Regulators around the world are increasing their scrutiny of RegTech solutions, with several supervisory bodies issuing detailed opinions on how such technologies should be built, deployed, and monitored.
These papers highlight both the promise and the pitfalls of automated compliance tools, stressing that when poorly implemented, RegTech can create new risks rather than mitigating existing ones, claims Muinmos.
In Europe, the European Banking Authority (EBA) has issued a stark warning, citing data from national authorities. It said, “A careless use of innovative compliance products can lead to money laundering and terrorism financing risks”, adding that more than half of the serious compliance failures logged in its EuReCA database stemmed from improper use of RegTech. The authority concluded that while RegTech has strong potential to improve compliance, it is often undermined by weak governance, lack of expertise, and poor oversight.
Nigeria’s central bank has taken a particularly prescriptive approach. Rather than issuing general warnings, it has drafted detailed “Baseline Standards” that outline what an effective automated AML solution should look like. The guidelines emphasise interconnected, non-fragmented systems that integrate all aspects of AML, KYC and KYB, supported by central dashboards and APIs. The bank also insists on no-code configurations to reduce vendor dependency, ensuring institutions can adapt quickly to regulatory changes. This comes against the backdrop of Nigeria’s placement on the FATF grey list, underscoring the urgent need for stronger compliance practices.
The UK’s Financial Conduct Authority (FCA) has also weighed in, releasing a review on digital design in customer journeys. It identified both good and bad practices, encouraging firms to consider where introducing “friction” could actually improve outcomes and protect consumers. For example, many firms rely on customer self-assessment for classification, which can be non-compliant. The FCA’s findings suggest that thoughtful design can achieve both compliance and smooth customer experiences, undermining the case for “rubber-stamp” providers who avoid friction at all costs.
Muinmos, a RegTech provider, has been vocal about the dangers of superficial compliance solutions. The company has criticised industry peers for marketing “high pass rates” as a badge of honour, arguing that this risks letting in clients who should have failed checks. Instead, Muinmos promotes the term “completion rate”, noting that 97% of client journeys initiated on its AI-powered platform are completed, whether or not the clients pass or fail the necessary checks.
The EBA’s July 2025 report reinforced these concerns, highlighting common risks such as lack of internal expertise, insufficient transparency, and poorly configured thresholds. It called for regulators to continue monitoring how financial institutions deploy RegTech, while promoting best practices like dynamic risk profiling and streamlined workflows.
Taken together, these developments point to a broader trend: regulators are moving from indirect oversight, such as through outsourcing rules and digital resilience laws, to more hands-on involvement in defining and policing RegTech standards. Financial institutions relying on inadequate or cosmetic solutions will no longer be able to claim compliance simply by using technology. Instead, regulators are making it clear that only robust, transparent, and properly implemented systems will suffice.
The message is consistent across jurisdictions. Supervisory bodies see RegTech as vital for modern compliance but are determined to prevent it from becoming a mere rubber stamp. Firms that fail to choose fit-for-purpose solutions risk not only operational inefficiencies but also financial penalties, reputational damage, and the expense of remediation.
Copyright © 2025 RegTech Analyst
Copyright © 2018 RegTech Analyst
