For much of the last decade, RegTech has been viewed as a category in its own right: a fast-growing ecosystem of specialist providers helping financial institutions modernise compliance, automate risk processes and respond to mounting regulatory pressure. But as the sector evolves, the lines separating RegTech from the wider financial technology stack are becoming increasingly difficult to define.
The capabilities that once existed as standalone solutions are now being embedded directly into the architecture of financial services. Compliance monitoring is moving into transaction infrastructure. Identity verification is becoming native to onboarding systems. AI-driven controls are being integrated into operational workflows rather than layered on afterwards.
That evolution raises an important question for the industry: is RegTech becoming a foundational layer of infrastructure, or is it being absorbed so deeply into core systems that it ultimately ceases to exist as a distinct category at all?
The distinction matters. If compliance technology becomes infrastructure, its influence over how financial institutions operate will only deepen. But if RegTech disappears into broader banking, payments and data architecture, the sector may be entering a new phase where the most successful solutions are no longer visible as “RegTech” in the traditional sense.
In a part two of a two-part series on the topic, RegTech Analyst talks to key industry thought leaders to get their view on whether RegTech is evolving into infrastructure itself.
Standalone RegTech platforms
A key question is emerging for RegTechs: will standalone platforms survive, or will they be embedded into larger financial infrastructure stacks?
In the view of Courtney Parker, lead regulatory consultant, Advisory & RegTech at BMA Groupe, we are at a critical inflection point in regulatory reporting.
She said, “Over the past decade, the industry hasn’t truly transformed compliance, we’ve digitised it. Technology has been layered onto fundamentally manual processes, creating the appearance of progress while often increasing underlying complexity.
Today’s reality reflects that. Teams still extract data into spreadsheets, reconcile inputs and outputs, and spend a disproportionate amount of time validating whether the data they are using is even correct.”
For Parker, the proliferation of systems has introduced more points of failure, not fewer, driving continuous checking, monitoring and reconciliation.
“This context helps explain why many standalone RegTech platforms have struggled to deliver lasting value,” she said. “Too often, they operate at the very end of the process, functioning as expensive validation and submission layers. Firms upload manually prepared returns, run checks, and push submissions over the line. When issues arise, fixes are made directly in the tool, often as quick adjustments to pass validations, with limited transparency or auditability.”
In this model, Parker believes RegTech becomes another step in an already fragmented chain, rather than a solution to fragmentation itself.
“At the same time, over-reliance on “black box” technology has introduced new risks. Regulators are increasingly focused not just on outputs, but on explainability. If firms cannot clearly articulate how a number was produced, the technology supporting it becomes a liability rather than an asset.This is why the direction of travel is shifting,” said Parker.
The real opportunity in the view of Parker lies in moving regulatory capability upstream, embedding it directly into core data and finance architectures. Rather than extracting and transforming data into external tools, reporting can be generated within controlled source environments, where data lineage, governance, and auditability are inherently stronger.
“In this model, standalone RegTech does not disappear entirely, but it becomes less about isolated platforms and more about embedded capability within broader financial infrastructure,” said Parker.
The prize, Parker believes, is significant. “If completeness, accuracy, and timeliness can be delivered as standard outcomes, firms can shift focus away from producing numbers and towards understanding them.”
She added, “There is little value in arriving at a figure minutes before submission. At that point, analysis is reduced to a binary check ,within threshold or not. What’s missing is insight: why has a number changed, and what does it mean? The future of RegTech is therefore not about producing data faster, but about enabling better interrogation of that data. As regulatory reporting becomes embedded, its role evolves, from a compliance exercise into a source of insight.”
For Areg Nzsdejan, CEO of Cardamon, both will happen for different categories of problem.
“The category that consolidates into infrastructure is data-heavy, workflow-adjacent work: reporting, monitoring, basic screening. These are areas where scale matters most, and where banks already have systems close enough to absorb them. Standalone doesn’t survive there or it gets acquired,” said Nzsdejan.
The category that doesn’t consolidate for Nzsdejan is decision-layer intelligence. This means understanding what regulation actually means for a specific entity, assessing genuine compliance, identifying where risk sits in context.
“This is deeply domain-specific work that requires more than ingestion and summarisation. The platforms that survive will be those that do something specific enough that it can’t be replicated and important enough that it can’t be ignored,” he said.
Mike Lubansky, SVP of strategy at Red Oak argues that the future of RegTech will not be defined by the disappearance of standalone platforms, but by a sharper division between commoditised compliance infrastructure and more complex, judgement-driven regulatory workflows.
According to him, a growing number of lower-complexity compliance functions are already moving towards utility status within financial services. Capabilities such as archiving, basic surveillance, recordkeeping and data ingestion are becoming increasingly standardised, embedded directly into broader enterprise platforms and treated less as differentiated products and more as foundational infrastructure.
However, Lubansky believes a separate category of compliance work remains resistant to this kind of consolidation. Areas such as advertising review, contextual communications supervision and complex approval workflows still depend heavily on configurability, auditability and human oversight. These are processes where firms must not only demonstrate regulatory compliance, but also preserve clear decision trails and maintain visibility across fragmented systems and communication channels.
In this environment, the role of standalone RegTech platforms changes rather than disappears. Instead of attempting to replace broader infrastructure stacks, specialist providers are increasingly positioning themselves above them — connecting systems, orchestrating workflows and enabling oversight across increasingly complex compliance environments.
For Lubansky, the future is therefore less about whether standalone platforms survive in isolation, and more about where they continue to provide irreplaceable value within an increasingly infrastructure-driven financial ecosystem.
Where long-term value is created
Parker argues that the future value of RegTech will not come from adding more layers of technology, but from reducing complexity and turning regulatory information into something organisations can actually act upon.
In her view, the industry currently generates enormous volumes of highly technical regulatory output, yet very little of it reaches senior decision-makers in a form that is genuinely useful. “Senior stakeholders, CFOs, CEOs, Boards, do not have the time, nor should they need, to interpret dense regulatory rules or trace technical misapplications through layers of reporting logic,” she says. “What they need is clarity.”
For Parker, the real issue is not whether a regulatory rule has been technically misapplied, but what that ultimately means for the business. A complex reporting error may matter deeply at an operational level, but at executive level the insight is far simpler: “a decision or error has increased capital requirements by 50% for a given exposure. That is the insight that drives action.”
She believes many current RegTech models fail precisely because they are not built to deliver this kind of clarity. Point solutions often address narrow problems in isolation, contributing to fragmented compliance environments, while orchestration layers can risk adding further complexity if the underlying data itself remains inconsistent or poorly governed.
Instead, Parker sees long-term value emerging from the underlying data layer itself. In her view, durable regulatory capability depends on building well-structured, traceable and governed data ecosystems where information flows directly from core financial systems, lineage is fully defensible and controls are embedded upstream at the point of data creation rather than retroactively applied during reporting.
“This shift is critical,” she explains. “Today, firms spend the majority of their time validating outputs, checking whether reported numbers are correct after the fact. But if data quality, controls, and transformation logic are embedded upstream, the output should be correct by design.”
That, Parker argues, fundamentally changes the role of regulatory teams. Instead of spending reporting cycles confirming that nothing has broken, firms can focus on extracting strategic insight from the data itself: understanding whether capital positions are strengthening, where liquidity pressures are emerging and which risks or inefficiencies require attention.
For Parker, point solutions and orchestration layers will continue to play an important role within the ecosystem, but they are not where enduring competitive advantage will ultimately be built. “Long-term value sits in integrated data ecosystems,” she says, “where regulatory capability is embedded into the fabric of financial infrastructure, enabling firms not just to report, but to understand and act.”
Nzsdejan believes the industry’s deepest long-term value will ultimately sit within underlying data networks — even if they are the most difficult assets to build, scale and monetise.
“The honest answer is data networks,” he says. “But that value is also the hardest to capture.”
In his view, point solutions still play an important role within the RegTech ecosystem, particularly because they can solve highly specific compliance problems quickly and effectively. The issue, however, is durability. As larger incumbents expand their capabilities or market consolidation accelerates, narrowly focused tools can become increasingly replaceable. At the same time, financial institutions are growing more cautious about introducing additional standalone products into already fragmented technology environments.
“Buyers are increasingly reluctant to add another point solution to an already fragmented stack,” he explains.
Nzsdejan also sees orchestration layers as strategically compelling, but structurally challenging. Their value depends heavily on the breadth and depth of the systems they integrate with, while the risk of commoditisation remains high as larger infrastructure providers continue building workflow and orchestration capabilities directly into their own platforms.
For him, the more defensible position lies deeper within the regulatory architecture itself: the structured data layer underpinning decision-making and compliance operations.
“The deeper, more defensible position is the structured data layer,” he says. “Firms that can translate regulation into structured, machine-readable obligations — and link those obligations to controls, to risk, to decisions — create a layer that everything else depends on.”
That capability becomes increasingly valuable as regulation grows more continuous, interconnected and operationally complex. While interfaces, workflows and orchestration models may evolve over time, the underlying ability to structure regulatory logic into usable, traceable and scalable data frameworks is far harder to replicate, particularly at enterprise scale.
Nzsdejan argues this is precisely where long-term strategic advantage will emerge. “As the regulatory environment becomes more complex and more continuous, that layer only becomes more valuable,” he says.
He positions Cardamon directly within that shift, describing structured regulation not simply as a compliance tool, but as the foundational layer upon which future decision-making systems will increasingly depend. “Regulation as structured data acts as the foundation and source of truth on which decisioning can be built.”
Lubansky believes the industry’s most durable long-term value is increasingly moving away from standalone products and towards orchestration layers capable of managing workflow, connectivity and contextual decision-making across fragmented compliance environments.
In his view, underlying data networks remain essential, but are gradually becoming commoditised as core infrastructure capabilities mature across the market. “Data aggregation, storage, and normalization are critical capabilities,” he says, “but they’re increasingly standardized and infrastructure-like. Long-term differentiation there is hard to sustain.”
While point solutions still retain importance, particularly in areas requiring deep regulatory expertise, Lubansky argues their competitive advantage is becoming narrower as firms demand tighter integration across the compliance stack. Specialist capabilities such as advertising review logic or advanced surveillance models continue to matter, but isolated tools struggle if they cannot operate seamlessly within broader operational workflows.
“Expertise alone isn’t enough if it can’t connect to the systems around it,” he explains.
For Lubansky, this is why orchestration layers are becoming strategically critical. Rather than focusing purely on individual compliance tasks, orchestration platforms sit across systems, preserving workflow continuity, maintaining context and creating unified oversight across increasingly complex infrastructures.
“Orchestration layers are where value compounds,” he says. “This is where workflow decisions are made, context is preserved, systems are connected, and audit trails are unified.”
He points specifically to communications compliance as an example of where this cross-system coordination becomes indispensable. The challenge is no longer simply approving a piece of content, but maintaining a complete and defensible compliance chain across its entire lifecycle — from creation and approval through to distribution, monitoring and supervision.
“In communications compliance specifically, the value isn’t simply approving content,” Lubansky says. “It’s maintaining the thread of compliance from creation to approval to distribution to supervision.”
That thread, he argues, cannot realistically exist within any single standalone application. Instead, the firms creating lasting value will be those capable of orchestrating compliance across multiple systems while preserving visibility, accountability and context throughout the process.
Buyers consolidating vendors
Parker believes vendor consolidation is accelerating across the RegTech sector, driven not only by cost pressures, but by growing dissatisfaction with fragmented compliance architectures that fail to solve underlying operational problems.
Historically, she argues, financial institutions were often reluctant to replace underperforming vendors because the disruption associated with transformation outweighed the perceived benefit. Once systems became embedded into governance processes, infrastructure and reporting workflows, firms frequently chose to tolerate inefficiencies rather than undertake expensive and complex migrations.
“That dynamic is now shifting,” Parker says.
According to her, buyers are becoming far more willing to reassess their vendor landscapes as expectations around technology maturity continue to rise. At the same time, organisations are growing increasingly frustrated with disconnected point solutions that address isolated problems while failing to resolve broader structural weaknesses across data, reporting and regulatory workflows.
At the centre of this issue, Parker identifies a persistent divide between regulatory expertise and technological execution. While compliance specialists and technologists may ultimately be working towards the same outcome, she argues they often operate with fundamentally different perspectives and priorities.
“A regulatory rule can be clearly defined,” she explains, “but if the underlying data is not correctly structured or classified, the implementation will still fail.”
She points to regulatory capital calculations as an example. Applying the correct risk weighting to an exposure may appear straightforward in theory, but the accuracy of the outcome depends entirely on whether the underlying counterparty or exposure has been correctly identified and classified from the outset. If the original data is flawed, even the most sophisticated reporting engine will produce incorrect regulatory outcomes downstream.
For Parker, this reflects a wider industry problem: the continued separation between upstream operational data decisions and downstream regulatory consequences. Small classification errors or unidentified counterparty relationships can ultimately lead to significant compliance breaches because organisations still operate across disconnected silos.
Against that backdrop, she argues consolidation is about far more than procurement efficiency. Instead, it reflects a deeper demand for integrated platforms capable of connecting regulatory logic, data quality and operational context across the organisation.
This changing buyer behaviour is also reshaping innovation across the sector. Standalone vendors solving narrow use cases without integrating into wider control environments are increasingly under pressure, as firms prioritise platforms that reduce fragmentation rather than contribute to it.
At the same time, Parker believes consolidation is raising the standard for what meaningful innovation actually looks like in RegTech. The next generation of solutions, she argues, will not differentiate themselves through incremental features or faster calculations alone, but through their ability to bridge the divide between regulatory interpretation, data architecture and enterprise-wide decision-making.
“In that sense, consolidation is not a constraint on innovation,” she says. “It’s a catalyst for more meaningful innovation.”
Ultimately, Parker believes firms are no longer simply searching for tools that help them comply after the fact. Increasingly, they want systems capable of embedding regulatory understanding directly into operational processes and data structures from the beginning — enabling organisations to “get it right from the start.”
Nzsdejan believes vendor consolidation is increasingly becoming unavoidable for large financial institutions, not necessarily because buyers prefer fewer providers, but because the operational burden of managing fragmented RegTech environments has become too difficult to sustain.
“It really depends on each buyer,” he says, “but I think in general, this is the direction of travel.”
According to him, many compliance teams are now overseeing dozens of separate vendor relationships simultaneously, creating growing pressure across procurement, integration and long-term system maintenance. “Compliance teams at large institutions are managing 15, 20, sometimes 30 different vendor relationships,” he explains. “The procurement, integration, and maintenance overhead is significant.”
That shift inevitably changes how innovation reaches the market. As procurement cycles become longer and platform compatibility becomes more important during vendor evaluation, smaller providers often struggle to gain traction regardless of the quality of their technology.
“When procurement cycles lengthen and vendor evaluation focuses on platform fit rather than capability, smaller players get filtered out earlier,” he says. “Not because their product is worse, but because they can’t get through the process.”
Even so, Nzsdejan does not believe consolidation suppresses innovation altogether. Instead, he argues it changes where innovation occurs and what type of companies are best positioned to deliver it.
“But I don’t think consolidation kills innovation,” he says. “It repositions it.”
In his view, the consolidation of first-generation point solutions may actually create opportunities for newer entrants operating at a deeper architectural level. As larger platforms absorb more standardised compliance functions, gaps remain around the harder operational and regulatory problems that many legacy systems still struggle to solve — particularly those built before the emergence of AI-native infrastructure.
“If a consolidated platform can’t solve the hard problems — and a lot of legacy platforms still can’t solve the really hard problems because they were built pre-AI — buyers will still go outside,” he explains.
Nzsdejan believes this dynamic could ultimately benefit the next generation of RegTech firms, particularly agile startups building on modern infrastructure rather than legacy architectures. “When the first wave of point solutions gets absorbed, it clears space for the next wave to operate at a layer the consolidated platforms fundamentally cannot.”
He also points to another emerging force reshaping the sector: the rise of internal development capabilities driven by coding agents and AI-assisted software creation. As more firms experiment with building regulatory tools internally, RegTech providers may increasingly need to evolve beyond traditional software delivery models.
“With the rise of coding agents, we’re seeing more companies having a go at building in-house,” he says.
Rather than eliminating external RegTech providers, however, Nzsdejan believes this trend may push the industry towards more modular and infrastructure-oriented models, where specialist firms provide the underlying regulatory frameworks, structured data layers or compliance infrastructure upon which institutions build their own bespoke solutions.
“I don’t think this kills RegTechs,” he says, “but it may mean that the winners will have to reposition as ‘headless’ infrastructure providers, on which in-house solutions get built.”
For Nzsdejan, the sector’s future therefore lies not simply in delivering standalone compliance products, but in becoming foundational infrastructure capable of supporting increasingly customised, AI-driven and internally developed regulatory ecosystems.
Lubansky believes vendor consolidation is unquestionably happening across financial services, but argues the reality is more nuanced than many headlines suggest.
“Buyers are consolidating, but selectively,” he says.
From a commercial perspective, firms are clearly moving towards fewer vendor relationships, simplified procurement structures and broader strategic partnerships. Financial institutions increasingly want to reduce the operational burden associated with managing sprawling compliance stacks and overlapping provider ecosystems.
“Commercial consolidation is real,” Lubansky explains. “Firms want fewer contracts, prefer strategic vendor relationships, and are actively simplifying procurement and support.”
However, he draws a sharp distinction between commercial consolidation and genuine architectural consolidation. While many vendors position themselves as unified platforms, Lubansky argues that beneath the surface, a large number of these environments remain collections of loosely connected products with significant integration limitations.
“Many ‘platforms’ are still loosely stitched-together products with meaningful integration gaps,” he says. “Vendor consolidation on paper and true system consolidation are two very different things.”
As a result, firms often continue relying on multiple underlying systems regardless of how streamlined their vendor lists may appear externally.
Lubansky believes this shift carries major implications for innovation across the RegTech market — both positive and negative. On one side, consolidation risks slowing innovation within larger platforms as providers focus more heavily on integration, product harmonisation and operational scale rather than pushing technical boundaries.
“The risk is that innovation slows inside large platforms,” he says, “where roadmaps prioritize integration over depth, acquired products stagnate, and ‘good enough’ starts replacing best-in-class.”
At the same time, however, he sees a powerful countertrend emerging. Rather than disappearing, innovation is increasingly moving towards specialist providers operating at the edges of the ecosystem and within orchestration layers capable of connecting fragmented compliance environments together.
“The countertrend is equally important,” Lubansky explains. “Innovation shifts to the edges and to the orchestration layer.”
In his view, highly specialised firms will continue driving progress in more complex and high-risk compliance domains, while open and connected ecosystems will consistently outperform closed platform models over the long term.
This is where Lubansky sees the strongest strategic advantage emerging. A connectivity-first approach allows firms to preserve best-of-breed innovation without becoming trapped inside rigid, acquisition-driven platform architectures.
“A connectivity-first model allows best-of-breed innovation to persist,” he says. It also helps organisations avoid the “Frankenstein platforms” that can emerge through repeated M&A activity, while enabling faster adoption of new technologies such as AI-driven compliance tooling and next-generation surveillance models.
Perhaps most importantly, Lubansky argues, open orchestration architectures reduce the need for firms to repeatedly overhaul core infrastructure every time the regulatory or technological landscape shifts — a flexibility that could become increasingly valuable as compliance environments continue evolving at greater speed.
Financial diversification
RelyComply argues that the growing diversification of financial services is simultaneously expanding access to finance while making regulatory standardisation significantly more complex.
As new payment providers, digital lenders, crypto wallets and neobanks continue entering the market, financial access is improving in regions historically underserved by traditional banking infrastructure. At the same time, incumbent banks still retain strong advantages built on decades of trust, scale and institutional credibility.
However, this increasingly fragmented ecosystem creates major compliance challenges. With firms operating across different customer profiles, jurisdictions and risk environments, maintaining consistent AML and CTF standards across the industry becomes far more difficult.
“Standardised AML compliance becomes extremely tough business to business,” the company explains.
Against this backdrop, RelyComply sees RegTech partnerships playing an increasingly important role in helping institutions meet rising regulatory expectations — particularly as global bodies such as the Financial Action Task Force continue pushing for stronger and more accountable AML frameworks.
Rather than forcing firms into rigid compliance models, RegTech providers are increasingly tailoring AI-driven AML infrastructures around each institution’s existing operational environment, allowing organisations to strengthen controls without completely rebuilding internal systems.
“Such services can tailor AI-driven AML architectures to each business’ existing frameworks,” RelyComply says, “and support and empower them to be compliant in a world stricken by digital fincrime threat.”
The company acknowledges that absorption into larger AML infrastructure stacks may become increasingly attractive for larger institutions, particularly those seeking end-to-end compliance environments capable of reducing fragmentation across disconnected technology stacks. Consolidation can also create opportunities for RegTech vendors themselves, giving them access to greater financial resources and broader operational scale to support increasingly intensive AI-based monitoring and reporting systems.
At the same time, however, RelyComply argues that standalone RegTech firms will continue to play a critical role within the ecosystem — especially for smaller or emerging financial institutions that require flexible, cost-effective and strategically tailored compliance support.
“For nascent, innovative financial companies, there will always be a need for nimble RegTech partners,” the company says.
In this model, independent RegTech vendors act not simply as software providers, but as long-term compliance partners helping firms deploy AML frameworks proportionate to their specific regulatory exposure, operational complexity and geographic footprint. Their role also extends beyond implementation, with ongoing support becoming increasingly important as criminal typologies, digital fraud methods and regional regulatory expectations continue evolving rapidly.
RelyComply ultimately believes innovation within AML will continue to come from highly specialised vendors focused on solving specific compliance challenges and serving distinct market segments. Different organisations require different levels of AML sophistication — whether around workflow integration, SAR automation, adverse media monitoring or trust and watchlist connectivity — and no single model will fit every institution equally well.
“Interoperable RegTechs exist as trustworthy, close-knit partners in the compliance world,” the company says, arguing that both standalone and embedded models will continue to coexist so long as vendors remain capable of adapting to the rapidly evolving nature of digital financial crime.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
