As financial institutions deepen their reliance on third-party data, automation and RegTech platforms, a fundamental question is emerging beneath the efficiency gains: where should external support end, and where must institutional judgement remain firmly in place?
That tension is increasingly shaping the modern compliance operating model.
Dow Jones operates at the center of this evolution, providing risk and news data and compliance technology used by financial institutions globally. Our unique expertise stems from an editorial heritage and data discipline that has been the backbone of our work since the late 1800’s, materially influenced by our journalistic pedigree and the quality standards of being the publisher of The Wall Street Journal. This commitment to quality has driven us to develop curated risk data sets in collaboration with financial institutions and regulators, ensuring that any technology solution we offer is paired with the best data quality input.
According to Alexandra Colquhoun, Head of Sales, Americas, Risk & Compliance at Dow Jones, the challenge is not simply adopting technology. It is ensuring institutions maintain oversight, accountability, and sound decision-making while doing so, because ultimately, a technology solution is only as good as the input.
Validating proprietary models
One of the most pressing questions facing compliance teams today is how to validate vendor models that institutions did not build themselves.
For Colquhoun, meaningful model validation begins with transparency.
“Meaningful model validation starts with transparency around the inputs, the methodology and the outcomes, even when the model itself is proprietary. Firms may not have access to the underlying intellectual property, but they still need enough visibility to understand how the model works, what data it draws on and whether it is fit for purpose within their own risk environment.”
That visibility should include documentation around data sources, coverage criteria and testing across jurisdictions, as well as evidence demonstrating the model’s performance and consistency over time.
“Validation should not be treated as a one-off exercise. For many compliance teams, it means running vendor models in parallel with existing processes to assess outcomes such as alert quality, false positives and any gaps that may emerge. That ongoing monitoring is a critical part of building confidence in the model’s performance,” she said.
Increasingly, institutions are treating third-party models with the same scrutiny applied to internal systems.
“That is exactly the right approach,” Colquhoun said. “A proprietary model should not be treated as a black box, particularly when it is being used to support important compliance decisions.”
The risk of concentration
As reliance on third-party providers grows, some observers have raised concerns about concentration risk if large parts of the financial system depend on the same data sets.
Colquhoun acknowledges the possibility.
“When most of the financial system relies on the same data set or providers, it could create some sort of concentration risk which creates blind spots and exposure.”
However, she notes that today’s RegTech ecosystem remains diverse, with multiple providers offering different data coverage and technological capabilities.
Where compliance cannot outsource responsibility
Despite the rapid evolution of compliance technology, Colquhoun emphasises that certain decisions must always remain within the institution.
These include defining risk appetite, developing policy frameworks and determining final risk acceptance.
Ultimately, she argues, judgement cannot be outsourced.
“The way you handle suspicious activity reports needs to be something that happens in-house as well as how you handle decisions around sanctions exposure. These kinds of things can not be externalised.”
Automation and the role of human expertise
As automation transforms compliance operations, some have questioned whether it could gradually erode institutional expertise.
Colquhoun sees the opposite potential if organisations implement automation strategically.
“We see automation taking away low value tasks and allowing teams to focus on higher value tasks or more meaningful work,” she said. “What we’re seeing around automation is that programs ensure the analysts are still engaged in higher-level things like investigative work, understanding context and working alongside solutions to challenge outputs and teach and train the technology to be better.”
In this environment, automation changes the role of compliance professionals rather than replacing them shifting their focus toward investigation, contextual analysis and oversight.
And as financial institutions navigate an increasingly complex technology landscape, that human judgement remains the one capability that cannot be externalised.
As regulatory demands continue to evolve, the difference lies in the quality and reliability of the intelligence behind your decisions. Dow Jones brings together rigorously curated data sets, shaped by a journalistic heritage and aligned to real-world regulatory expectations, with continued investment in technology and a trusted partner ecosystem. The result is intelligence that not only keeps pace with change, but helps financial institutions act with greater precision and confidence.
To see how Dow Jones can strengthen your approach, connect with our team.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
