Ask a compliance officer how their programme is performing and you will often receive a carefully qualified answer. Ask them what “great” actually looks like, and the room tends to go quiet.
That silence reflects a broader problem: financial organisations have long lacked a shared framework to describe where they are in their compliance journey, let alone where they are headed.
AscentAI set out to change that, developing a structured maturity model and then road-testing it through the 2026 AscentAI RegTech Benchmark Survey, which polled hundreds of financial services organisations worldwide.
AscentAI recently delved into where the peers of RegTech firms stand on the RegTech maturity journey.
The results paint a picture of an industry at a crossroads. The majority of organisations say they are struggling to keep pace with the mounting volume and speed of regulatory change. While nearly all respondents are actively seeking to strengthen that capability, a smaller cohort is already pulling clear of the field.
Four stages, one spectrum
AscentAI’s model breaks compliance maturity into four distinct stages. At the most foundational level sits “Basic”, where compliance activities remain largely manual — dependent on emails, spreadsheets, and documents, with little dedicated technology to speak of. Some 26% of survey respondents placed themselves here. One step up is “Dependent”, where organisations lean heavily on external consultants or legal counsel to keep their programmes effective; 16% fell into this category.
The most populated tier is “Emerging”, claimed by 42% of respondents. Here, organisations have begun adopting software tools or point solutions — such as horizon scanning feeds or data platforms — but automation remains incomplete. At the top of the curve sits “Advanced”, where compliance operations are highly automated and run across a fully integrated technology stack. Only 16% currently identify at this level.
Taken together, the findings suggest that 84% of financial organisations are still operating without fully automated, integrated compliance processes, relying instead on a patchwork of software and manual workarounds.
The direction of travel
When respondents were asked where they expect to be in 12 months’ time, the picture shifts considerably. The proportion expecting to remain at the Basic stage is forecast to fall by 15 percentage points, while the Dependent cohort is expected to shrink from 16% to just 7%. The Emerging group is set to grow modestly from 42% to 46%, and the Advanced segment is projected to more than double — rising from 16% to 35%.
What progress looks like in practice
Understanding where your organisation sits is only half the equation; knowing what advancement actually demands is the other. For those at the Basic stage, the priority is gaining access to continuously updated information about which regulations apply to their specific business lines — what AscentAI refers to as a Regulatory Map, offering a structured view of products, jurisdictions, and the relevant regulatory content tied to them.
Organisations in the Dependent stage should focus on building internal expertise that reduces their reliance on outside counsel. The starting point is typically a continually updated obligations register — a clear catalogue of the regulatory requirements that apply to the business, enabling in-house teams to assess the impact of change without defaulting to external help.
For those at the Emerging stage, the challenge is less about acquiring tools and more about making existing ones work together. Point solutions that operate in silos offer limited value; the goal is integration — ensuring that regulatory intelligence flows automatically to the people and systems that need to act on it. Automated monitoring, change detection, and GRC integration become central concerns at this level.
At the Advanced stage, the emphasis moves from building capability to sharpening it. The defining questions become operational: How quickly can the organisation respond to a new regulatory requirement? How convincingly can it demonstrate compliance to a regulator? How efficiently can it expand into a new jurisdiction? These are the metrics that separate the best from the rest at the top of the maturity curve.
Read the full AscentAI post here.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
