CUBE Expands AI Capability with Acquisition of Kodex AI

Automated regulatory intelligence innovator CUBE has acquired Berlin-based Kodex AI, a technology start-up recognised for applying agentic AI to compliance and risk management in financial services. The move strengthens CUBE’s position in automated regulatory intelligence (ARI) and regulatory change management (RCM), while advancing its goal of building the “third pillar” of its AI platform.

Kodex AI’s agentic architecture introduces “co-worker” functionality, enabling AI to act as a digital colleague within compliance workflows. Its technology blends fine-tuned AI models with regulatory data and knowledge graphs, designed to enhance automation and accuracy in monitoring evolving rules. The integration will extend the capabilities of CUBE’s RegPlatform, providing customers with deeper, AI-driven insight and control over regulatory change.

The acquisition also brings new technical talent to CUBE, with Kodex AI’s Berlin-based team joining the business. Having developed a large-language model for financial document analysis through Deutsche Bank’s Entrepreneur-in-Residence Programme, Kodex can demonstrate the precision and domain expertise behind its technology.

CUBE founder and CEO Ben Richmond said: “Thomas and Claus have built an exceptional and disruptive European technology business, pioneering the use of agentic AI through an agent-based architecture to solve regulatory complexities. Kodex AI is a natural next step in CUBE’s strategy, allowing us to instantly deliver enhanced, AI-based compliance and risk capabilities to our global customers.”

Kodex AI co-founder Thomas Kaiser described the integration as a rare opportunity to reshape the industry: “Combining Kodex AI’s technology leadership with CUBE’s market-leading regulatory and risk data is a once-in-a-lifetime opportunity to redefine the compliance and risk space. This is the perfect use case for advanced AI, and together we’ll push the boundaries of what’s possible.”

CUBE serves around 1,000 customers globally and employs more than 800 people across 20 countries. Backed by private-equity firm Hg since March 2024, the company has pursued a strategy of expanding its unified RegPlatform™ through targeted acquisitions, including Thomson Reuters Global Regulatory Intelligence, Oden, Reg-Room and Acin.

Hg director Thomas Martin said: “This acquisition once again highlights CUBE’s ambition and drive to change the status quo for the RegTech industry. Since inception, Ben has been driving the business to embrace the latest technology and the addition of Kodex AI will significantly boost the team’s agentic AI capabilities.”

ISITC Europe and Genbounty Partner to Offer Independent Audits Aligned with EU AI Act

In a move to support regulated firms across Europe, ISITC Europe CIC has forged a partnership with AI compliance platform Genbounty to deliver third-party AI audits and accreditation. The objective: help organizations build credible AI governance programs and ensure alignment with evolving regulatory standards.

Tackling the AI Governance Gap

As AI deployments proliferate in financial services and capital markets, many firms struggle to translate high-level rules into operational controls. While the EU AI Act defines a compliance baseline, supervisory expectations vary across jurisdictions. In the UK, the FCA’s stated approach is technology agnostic and outcomes-focused, applying existing regulatory frameworks to firms’ use of AI rather than creating AI-specific rules. This stance is reflected across its AI Update, press material and speeches—and operationalised via initiatives like AI Live Testing.

Gary Wright, Director of Industry Affairs and one of ISITC Europe’s founders, underscores the challenge. He argues that firms need clarity on how their AI components affect risk, controls, and accountability. Under this partnership, “ISITC Europe as a not-for profit community interest company will act as an independent resource for members to help manage their AI components and ensure compliance.” The offering will include audits, access to verified AI testers, workshops, benchmark reports, and post-market monitoring.

From Genbounty’s side, co-founder Rob Morel positioned the platform’s role as providing ongoing regulatory insight. He explained that the system will keep users apprised of changes and help them understand “AI components utilised across enterprises.” Through the MOU, Genbounty’s tools and vetted testers will be made available to ISITC Europe’s membership.

What This Enables — and What Still Must Be Built

This collaboration is not simply a new service launch, but a signal of maturation in the AI compliance space. By offering independent assessments, it helps fill a gap between regulation and implementation, particularly for institutions lacking internal AI expertise.

Still, several challenges lie ahead:

• Operationalizing audits. Translating compliance results into practical remediation plans will require domain experience in AI, model risk management, and financial workflows.
• Maintaining independence. As audits are performed by a provider with commercial ties, perceptions of impartiality must be managed.
• Evolving rules. The EU AI Act itself is dynamic; firms will need to continually adapt their controls as standards are refined.

Nonetheless, for firms seeking credible third-party validation of AI governance, this new path offers a clearer route than doing so in isolation.

ACA Group Introduces a New Framework to Strengthen Buy-Side Market Abuse Controls

Amid growing regulatory pressure and heightened investor scrutiny, ACA Group has unveiled a new Market Abuse Risk Framework aimed at helping UK and European buy-side firms identify, manage, and monitor market abuse risks across trading activities.

The initiative arrives as the Financial Conduct Authority (FCA) steps up enforcement with a five-year strategy that prioritises market abuse and accountability under the Senior Managers and Certification Regime (SM&CR). Recent insider trading cases and the regulator’s July 2025 consultation on SM&CR reforms have further raised expectations for demonstrable, firm-wide conduct frameworks aligned with MAR and MiFID II.

Developed by ACA practitioners with extensive buy-side experience, the framework integrates surveillance, conduct, and control reviews into a single, regulator-ready model. It maps market abuse offences across asset classes, supports policy and procedure assessments, and evaluates surveillance technologies to ensure alignment with firms’ risk profiles. The solution also includes a proprietary question bank drawn from ACA’s client work and provides practical guidance on maintaining and updating the framework over time.

“What truly differentiates this solution is the depth of expertise driving it,” said Raj Somal, Partner at ACA Group. “Our clients are navigating increasingly-complex trading, and jurisdictional and infrastructure environments, and often without a clear, actionable view of their market abuse risk. This isn’t just a health check; it’s a dynamic, evolving programme that firms can use to strengthen governance, meet evolving regulatory and business expectations, and build investor confidence.”

The Market Abuse Risk Framework complements ACA’s broader compliance ecosystem, including its ComplianceAlpha® platform, which offers surveillance and monitoring tools spanning trade and communications activity, conflicts of interest, expert networks, and research oversight. Combined with advisory and managed services, these tools enable firms to remediate findings, enhance governance, and maintain ongoing compliance amid shifting regulatory expectations.

ACA will host a live session on 23 October 2025 to discuss the rising focus on market abuse, surveillance practices, and senior manager accountability across the buy-side sector.

Kaizen Unveils MAR360 to Tackle Market Abuse Risk with Integrated Surveillance and Training

Kaizen has unveiled MAR360, a new compliance suite aimed at helping financial institutions manage the complex challenge of detecting and preventing market abuse. The release reflects a growing regulatory push to tighten controls and ensure firms can demonstrate robust frameworks to supervisors.

The suite brings together three elements: a market abuse risk assessment tool, trade and communications surveillance technology, and a training programme led by industry experts. The risk assessment module analyses more than 27 distinct risk areas, drawing on past enforcement actions and industry practice. According to Kaizen, the design – supported by AI techniques – is intended to flag vulnerabilities that might otherwise remain hidden.

The surveillance platform and training programme complement the risk framework, offering firms an integrated approach. Training is delivered by subject-matter specialists and former regulators, with ongoing support to help remediate gaps and strengthen operational resilience.

Simon Appleton, Market Abuse & Surveillance Director at Kaizen, said: “Our MAR360 solution moves beyond standard surveillance systems to the proactive management of market abuse risk, supporting the Financial Conduct Authority’s five year strategy to fight financial crime. As global regulators continue to focus on market abuse, firms need to integrate their solutions and controls to demonstrate to regulators how they are taking steps to detect and prevent market abuse incidents happening in the first place.”

By aligning technological tools with regulatory expectations, Kaizen is positioning MAR360 as a resource for institutions looking to evidence control and readiness in an environment where scrutiny of market conduct is steadily increasing.

Social Media-Linked Surveillance by Deutsche Börse, Scila and Stockpulse

Deutsche Börse has expanded its market surveillance capabilities by incorporating social media intelligence into its Scila powered surveillance platform. The move reflects a growing recognition of the role social media plays in market dynamics and the risks it presents for manipulation and misinformation.

The integration, delivered through a collaboration between Scila and German analytics specialist Stockpulse.AI, brings near real-time monitoring of millions of social media posts, alongside data feeds covering more than 70,000 global equities and thousands of cryptocurrencies. The combined system gives Deutsche Börse’s surveillance team a broader perspective, correlating trading activity with social media sentiment and news buzz to identify potential irregularities faster. Andreas Mitschke, Head of Trading Surveillance at Deutsche Börse, noted that “the ability to correlate trading patterns with social media activity provides our team with crucial context for investigating potential market abuse.”

Scila’s chief executive, Mikko Andersson, described the development as “a natural evolution in market oversight,” stressing the importance of combining traditional market data analysis with social intelligence to deliver a fuller picture of risks. The company sees the joint offering as an additional layer of defence for exchanges and regulators seeking to keep pace with the speed of information flows across digital platforms.

For Stockpulse, the collaboration highlights the value of applying artificial intelligence to large-scale, unstructured data. “Our advanced algorithms and AI applications analyse millions of social media posts and news articles in near real-time, providing actionable intelligence that helps surveillance teams identify unusual patterns and potential market manipulation,” said CEO Dr. Stefan Nann.

By adopting this solution, Deutsche Börse becomes the first major exchange to embed social media intelligence directly into its surveillance workflows. The enhancement is intended to improve efficiency, provide earlier detection of suspicious behaviour, and ultimately strengthen market integrity. The same integrated capabilities are now available to other Scila Surveillance clients, with options for tailoring to specific regulatory or operational needs.

Qomply Brings in Former FCA Regulator to Drive Global Growth

Qomply has strengthened its leadership team with the appointment of Neil Treloar as Chief Operating Officer, underscoring its ambition to scale internationally in regulatory reporting. Based in London, Treloar joins at a pivotal point in the firm’s expansion, bringing a rare combination of supervisory, policy and market experience.

Treloar’s career spans more than three decades across wholesale markets, regulatory strategy and financial technology. At the Financial Conduct Authority(FCA), he held senior roles including Lead Supervisor for Wholesale Brokers Fixed and Senior Associate overseeing Trading Venues and (CRA) oversight. Prior to that, as Head of Regulatory Strategy at Tradition, he played a central role in shaping MiFID II policy and Brexit planning, liaising directly with UK and EU authorities. His earlier career included senior posts at JP Morgan and NatWest Markets, where he cut his teeth on the LIFFE floor.

Qomply’s co-founder Michelle Zak highlighted Treloar’s mix of perspectives: “Neil’s combination of regulatory expertise, financial technology, and global market experience makes him an invaluable addition to our team.” She noted that his arrival comes as the firm looks to build out its operational resilience and client delivery internationally.

For Treloar, the move is about timing as much as opportunity. “I am excited to be joining Qomply at such a pivotal moment in its growth journey. The firm has built a strong reputation for innovation and accuracy in regulatory reporting, and I look forward to working with the talented team here to expand our global footprint and deliver even greater value to clients worldwide,” he said.

The appointment reflects broader momentum in the regulatory reporting market, where firms are under mounting pressure to achieve both accuracy and efficiency in their submissions. Qomply’s decision to recruit a senior figure with both supervisory and market experience signals its intention to position itself as a trusted partner in this space, as global reporting standards continue to evolve.

Shield and PwC Partner on Communications Surveillance

Shield and PwC UK have joined forces to help financial institutions modernise their approach to monitoring digital communications. The collaboration combines Shield’s AI-first platform for governance and archiving with PwC’s experience in surveillance delivery, compliance, and programme execution.

The initiative is aimed at enabling firms to adopt more proactive and scalable risk management. By uniting technology and specialist expertise, the two organisations seek to provide an end-to-end solution that addresses evolving regulatory expectations and improves oversight of electronic communications.

“This is more than a collaboration, it is a signal to the market that communication compliance can be both transformative and trusted,” said Shiran Weitzman, CEO and co-founder of Shield. “Together with PwC, we are helping firms modernise communications oversight and defend their firm from risk and vulnerabilities while accelerating operational efficiencies.”

From PwC’s perspective, clients are increasingly seeking efficiency and flexibility in how surveillance models are deployed. “Our clients want less noise and more flexibility to deploy models that support existing and new risks, delivered at a lower annual cost,” said Graham Ure, Partner, PwC UK. “Our collaboration enables a bold vision for future eCommunications surveillance, bringing together Shield’s AI-first platform with PwC’s surveillance and market abuse expertise.”

Navigating Surveillance Complexity

Communications surveillance has become more demanding as regulators intensify scrutiny, AI tools evolve, and firms contend with a wider array of communication channels. Shield’s platform offers automation and scale, while PwC provides guidance on surveillance strategy, operating model design, and managing implementation risk. The combination is intended to help institutions achieve faster, more defensible deployments than the industry norm.

Beyond technology, the collaboration seeks to deliver explainable and effective compliance outcomes that can withstand regulatory challenge. Services extend from data sourcing and risk model calibration to testing and governance frameworks.

Industry Position

Shield has been recognised as a Visionary in Gartner’s 2025 Magic Quadrant™, ranking among the top three vendors for regulatory compliance, and securing #1 positions in AI/ML, connectors, and policy management. PwC contributes a dedicated team of surveillance specialists with a track record in complex programme delivery and regulatory engagement.

Together, the two organisations aim to turn advanced technology into practical, trusted compliance outcomes with measurable results.

Ascent Joins Acuity to Boost AI-Led Digital Transformation Capabilities

Acuity Knowledge Partners has agreed to acquire Ascent, a European provider of AI-powered digital transformation services, in a deal due to close at the end of September 2025. The move is set to expand Acuity’s Data and Technology Services (DTS) division, strengthening its technology and AI-led solutions.

Ascent brings a team of 550 specialists in data, software and cloud technologies, serving more than 170 clients across seven European jurisdictions. Its addition will broaden Acuity’s sector reach into areas such as reinsurance, pharmaceuticals, manufacturing and retail.

Explaining the significance of the deal, Robert King, Chief Executive Officer at Acuity, said: “Our acquisition of Ascent is a transformative moment. Acuity has invested in and built a fast-growing practice delivering data management and technology led services and solutions. By acquiring Ascent, we are taking our expertise and ability to offer our clients innovative AI-led solutions to another level. We are turbo-charging the way we can assist Acuity and Ascent clients with their digital transformations and AI adoption. This acquisition also takes us into new sectors such as reinsurance, pharma, manufacturing and retail for the first time. The acquisition enables Acuity to deliver from, and into, new markets. I am really excited at the prospect of what we can achieve together, and we warmly welcome the Ascent staff to the Acuity family.”

Jon O’Donnell, Acuity’s Chief Operating Officer, linked the acquisition to the firm’s AI roadmap: “The Ascent business is a great addition to Acuity and will build on the progress we have made with our AI solutions following the launch of our Agentic AI platform, Agent Fleet. The acquisition of Ascent will boost our capacity to provide best-in-class technology advisory services to our clients. I am excited to partner with Stewart and the Ascent team to significantly grow our DTS business.”

For Ascent, the partnership represents both continuity and expansion. Stewart Smythe, Chief Executive Officer at Ascent, commented: “Combining Ascent’s market-leading data and AI capability in Europe with Acuity’s industry-leading AI innovation and deep domain expertise is exciting. Acuity’s strategic aim to build a global technology services business unit to complement its capabilities and build broader relationships with its existing clients is exactly the opportunity my team were looking for, and we are excited to work with Robert King, Jon O’Donnell and the entire Acuity team.”

The acquisition reflects Acuity’s strategy in recent years to build a technology services arm alongside its core strengths in research, analytics and data management. It also enhances its global delivery network and builds on Ascent’s existing alliance with Microsoft.

Quantexa Survey Reveals Confidence Gap in Community Bank AML Defences

On paper, mid-size and community banks in the United States should feel secure. A recent survey found that 94% of anti-money laundering (AML) professionals at these institutions are confident in their ability to spot criminal activity. But confidence can be deceptive. Nearly half of those same professionals admitted their investigations are slow, inefficient, and undermined by outdated technology.

This tension – between confidence and capability – sits at the heart of a new study conducted by Quantexa, which surveyed 200 AML specialists. The findings shed light on an industry segment that rarely makes headlines yet plays a critical role in the American economy. These banks are the lenders of choice for small businesses and local communities. They are also increasingly on the front lines of a global financial crime problem that the United Nations Office on Drugs and Crime estimates drains $800 billion to $2 trillion each year, or roughly 2–5% of global GDP.

Large international banks often attract regulatory attention and media scrutiny, but smaller regional institutions face the same compliance expectations – with far fewer resources to meet them. Their teams are lean, their systems often dated, and their budgets stretched thin. That leaves them vulnerable to increasingly sophisticated criminal networks that exploit technological gaps as readily as legal ones.

The survey findings make the challenge clear. Almost half of respondents pointed to outdated systems, fragmented data, and the absence of real-time monitoring as their biggest barriers to effective AML. Others highlighted operational inefficiencies: investigations bogged down by high false positives and manual processes that drain limited staff capacity. Nearly half also acknowledged a lack of in-house expertise to modernise AML programmes.

“Mid-size and community banks are the heart of Main Street America, powering small business growth and local economies,” said Chris Bagnall, Head of Financial Crime Solutions for North America at Quantexa. “With financial crime evolving faster than ever and outdated systems leaving them exposed, these banks have a critical opportunity to harness better data and AI to make smarter decisions and protect the communities and businesses they serve.”

Yet technology is only part of the equation. Regulatory uncertainty compounds the problem. Forty-five percent of AML professionals surveyed said unclear guidance around new tools such as AI is slowing progress. The result is what many describe as “decision paralysis” – a reluctance to invest in innovation without clearer signals from regulators.

Despite these headwinds, there are signs of optimism. The vast majority of respondents see AI, contextual data, and real-time monitoring as essential to modernising their programmes. Nearly all (93%) said that information sharing between banks under Section 314(b) of the USA PATRIOT Act is critical for detecting illicit activity. Collaboration – both across institutions and with regulators – is increasingly seen as a way to level the playing field.

The report concludes with a call to action: modernise outdated systems, invest in people and processes, and move beyond static monitoring to dynamic, data-driven defences. The message is clear – failing to adapt risks leaving the institutions that power America’s local economies exposed to growing threats.

What emerges is more than a snapshot of survey data. It is a story of resilience under strain. Mid-size and community banks may be confident, but unless they bridge the gap between perception and reality, their confidence could prove misplaced. In an era when financial crime is evolving faster than ever, standing still is not an option.

Droit Expands Cloud Data Privacy Safeguards with ISO 27018 Certification

Droit, a RegTech firm best known for applying computational law to complex financial regulation, has added another layer of assurance to its cloud services. The company has achieved ISO/IEC 27018:2019 certification, an international benchmark for protecting personally identifiable information (PII) in public cloud environments.

This new certification sits alongside Droit’s existing ISO/IEC 27001:2022 and ISO/IEC 27017:2015 credentials, both of which were recently renewed. Together, the trio provides a framework that strengthens security and privacy practices for global financial institutions moving more of their infrastructure to the cloud.

Why ISO 27018 Matters

Data privacy is a regulatory priority across markets. ISO/IEC 27018 was developed specifically to help cloud service providers demonstrate that they manage personal data responsibly and in line with evolving global rules. Importantly, the standard aligns with the EU’s General Data Protection Regulation (GDPR), covering how organizations process and safeguard personal data.

Kaveh Moravej, Head of Information Security at Droit, said, “ISO 27018 is the world’s best-known privacy standard for the cloud and is a natural evolution from our ISO/IEC 27001 and ISO/IEC 27017 certifications. To successfully achieve ISO 27018, we augmented our existing security and privacy programs. This included working across the business on new protocols and raising awareness to ensure all the requirements of the standard were met. We are now able to more easily address existing and future, ever-changing global data privacy regulations and give our clients the confidence that we are fully aligned with their data privacy needs.”

For financial institutions, independent certifications are a form of assurance. They help firms demonstrate compliance while relying on vendors like Droit for cloud services. The external audit process confirmed that Droit’s controls meet internationally recognized benchmarks.

Peter Bals, Chief Technology Officer at Droit, said, “Droit’s ISO certifications underscore our commitment to the safeguarding of both cloud security and data privacy to build trust with the global financial institutions we serve. Achieving ISO 27018 provides independent validation of our focus on security and cements our position as a major cloud services provider. These best practice controls are integral to supporting clients on their cloud journeys.”

Broader Context

Droit’s step reflects a broader industry trend: as financial services continue to migrate sensitive processes into public cloud environments, clients expect not only robust security but also compliance with a patchwork of privacy regulations worldwide. Independent standards like ISO 27018 offer a common baseline, reducing complexity for firms operating across multiple jurisdictions.

By layering ISO 27018 onto its existing security certifications, Droit signals that its cloud services are designed with both resilience and regulatory alignment in mind – a factor that increasingly influences vendor selection in regulated financial markets.

Droit was audited by an external, independent, and accredited team as part of the ISO certification process.