Droit Expands Cloud Data Privacy Safeguards with ISO 27018 Certification

Droit, a RegTech firm best known for applying computational law to complex financial regulation, has added another layer of assurance to its cloud services. The company has achieved ISO/IEC 27018:2019 certification, an international benchmark for protecting personally identifiable information (PII) in public cloud environments.

This new certification sits alongside Droit’s existing ISO/IEC 27001:2022 and ISO/IEC 27017:2015 credentials, both of which were recently renewed. Together, the trio provides a framework that strengthens security and privacy practices for global financial institutions moving more of their infrastructure to the cloud.

Why ISO 27018 Matters

Data privacy is a regulatory priority across markets. ISO/IEC 27018 was developed specifically to help cloud service providers demonstrate that they manage personal data responsibly and in line with evolving global rules. Importantly, the standard aligns with the EU’s General Data Protection Regulation (GDPR), covering how organizations process and safeguard personal data.

Kaveh Moravej, Head of Information Security at Droit, said, “ISO 27018 is the world’s best-known privacy standard for the cloud and is a natural evolution from our ISO/IEC 27001 and ISO/IEC 27017 certifications. To successfully achieve ISO 27018, we augmented our existing security and privacy programs. This included working across the business on new protocols and raising awareness to ensure all the requirements of the standard were met. We are now able to more easily address existing and future, ever-changing global data privacy regulations and give our clients the confidence that we are fully aligned with their data privacy needs.”

For financial institutions, independent certifications are a form of assurance. They help firms demonstrate compliance while relying on vendors like Droit for cloud services. The external audit process confirmed that Droit’s controls meet internationally recognized benchmarks.

Peter Bals, Chief Technology Officer at Droit, said, “Droit’s ISO certifications underscore our commitment to the safeguarding of both cloud security and data privacy to build trust with the global financial institutions we serve. Achieving ISO 27018 provides independent validation of our focus on security and cements our position as a major cloud services provider. These best practice controls are integral to supporting clients on their cloud journeys.”

Broader Context

Droit’s step reflects a broader industry trend: as financial services continue to migrate sensitive processes into public cloud environments, clients expect not only robust security but also compliance with a patchwork of privacy regulations worldwide. Independent standards like ISO 27018 offer a common baseline, reducing complexity for firms operating across multiple jurisdictions.

By layering ISO 27018 onto its existing security certifications, Droit signals that its cloud services are designed with both resilience and regulatory alignment in mind – a factor that increasingly influences vendor selection in regulated financial markets.

Droit was audited by an external, independent, and accredited team as part of the ISO certification process.

CITGO Petroleum Implements Behavox Platform for Regulatory Archiving and Communications Surveillance

Behavox, the AI-powered communications surveillance provider, has announced that CITGO Petroleum Corporation has gone live with its platform for Regulatory Archiving and Communications Surveillance. CITGO, a major U.S.-based oil refiner, adopted the solution to strengthen its compliance programme and address evolving regulatory risks.

With the new platform, CITGO gains access to AI-driven risk policies, high-quality alerts, and advanced testing tools aimed at improving both protection and operational efficiency. Behavox deployed a dedicated implementation team to ensure rapid onboarding while minimising the workload for CITGO’s staff.

The launch highlights Behavox’s growing presence in the energy and commodities sector, where more organisations are seeking intelligent, scalable solutions to meet complex compliance requirements and operational challenges.

RepRisk Feeds Business Conduct Data into BlackRock’s Aladdin to Bolster ESG Oversight

Reputational risk specialist RepRisk has integrated its AI driven dataset—covering 100?+ risk factors across 400,000?+ public and private entities—into BlackRock’s Aladdin investment platform. The link gives portfolio managers real-time “outside in” alerts on corporate misconduct directly inside their trading and risk workflows.

“We are proud to serve the global asset management and asset owner community through BlackRock’s Aladdin® platform with RepRisk’s global standard for business conduct data, increasing performance and peace of mind,” said CEO Philipp?Aeby.

“We’re excited to expand our collaboration with RepRisk and provide our clients with access to comprehensive business conduct data,” commented Bernadette Rivosecchi, Managing Director and Head of Aladdin Sustainability. She continued, “The integration of RepRisk’s data into the Aladdin® platform expands the coverage of companies – especially in private markets – and risk factors, enabling our clients to make more informed investment decisions.”

The move complements RepRisk’s existing presence on BlackRock’s eFront platform for alternatives and tightens ESG surveillance amid rising regulatory scrutiny.

Nasdaq Verafin Pilots Agentic AI AML-Workers

Nasdaq’s anti financial crime arm, Verafin, is piloting a set of agentic AI ‘digital workers’ designed to handle the labour-intensive parts of anti money laundering (AML) compliance – tasks such as clearing false positive sanctions alerts and performing routine enhanced due diligence (EDD) reviews.

Financial crime teams remain under heavy pressure. In a survey of more than 200 industry professionals, Verafin found that threequarters of respondents had hired more staff over the past year, yet almost half still felt short of the resources and technology needed to keep pace with regulators. Automating low risk, high volume work promises a way to redeploy scarce human investigators to the complex cases that matter most.

What the AI Workers Do

• Sanctions screening agent: Reviews alert queues, fully documents low risk false positives, and escalates genuine matches for human follow up.
• EDD analyst: Automates scheduled customer risk reviews, closing straightforward low risk cases and flagging those that warrant deeper scrutiny.

Nasdaq’s anti financial crime arm, Verafin, is piloting a set of agentic AI ‘digital workers’ designed to handle the labour-intensive parts of anti money laundering (AML) compliance – tasks such as clearing false positive sanctions alerts and performing routine enhanced due diligence (EDD) reviews.

Financial crime teams remain under heavy pressure. In a survey of more than 200 industry professionals, Verafin found that threequarters of respondents had hired more staff over the past year, yet almost half still felt short of the resources and technology needed to keep pace with regulators. Automating low risk, high volume work promises a way to redeploy scarce human investigators to the complex cases that matter most.

What the AI Workers Do

• Sanctions screening agent: Reviews alert queues, fully documents low risk false positives, and escalates genuine matches for human follow up.
• EDD analyst: Automates scheduled customer risk reviews, closing straightforward low risk cases and flagging those that warrant deeper scrutiny.

Both tools are in beta, with a broader rollout expected later in the year.

Regulators have signalled growing tolerance for responsible AI deployment in compliance, provided firms maintain robust oversight. Independent AML consultants note that digital co-workers can cut investigation times but caution that firms will need clear audit trails if decisions are challenged.

Rob Norris, Verafin’s head of product, framed the initiative as a way to let compliance teams focus on “the important work of tackling serious financial crimes such as human trafficking, drug trafficking, and other facets of organized crime.”

If the beta proves reliable, banks could see a double benefit: reduced operational spend on routine alert handling and faster escalation of true risk, a combination some analysts say is essential as sanctions regimes and criminal typologies rapidly evolve. Both tools are in beta, with a broader rollout expected later in the year.

Regulators have signalled growing tolerance for responsible AI deployment in compliance, provided firms maintain robust oversight. Independent AML consultants note that digital co-workers can cut investigation times but caution that firms will need clear audit trails if decisions are challenged.

Rob Norris, Verafin’s head of product, framed the initiative as a way to let compliance teams focus on “the important work of tackling serious financial crimes such as human trafficking, drug trafficking, and other facets of organized crime.”

If the beta proves reliable, banks could see a double benefit: reduced operational spend on routine alert handling and faster escalation of true risk, a combination some analysts say is essential as sanctions regimes and criminal typologies rapidly evolve.

HK Government Backs ESG Compliance Provider Diginex

ESG reporting technology provider Diginex has received funding from the Hong Kong government to expand its artificial intelligence-driven functionality to help financial institutions meet sustainability compliance obligations.

The investment of an undisclosed sum follows the company’s US$2 billion acquisition of AI-driven data management and customer engagement business Resulticks Global Companies early in June.

Diginex said its expanded AI features will streamline ESG reporting processes. It will be “jointly developed with a leading financial institution through a co-creation collaboration model promoting commercialisation and wider adoption,” the company said.

The technology is built to enable compliance with regulations based on the Sustainability Standards Board (ISSB) and International Financial Reporting Standards (IFRS) frameworks.

KGI Securities Singapore Implements Scila Risk for Enhanced Multi-Asset Risk Management

Scila AB, the risk and surveillance solutions provider, has successfully deployed Scila Risk at KGI Securities Singapore, to support its equities and derivatives operations. The implementation consolidates KGI’s legacy risk systems into a single, multi-asset platform, covering equities, commodities, FX derivatives, and Spot FX. This move enhances operational efficiency, optimises collateral usage, and provides a unified view of risk exposure across asset classes.

Scila Risk’s real-time capabilities enable KGI to monitor and calculate risk across various instruments and markets, offering greater flexibility and scalability. The platform features advanced tools such as “time warp” analysis and “what-if” simulations, equipping KGI with deeper insights into market scenarios. The adoption of Scila’s solution marks a significant step in strengthening KGI’s risk management framework, positioning it for greater agility in responding to market changes and regulatory developments.

NeoXam Enhances Gérifonds’ Regulatory Compliance Capabilities

Gérifonds, a fund management subsidiary of Banque Cantonale Vaudoise (BCV), has expanded its long-standing relationship with software provider NeoXam, aiming to improve regulatory compliance and operational efficiency.

Operating in Switzerland’s demanding regulatory environment, Gérifonds manages 138 funds totalling CHF 21.6 billion. To navigate complex regulations – such as the Collective Investment Schemes Act (CISA) and associated ordinances (CISO and CISO-FINMA) – Gérifonds has adopted NeoXam’s Compliance solution to automate regulatory oversight.

NeoXam Compliance acts like an automated monitoring system, continuously evaluating portfolio positions for compliance breaches. If an issue arises, the system issues immediate alerts accompanied by a detailed audit trail, enabling Gérifonds to swiftly resolve breaches and maintain robust regulatory adherence.

The new capabilities build upon Gérifonds’ use of NeoXam’s GP investment accounting software, which has been in place for two decades. The combined solutions provide a streamlined workflow where anomalies are rapidly identified and resolved.

Philipp Sfeir, NeoXam’s Head of EMEA North, explained that while NeoXam Compliance comes pre-loaded with the “Swiss Rule Package,” users can add customized rules, enabling tailored compliance monitoring for investment-specific policies, including asset-type distributions and issuer concentration limits.

“In addition to the compliance offering, Gérifonds successfully utilises the latest generation of our investment accounting solution, GP4,” added Sfeir, highlighting the integrated approach Gérifonds employs to maintain operational effectiveness.

LeapXpert Acquires StartADAM and Broadens Channel Compliance Coverage

Communications compliance provider LeapXpert has acquired cross-platform messaging startup StartADAM extending its reach in the governed-messaging niche. Announced in New York on June 3, the deal folds StartADAM’s people, intellectual property, and product into The LeapXpert Communications Platform, adding fresh AI muscle, two new messaging channels, and three CRM connectors.

By integrating StartADAM’s agentic AI into LeapXpert’s existing intelligence layer (Maxen), the combined platform now auto-summarises threads and extracts action items in real time—functions that compliance and front-office teams typically bolt on via third-party add-ins.

“This is a natural evolution for our product and mission,” said Dima Gutzeit, Founder and CEO of LeapXpert. “StartADAM’s innovations in AI, Slack, Discord, and CRM will be deeply embedded into our platform—unlocking powerful new capabilities for our customers. It’s another important step as we scale the platform across new verticals, channels, and intelligence layers.”

New and expanded channels

Discord (in beta): Popular with gaming studios and crypto firms, Discord is edging into mainstream business use. LeapXpert says governed Discord support will shortly join its roster of WhatsApp, iMessage, SMS, Telegram, Signal, WeChat, and LINE.

Deeper integration with Slack: Corporate users can already route external chats through Slack, but the strengthened “Governed Mode” keeps them inside Slack while handling WhatsApp or other consumer apps in the background—key for advisors who live in channel-centric workflows.

CRM synchronisation: Native two-way sync with Salesforce, HubSpot, and Microsoft Dynamics means contacts, chat history, and context now flow automatically between front-office systems and messaging channels. Closing that loop is a common pain-point for firms juggling relationship data and retention rules.

“StartADAM shares our belief in intelligent, responsible business communication,” noted Avi Pardo, Co-Founder and CBO of LeapXpert. “We built StartADAM to reduce friction in business communications and add a layer of collective intelligence to conversations,” added Adam Stone, Co-Founder of StartADAM. “Joining LeapXpert gives us the reach and infrastructure to deliver on that mission at a global, enterprise scale.”

The announcement lands a few months after LeapXpert’s Portage-led Series B and a run of analyst recognition—including Most Innovative Trade Surveillance Solution in A-Team Group’s Innovation Awards 2025 and Visionary status in Gartner’s 2025 Digital Communications Governance & Archiving Magic Quadrant.

Less than 3 Months until Canadian OTC-Derivatives Trade Reporting Rewrite Enters Force

Canada’s long-awaited rewrite of its OTC-derivatives trade-reporting regime enters force on 25 July 2025, completing a multi-year effort by the Canadian Securities Administrators (CSA) to bring national rules into line with global data standards and the U.S. CFTC’s 2024 “swap-data” overhaul.? 

The amendments—first published in final form on 25 July 2024—touch every province and territory and will require virtually all swap dealers, clearing venues and many buy-side end- 

The new framework more than doubles the number of reportable data fields (from 72 to 148) and embeds the CPMI-IOSCO Common Data Elements alongside mandatory Unique Transaction and Product Identifiers, closing long-criticised cross-border gaps in the Canadian dataset.? 

A revised hierarchy now makes the “financial entity” among two Canadian dealers the default reporting party, while certain trades executed on recognised derivatives trading facilities shift the burden from dealers to the venue itself—moves designed to curb duplicate submissions and align with CFTC practice.? 

Error-handling rules have also tightened: firms must alert regulators to any “significant” inaccuracy as soon as practicable—and no later than the close of the next business day—bringing Canada into step with U.S. swap-data rules.? 

Technical specifications for every field, including XML schemas, sit in a new CSA Derivatives Data Technical Manual, giving market participants a single source of truth for permissible values and file formats. 

Implementation testing is already under way. DTCC’s designated Canadian repository opened a simulator on in March and followed with full end-to-end certification in April. Rival repositories have published near-identical schedules, leaving firms less than three months for defect remediation.? 

Legal advisers warn that buy-side entities relying on delegated arrangements will need to verify that new collateral, margin and lifecycle fields are correctly captured, while wealth-management affiliates may face position-level reporting for the first time.? 

For global dealers, the rewrite should simplify cross-border reporting once initial re-tooling costs are absorbed. By mirroring CFTC rule-text and embedding international Common Data Elements (CDEs), Canada removes a long-standing source of fragmentation that forced firms to maintain parallel mappings for ostensibly identical swaps.? 

Regulators, meanwhile, gain cleaner, more comparable data for systemic-risk surveillance—particularly valuable as interest-rate, commodities and crypto-linked derivatives volumes migrate between North American venues. With the clock ticking, market participants now face a tight—but achievable—window to finish development, certify with their trade repositories and lock down operational playbooks before the 25 July go-live. Failure to do so could leave firms unable to submit day-one reports and expose them to enforcement action from provincial regulators.?

ACA Adds Transaction Cost Analysis Capabilities with Global Trading Analytics Acquisition

ACA Group has acquired Global Trading Analytics (GTA), expanding its capabilities in transaction cost analysis (TCA) and best execution support across global financial markets. The move strengthens ACA’s positioning as a provider of technology-enabled governance, risk, and compliance (GRC) solutions, particularly for firms navigating increasingly complex regulatory expectations.

GTA, based in Rutherford, New Jersey, brings with it a long-established reputation in multi-asset class TCA, including equities, fixed income, foreign exchange, futures, and derivatives. Its client base—comprising investment advisers, asset managers, broker-dealers, and wealth managers—will now have access to ACA’s broader suite of compliance and risk solutions. Nearly half of GTA’s clients already work with ACA, offering opportunities for deeper integration.

TCA has grown in importance as regulators continue to scrutinize execution quality. The data-intensive process helps firms measure both explicit and implicit trading costs, allowing them to evaluate broker performance, refine algorithmic strategies, and demonstrate compliance with best execution standards.

Commenting on the rationale behind the deal, ACA CEO Patrick Olson said: “The acquisition of GTA underscores our ongoing commitment to expanding our offerings and equipping our clients with the tools and expertise they need to meet evolving compliance requirements.”

GTA’s leadership sees the transaction as an opportunity to scale while maintaining continuity for existing clients. “Along with my fellow co-founders, Joe Arleo and Clem Cheng, we’re pleased that this partnership ensures our clients will continue to receive the high-touch service they rely on, now strengthened by ACA’s complementary capabilities and broad resources,” said John Halligan, Co-Founder and President of GTA.

The combined offering is expected to deliver enhanced support for firms seeking to reduce trading costs, optimize execution quality, and meet regulatory obligations with confidence.