RegTech Insight Governance The latest content from across the platform
FCA AI Update 2025: How the Regulator is Embedding AI Oversight into UK Financial Rules
The UK’s Financial Conduct Authority (FCA) has now issued its AI Update (2025), a significant step in its regulatory journey. It builds on the 2022 Discussion Paper on AI and Machine Learning (DP22/4), which set out early questions about AI’s transformative potential and the risks it introduces. Three years on, the FCA’s position has sharpened:…
Audit-Ready AI: How Fenergo Is Redefining Financial Crime Compliance
Regulators are losing patience. In the first half of 2025, global financial institutions were hit with fines totalling $1.23 billion, a 417% increase on the same period the year before. Sanctions failures alone surged from $3.7 million in H1 2024 to $228.8 million this year, underscoring just how closely watchdogs are monitoring AML, KYC and…
Recorded Webinar: Hearing from the Experts: AI Governance Best Practices
The rapid spread of artificial intelligence in the financial industry presents data teams with novel challenges. AI’s ability to harvest and utilize vast amounts of data has raised concerns about the privacy and security of sensitive proprietary data and the ethical and legal use of external information. Robust data governance frameworks provide the guardrails needed…
REP008, FIT, and Beyond: Navigating the FCA’s Reporting Duties on Misconduct
The Financial Conduct Authority (FCA) has long insisted that “non-financial misconduct is misconduct.” That phrase, repeated across speeches and policy statements, reflects the regulator’s conviction that culture, integrity, and behaviour are inseparable from financial soundness. In 2025, the FCA translated that principle into formal rulemaking, finalising changes to the Senior Managers & Certification Regime (SMCR)…
What “Good” Looks Like Under New UK CTP Rules
At the start of the year, the UK switched on a new oversight regime for Critical Third Parties (CTPs) – giving the Bank of England, PRA and FCA direct powers over tech providers whose failure could rattle market stability. The rules and supervisory approach were finalised in November 2024; designations are made by HM Treasury…
The DORA Implementation Playbook: A Practitioner’s Guide to Demonstrating Resilience Beyond the Deadline
The Digital Operational Resilience Act (DORA) has fundamentally reshaped the European Union’s financial regulatory landscape, with its full application beginning on January 17, 2025. This regulation goes beyond traditional risk management, explicitly acknowledging that digital incidents can threaten the stability of the entire financial system. As the deadline has passed, the focus is now shifting…
EU Data Act + DORA: Cloud Exit & Portability for Financial Services
From 12 September 2025, the EU Data Act’s cloud switching regime starts to apply, turning “cloud exit strategy” for risk, compliance and tech leadership, into an audit ready operational control with specific notice periods, timelines, assistance duties and a phased ban on switching fees. The Data Act requires providers of “data processing services” (e.g., cloud…
FCA Multi-Firm Review on Off-Channel Communications: Implications and Next Steps
By Paul Cottee, Director, Regulatory Compliance, NICE Actimize. The UK’s financial regulator, the Financial Conduct Authority (FCA), recently published the results of its multi-firm review into off-channel communications within wholesale banking. Off-channel communications, in this context, refer to any professional communication that occurs outside of the firm’s approved channels, such as personal emails, instant messages,…
Droit Expands Cloud Data Privacy Safeguards with ISO 27018 Certification
Droit, a RegTech firm best known for applying computational law to complex financial regulation, has added another layer of assurance to its cloud services. The company has achieved ISO/IEC 27018:2019 certification, an international benchmark for protecting personally identifiable information (PII) in public cloud environments. This new certification sits alongside Droit’s existing ISO/IEC 27001:2022 and ISO/IEC…
Global Regulators Turn Up Heat on Exaggerated AI Claims
Supervisors on both sides of the Atlantic are no longer content with soft warnings about artificial intelligence (AI) hype. From the United States Securities and Exchange Commission (SEC) to the United Kingdom’s Advertising Standards Authority (ASA), the direction of travel is clear: say what you do, do what you say – and prove it. Regulators…