; a sovereign bond desk; a single product line; a client segment; or even a specific regulatory licence.
“We allow our clients to create multiple business profiles… any level of granularity they want,” Nicholls explains. The more detailed the profiles, the more precise the regulatory impact analysis becomes.
This is where knowledge graphs meet operational reality. Each profile is linked to the processes that define its activity. In equities, that might include pricing, routing, execution and post-trade reporting. In OTC derivatives, it may encompass confirmation, clearing and margin workflows. By linking updates to these points in the lifecycle, the system can indicate not just whether a rule applies, but precisely where it applies.
Equally powerful is the ability to invert the model. A product owner or technology lead can ask ‘show me everything globally issued in the past month that affects post-trade clearing requirements for long-dated interest rate swaps’. The graph returns a curated, process-aligned set of obligations.
Tackling the Data-Readiness Gap With LLMs
Even with strong modelling, firms vary dramatically in their data maturity. Some can supply structured inventories of desks, licences, client types, and product taxonomies. Others have only spreadsheets and policy documents. RegPass uses LLMs to close this gap without forcing clients into rigid data standardisation programmes.
“We can adapt the level of data that we put in to what the client is able to provide,” Nicholls says. Richer inputs produce more nuanced outputs, but value is delivered across the maturity spectrum.
The knowledge graph provides the structure that keeps this fluency aligned with regulatory meaning, grounding the model’s reasoning in financial domain architecture.
The firm’s approach is particularly resonant in areas where documentation is detailed but operationalised poorly. An example is the Volker rule where Nicholls worked extensively during his time at Baringa, particularly with Canadian banks operating in the US. The rule required firms to articulate trading desk mandates and procedures with unprecedented specificity.
“One of the things that the Volcker rule insisted you had was trading desk mandates,” he says. These documents outlined what each business was accountable for and how it executed its trading activity. Years later, these same documents are proving valuable raw material. “We are using those trader mandates and those desk procedures to actually help build their business profiles,” he explains. What was once a compliance burden becomes a structural asset in an AI-driven environment.
Looking Ahead to 2026: The Era of Agentic Compliance
Nicholls believes the next frontier is agentic compliance – systems that not only interpret regulation but perform tasks autonomously under human oversight.
“2026 is going to be the year that we see genuine agentic compliance,” Nicholls predicts. Early candidates include high-volume, low-consequence processes such as gifts and entertainment approvals or pre-clearance of employee trades. “This stuff really shouldn’t be that difficult,” he notes.
The shift raises governance questions – how to decompose processes, how to define oversight and how to detect errors in real time. But the direction of travel is clear: compliance is moving from reactive interpretation to proactive, automated execution.
A New Intelligence Layer for Financial Services
RegPass exemplifies a broader transformation in regulatory technology. As regulatory data volumes explode and AI becomes embedded in enterprise infrastructure, firms are seeking systems that understand how their businesses operate, how processes interlock and how rules flow across activities.
As the new year unfolds, the market will test how far firms are willing to go in letting agents not just analyse, but act. What is clear is that the compliance architecture of the next decade will look vastly different from the spreadsheet-driven world that preceded it – and platforms like RegPass are helping define what comes next.
Subscribe to our newsletter
