A conversation with a governance, risk and compliance (GRC) leader at one of the world’s most valuable FinTech firms has shed light on how the most sophisticated players in the industry are approaching the compliance technology stack — and the picture is one of wholesale reinvention, not incremental improvement, claims Areg Nzsdejan, CEO of Cardamon.
The first and clearest takeaway: AI-assisted compliance is no longer a differentiator. Every compliance officer of note is using AI to drive personal efficiency, and doing so is now considered baseline. It is not simply encouraged — it is expected, suggested Nzsdejan in a recent LinkedIn post.
But the more significant shift is structural. Rather than upgrading individual tools in isolation, leading compliance teams are reconsidering their entire stack simultaneously. A point solution, however capable on its own, is of limited value if it cannot integrate with the broader compliance environment — and crucially, with the AI-driven workflows that compliance officers now depend on.
What does this mean in practice? According to the GRC leader, legacy solutions are struggling to keep pace. In their current form, few if any of the organisation’s existing providers are meeting the bar. The implication is not that everything will be built in-house, but that off-the-shelf solutions will need to earn their place in a far more demanding environment.
The requirements being articulated are precise: high-quality regulatory data — given that poor inputs produce poor outputs — alongside robust auditability, scalability across large user bases, consistent taxonomies, and reliable workflows. These are not aspirational features; they are table stakes for solutions hoping to remain relevant.
The clearest threat emerging from this shift is to inflexible platforms that require compliance teams to adopt their own user interfaces, data structures, or operational models. Solutions that impose their architecture on users, rather than adapting to the user’s needs, are increasingly at risk of being displaced.
By contrast, infrastructure-layer solutions that provide the scaffolding for compliance teams to build around — such as Cardamon, a Y Combinator W25 company — are well-positioned to become embedded, critical infrastructure in the next generation of the RegTech stack. The prize for those that can deliver flexibility, data quality, and AI-native design is significant.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
