Picture the scene: a financial institution is onboarding a new corporate client with operations spanning the UAE, the UK, and the EU. Before any relationship can be formalised, the compliance team must establish exactly what anti-money laundering obligations apply across all three jurisdictions.
According to Sherlocq, in theory, it is a routine task. In practice, it requires navigating three distinct regulatory architectures, each with its own source documents, terminology, and enforcement priorities, many of which are not clearly codified anywhere.
Sherlocq’s CEO Bhavin Shah recently discussed multi-jurisdiction compliance and why one-size-fits-all no longer works.
Three jurisdictions, three different answers to what should be a straightforward question. This is the daily reality of modern multi-jurisdiction compliance, and the tools most teams rely upon were never designed to handle it.
The illusion of regulatory convergence
A persistent assumption within financial services holds that global regulatory frameworks have largely converged. Under this view, the Financial Action Task Force (FATF) sets the standards, jurisdictions implement them, and differences are largely cosmetic. Compliance teams can apply a broadly consistent approach and tweak at the margins. That assumption, however, is fundamentally flawed, and acting on it is precisely where multi-jurisdiction compliance risk begins to accumulate.
Consider AML obligations as a concrete illustration. The UAE, UK, and EU all operate within FATF’s framework and all three require customer due diligence, beneficial ownership identification, transaction monitoring, and suspicious activity reporting. At that level of abstraction, the frameworks appear broadly aligned. Drill into the detail, and the divergence becomes significant. The UAE’s AML regime is administered across multiple regulators: the Central Bank of the UAE, the Dubai Financial Services Authority (DFSA) within the Dubai International Financial Centre, and the Financial Services Regulatory Authority (FSRA) in Abu Dhabi Global Market, each applying jurisdiction-specific rules to different categories of firm. A business operating across both free zones and onshore UAE is navigating at least two distinct regulatory environments within a single country.
The UK’s framework sits under the Money Laundering Regulations 2017 and is supervised primarily by the Financial Conduct Authority (FCA), which has issued guidance that extends beyond the base regulations and carries independent supervisory weight.
Post-Brexit, the UK has diverged from EU standards in several areas, including its treatment of high-risk third countries and the implementation timeline for certain beneficial ownership requirements. Meanwhile, the EU is in active transition: the sixth Anti-Money Laundering Directive has been superseded by a new AML Regulation applying directly across member states, alongside the establishment of AMLA, the new EU Anti-Money Laundering Authority. For firms operating across multiple EU markets, determining which rules are currently in force, which remain transitional, and which still vary by member state is a research exercise in its own right.
Why cross-border regulatory research consistently fails
The challenge of cross-border compliance is not merely that rules differ between jurisdictions. It is that the information required to understand those differences is fragmented, inconsistently structured, and scattered across dozens of primary sources, including regulatory websites, official guidance, enforcement notices, consultation papers, and supervisory statements, each updated on irregular schedules with no central coordination.
A compliance team simultaneously researching AML obligations across the UAE, the UK, and the EU is not conducting a single piece of research. It is running three separate exercises in parallel, each requiring familiarity with a different regulatory architecture, before synthesising the results into something coherent enough to underpin a practical compliance decision.
In most organisations, that burden falls on senior professionals who are already operating at full capacity. The work takes days. Documentation is inconsistently produced. And when the regulatory landscape shifts, following a new FATF mutual evaluation, revised supervisory expectations, or changes to high-risk jurisdiction lists, the research must begin again from scratch.
This is not a failure of expertise. It is a failure of infrastructure. The research tools most compliance teams depend upon were simply not built for the volume and complexity of cross-border regulatory work in 2026.
How Sherlocq approaches the problem
Sherlocq has built a multi-jurisdiction compliance engine specifically to address this gap. Rather than offering a generic regulatory database with a keyword search function, the platform delivers structured, jurisdiction-specific regulatory intelligence in response to the precise questions compliance professionals actually need to answer, with primary source citations attached to every output.
The architecture is designed to reflect how experienced compliance professionals reason through cross-border questions. A user does not search for documents; they pose a question: what are the customer due diligence requirements for corporate clients across the UAE, UK, and EU, and where do they materially diverge?
Sherlocq returns a structured response addressing each jurisdiction separately rather than blending the answers into a generalisation that loses the nuance, and each element is cited back to its primary regulatory source so the professional can verify and build upon the output.
The underlying jurisdiction-specific tagging is critical to this. Sherlocq does not merge UAE Central Bank guidance with DFSA rules and present the result as a single UAE position. It maintains the distinction. A query about onshore UAE returns onshore UAE sources. A query about the DIFC returns DFSA sources. The professional receives the answer applicable to their specific situation, not an approximation.
For the AML use case in particular, the workflow is straightforward. A compliance officer assessing whether an existing customer due diligence (CDD) framework meets requirements across all three jurisdictions queries Sherlocq with that specific question and receives, within minutes, a structured comparison: the applicable framework in each jurisdiction, the key requirements, areas of material divergence, and the specific regulatory texts, guidance notes, and supervisory statements underpinning each element.
Where sanctions exposure is a factor, Sherlocq searches more than 320 data sources spanning global sanctions regimes, including OFAC, OFSI, EU, UN, and UAE designations, in a single query, positioning it as the first AI-native platform to offer this depth and traceability across multiple sanctions regimes simultaneously.
Work that would previously have occupied a senior compliance professional for the better part of a week can now be researched in minutes and reviewed and applied within hours. That compression does not dilute the quality of the compliance work. It removes the research volume that was consuming the time needed to do the professional work properly.
The case for better compliance infrastructure
Multi-jurisdiction compliance is genuinely difficult. The regulatory complexity is real, the stakes are high, and the margin for error is narrow. What should not be difficult is obtaining accurate, structured, jurisdiction-specific regulatory intelligence within a reasonable timeframe.
Compliance professionals globally are estimated to spend around 40% of their working time on manual research. Across a function employing some 10 million professionals and managing an estimated $300bn in annual compliance obligations, that represents an enormous volume of expert capacity consumed by information retrieval rather than professional judgement.
Sherlocq’s proposition is to change that ratio, not by replacing the professional judgement that cross-border compliance demands, but by providing the research infrastructure that the professionals who depend on it actually deserve. Multi-jurisdiction compliance will never be simple. Getting the intelligence required to navigate it should be.
By Daniel Willis, Editor of RegTech Analyst
Read the full Sherlocq post here.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
