Financial institutions collectively pour more than $300bn into compliance every year. That figure, drawn from research spanning global banking, insurance and asset management, has grown faster than revenue, faster than headcount, and faster than the very regulations it is meant to address.
According to Sherlocq, yet despite that staggering outlay, more than ten million compliance professionals across financial institutions, law firms and consultancies are still relying on tools that would look broadly familiar to an analyst from two decades ago.
Sherlocq recently discussed the fog of compliance and why regulatory intelligence is financial services’ most underserved problem.
The root cause is not a shortage of regulation. It is a shortage of intelligence — the capacity to rapidly locate, interpret, connect and act on regulatory information at the pace modern business demands. That gap defines the next chapter of RegTech, and in 2026 it has finally acquired a name: Regulatory Intelligence AI.
The quiet cost of staying current
Public discourse on compliance costs tends to fixate on enforcement penalties — eye-catching GDPR fines, AML enforcement actions, MiFID II headlines. But the operational burden of simply keeping up with regulation is, for most institutions, a far greater and more persistent drain.
Consider what a mid-sized bank’s compliance function contends with in a typical week. It must monitor more than 100 regulatory bodies across jurisdictions for new guidance, consultations and rule changes. It must cross-reference those updates against existing internal policies, assess their materiality across products and client segments, brief legal, risk and business teams — each with different priorities and questions — and document the entire process for future audit purposes.
Every one of those tasks is labour-intensive, expertise-dependent and time-critical. Most of it is still performed manually. Senior compliance professionals, individuals who have spent years developing finely tuned regulatory judgement, dedicate substantial portions of their working week to what is, at its core, research and synthesis.
Why current tools are not fit for purpose
The RegTech market has expanded considerably over the past decade, but the majority of what has been built is monitoring, not intelligence. The distinction is material. Monitoring tools tell you that something has happened — a new rule has been published, a supervisory statement issued, a consultation paper released. That is useful. It is not enough.
What compliance teams need once the alert fires is the genuinely difficult part: What does this mean in practice? Does it apply to our business? How does it interact with our existing policy architecture? What must change, and by when?
Today’s compliance research tools tend to collapse into three recurring failure modes. First, alert overload: high-volume notification systems that surface everything and leave teams to manually triage what actually matters. Second, siloed coverage: tools that monitor one jurisdiction, one regulatory category or one language with some competence, but cannot synthesise across all three. Third, an absence of interpretive depth: platforms that surface raw regulatory text without connecting it to the institution’s specific context, products or obligations.
Search alone is no remedy either. Querying a regulatory database still requires a trained professional to read, interpret and synthesise the results. The bottleneck has merely been shifted upstream. The fundamental gap is not access to regulatory information — it is the conversion of that information into actionable institutional knowledge, at scale, in context, and with enough time to act.
What genuine regulatory intelligence AI looks like
The phrase “AI in compliance” has been deployed so broadly it has been largely drained of meaning — chatbots, document classifiers, automated alerts dressed up with an AI badge. These are features. They are not regulatory intelligence.
AI-native regulatory intelligence is structurally different. It describes a system built from the ground up to reason about regulatory information the way a deeply experienced compliance professional would — but without the cognitive limitations of a single human working finite hours.
In practice, this requires several interlocking capabilities. Continuous horizon scanning: ingesting regulatory output across hundreds of sources, jurisdictions and languages, and identifying material developments before a human need to engage. Contextual interpretation: understanding not merely what a regulation says, but what it means for a specific institution given its product set, client base and existing policy framework. Change impact analysis: automatically mapping new requirements against current internal procedures and surfacing gaps. And crucially, traceable reasoning: producing outputs that a compliance officer can interrogate, challenge and stand behind — not black-box conclusions.
That final capability is routinely underweighted in RegTech discussions. Compliance is not a domain in which “trust the model” is an acceptable operating principle. Every conclusion must be explainable to a regulator, a board or, if necessary, a court. Whether the context is a DORA-driven ICT risk assessment, a CBUAE governance review or an SEC climate disclosure gap analysis, the output must be traceable to source. Explainability cannot be added retrospectively — it must be embedded in the architecture from the outset.
A new category, not a better search engine
What is taking shape in 2026 is not an incremental improvement on existing compliance tooling. It is an entirely new category.
A useful analogy is the transition from paper maps to real-time navigation. Paper maps provided access to geographic information. Navigation systems provided a route — updated in real time, adapted to the driver’s specific situation, capable of recalculating when conditions changed. Regulatory intelligence AI is the navigation layer for compliance. It does not displace human judgement on high-stakes decisions. It eliminates the hours of manual preparation that precede that judgement, so compliance professionals can direct their expertise toward the decisions that genuinely require it.
The legal sector crossed this threshold two years ago. Harvey AI, now valued at $11bn, demonstrated that a vertical AI platform purpose-built for a professional domain — with genuine depth, institutional-grade trust and workflow-native design — can redefine an entire category. Compliance is next.
The structural advantage of moving early
Institutions that adopt regulatory intelligence infrastructure early will not simply reduce compliance costs. They will acquire a structural advantage: faster responses to regulatory change, fewer policy gaps, stronger audit trails and compliance teams liberated from manual research to focus on the judgement-intensive work that justifies their seniority.
In a landscape where regulators are themselves accelerating, enforcement timelines are compressing, and the definition of a compliant institution is being rewritten in real time, the gap between those with robust regulatory intelligence capabilities and those without will widen quickly — and visibly.
The $300bn compliance problem has a solution. The category is here. For financial institutions navigating accelerating regulatory complexity — from digital asset frameworks to sustainability disclosure requirements to AI governance rules — this is no longer a discretionary investment. A compliance function that cannot operate at the speed of regulation will not be able to operate effectively at all. The only question that remains is who moves first.
Find the full Sherlocq post here.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
