Insights
Articles & insights.
Stay ahead with the latest trends in compliance and KYC technology.

RegTech Deployment Is Not Compliance Implementation. The Market Has Started Measuring the Difference.
Analysis of the Global State of RegTech 2026 adoption index alongside the RegTech Association's 2026 Best RegTech Implementation award category. Argues that near-universal RegTech adoption has produced a 68/100 maturity score in the best domain because deployment and implementation quality are different variables, with specific implications for management companies and TCSPs under AMLR.

The 800% Problem: Why Criminal AI Growth Is a Governance Issue, Not a Technology Gap
Analysis of why the 'AI arms race' framing in financial crime compliance is wrong for management companies and TCSPs. Based on ComplyAdvantage's 2026 Future of Compliance summit finding that criminal AI use rose 800% in two years. Argues that compliance AI carries governance obligations criminals don't, and that TCSPs without model risk management functions face a specific accountability gap under AMLR.

OFAC Is a Risk Factor, Not a Decision: What the CJEU's Jenec Ruling Changes About CDD Documentation
Analysis of CJEU Case C-81/24 (Jenec), decided 11 June 2026, which held that an OFAC listing cannot automatically justify refusing a basic payment account under EU AML law. Confirms the legal requirement for documented individual risk assessment, not list-matching, as the basis for CDD decisions. Implications for management companies, TCSPs, and fund administrators.

The Data Act Gave You the Right to Exit. Your Compliance Records Are Still Locked In.
Analysis of the EU Data Act's cloud switching regime, active since September 2025, and its intersection with AMLR retention obligations. Argues that management companies and TCSPs have a legal right to exit their compliance SaaS providers but lack the architectural prerequisites to exercise that right without losing evidentiary integrity.

The RegTech Pricing Gap Is Closing. The Data Ownership Question Is Not.
Analysis of Q1 2026 European FinTech funding data alongside the KYCP managed service launch, arguing that managed service compliance infrastructure closes the pricing gap for smaller regulated firms but does not resolve the data portability and ownership questions that AMLR will test.

The AI Transparency Deadline That Wasn't Moved
The Digital Omnibus moved the high-risk AI deadline 16 months. Article 50 transparency obligations were not deferred. For management companies and TCSPs using biometric verification in digital KYC, AI-powered client tools, or AI-generated content, August 2026 is a live compliance deadline eight weeks away.

The AMLA Selection Exercise Has Started. Luxembourg Fund Managers Are in the Dataset.
The AMLA reporting package for its first direct supervision selection was published on 12 May 2026. CSSF formally notified investment fund managers and TCSPs on 1 June. Explains why every Luxembourg fund manager is in the dataset used to build the list of 40 directly supervised entities, and what the template's data requirements reveal about AMLR readiness.

The Compliance Audit Has Moved Into the Sales Call
An analysis of how institutional due diligence on service providers has expanded to include AI governance and compliance infrastructure, driven by the EU AI Act's August 2026 high-risk AI deadline and compressed LP operational review cycles. Firms with a unified, auditable compliance environment are closing mandates; firms without are losing them.

The EU's Sovereign Cloud Has a Google Problem. Yours Might Too.
The EU's €180M sovereign cloud tender awarded a contract to a Thales-Google JV at SEAL-2 while three others achieved SEAL-3. This piece argues compliance teams must document their cloud providers' actual sovereignty risk profile using the EU's SEAL framework, not rely on marketing labels.

The RegTech Platform Bet: What Five Acquisitions in 18 Months Mean for Your Compliance Stack
Analysis of the accelerating RegTech vendor consolidation wave in Q1 2026, anchored in CUBE's five-acquisition sprint and the Parker & Lawrence $245bn TAM estimate. Argues that management companies and TCSPs are unknowingly making decade-long platform bets, and that data portability is the only durable defence.

The AI Act Window and the Classification Error: What the May 19 Guidelines Actually Resolve
Analysis of the May 7 Digital Omnibus deal that delayed high-risk AI Act enforcement 16 months, and the Commission's May 19 draft classification guidelines that define which AI systems are actually in scope. Argues that most AML/KYC AI at management companies and TCSPs falls outside the high-risk definition under Recital 58, but that AMLR documentation obligations apply regardless.

The STR Is the Entry Point, Not the Exit: What AMLA's FIU Cooperation Standards Reveal About Your Compliance Data
Analysis of AMLA's 13 May 2026 draft Implementing Technical Standards for FIU cooperation and EPPO reporting. Argues that the structured data requirements these ITS impose on the enforcement chain trace back to the compliance files management companies and TCSPs build at the originating institution. Published ahead of AMLA's public hearings on 27 May 2026.

DORA Compliance as Data Plumbing: Why Cloud Sovereignty Became Infrastructure
An analysis of DORA compliance as a data infrastructure problem rather than a policy one. Covers exit strategy obligations under Article 28(8), the convergence of EU and global data-portability and messaging standards (ISO 20022, FAPI), and the architectural patterns (Kubernetes, IaC, S3-compatible storage) that make six-month exits actually executable. Aimed at Luxembourg TCSPs, management companies, and fund administrators evaluating cloud strategy under DORA. This is an edited replacement for the earlier draft of the same title.

The MiCA Review Opens While Luxembourg's Licensing Model Is Under Threat: What Compliance Teams Should Actually Watch
Analysis of the European Commission's MiCA review consultation launched on 20 May 2026, set against the parallel proposal to centralise CASP supervision under ESMA. For Luxembourg management companies, fund administrators, and TCSPs touching tokenised assets, the convergence of MiCA, AMLR, and the Transfer of Funds Regulation is becoming a single compliance surface that depends entirely on the data layer underneath.

95% Adoption, 9% Readiness: The RegTech Industry's Data Infrastructure Gap
Analysis of the Global State of RegTech 2026 report alongside the Wolters Kluwer compliance survey, arguing that the RegTech industry's adoption metrics mask a structural data readiness problem. For management companies, TCSPs, and fund administrators, the bottleneck has shifted from tool acquisition to data architecture.

When the Group Compliance Manager Is an AI: What AMLR Article 16 Looks Like in a World Where Most CDD Decisions Are Made by Agents
AMLR Article 16(2) requires a compliance manager at group level. When most CDD work moves to AI agents at the subsidiary level, the role of that compliance manager changes structurally. This piece argues that the future of enterprise KYC under AI automation is not a story about replacing compliance officers, but about elevating one specific role into the convergence point for AMLR, the EU AI Act, and AMLA's supervisory expectations.

From Routine CDD Field to Police Referral: What the Nordea Case Says About 'Purpose and Intended Nature'
Analysis of the Danish FSA's May 2026 criminal referral of Nordea Finans Danmark, focused on the failure to substantively document the purpose and intended nature of customer relationships. Explains what the case signals for management companies, TCSPs, and fund administrators under EU and CSSF supervision.

$15 and Half an Hour: What the Deepfake Fraud Economy Means for Your Onboarding Stack
AI-generated identity documents now cost as little as US$15 to manufacture and take roughly half an hour to produce. Real-time deepfake KYC bypass tools are commercially available. The article argues that the cost economics have inverted: biometric-first onboarding stacks are now the soft layer, and document-first verification with multi-source corroboration is structurally more resilient under current AI economics.

Beneficial Ownership Got "Moderate": What FATF's Singapore Verdict Reveals About What Supervisors Are Actually Measuring
FATF's mutual evaluation of Singapore, published 6 May 2026, rated the country's beneficial ownership effectiveness only "moderate" despite Singapore achieving its best ever overall monitoring tier. The article reads what FATF specifically flagged about Singapore's BO regime and argues that the same fifth-round methodology will define how Mauritius, Luxembourg, and other jurisdictions are evaluated, and how AMLA will select firms for direct supervision in 2028.

AI Agents Are Coming to KYC. Here's What They Will Need from the Platforms They Run On.h
Anthropic's 5 May 2026 announcement of ten agent templates for financial services, including a KYC screener and a partnership with FIS on AML investigation agents, marks the moment AI agents become a real part of the compliance stack. The article argues that the firms that benefit will not be the ones that deploy agents fastest, but the ones whose data infrastructure is ready to make agentic decisions defensible.

AMLA's New BWRA Guidelines: Why Your Self-Assessment Should Mirror the Supervisor's Scorecard
Analysis of AMLA's 16 April 2026 consultation on draft BWRA Guidelines under Article 10(4) AMLR, and how the cross-reference to the supervisor RTS under Article 40(2) AMLD reshapes how management companies, TCSPs, and fund administrators should structure their business-wide risk assessment.

What's Actually in AMLA's Article 28 CDD Standards: A Read of the Draft RTS Before the Window Closes
AMLA's draft RTS under Article 28(1) of the AMLR closes for consultation on 8 May 2026. Three provisions in the draft (on intermediary ownership layers, senior managing officials, and verification sources) reveal the structural shape of CDD under the new regime, and confirm that AMLR readiness is a data problem rather than a policy problem.

The 14-Month Window: Why Customer Due Diligence Is the AMLR Bottleneck Most Firms Are Underestimating
PwC's 2026 EMEA AML Survey reveals that two-thirds of EU institutions risk missing the July 2027 AMLR deadline. The headline misses the more useful finding underneath: customer due diligence is where the operational bottleneck actually sits, and the underlying problem is data infrastructure rather than regulation.

Synthetic Identity Fraud: Why Manual KYC Cannot Catch What It Was Not Designed to See
AI-generated synthetic identities are designed to defeat exactly the manual checks most firms still rely on. This article examines what the 2026 SmartSearch Compliance Report reveals about the gap between awareness and action, and what an effective response actually looks like.

Perpetual KYC: What It Means and Whether Your Firm Is Ready
Perpetual KYC promises to replace periodic reviews with continuous, event-driven monitoring. This article explains what pKYC actually involves, what infrastructure it requires, and whether the technology and regulatory environment are ready for it.
Document-Driven KYC: Why Documents Are the Foundation of Effective Compliance
Document-driven KYC puts verified documents at the centre of every compliance decision. This article explains why this approach produces stronger compliance outcomes than form-based or interview-driven alternatives.

UBO Identification: Why Compliance Teams Still Struggle with Layered Ownership Structures
Identifying the ultimate beneficial owner behind complex holding structures, trusts, and SPVs remains one of the most time-consuming tasks in KYC compliance. This article explores why layered ownership creates persistent challenges for compliance teams on both sides of the KYC relationship, what regulators actually expect including variable thresholds and the board fallback rule, and how automation can eliminate the spreadsheet-driven recalculations that slow firms down.
Smarter Compliance: Why Manual KYC Processes Are Holding Your Firm Back
Manual KYC processes built on spreadsheets and email chains create hidden costs slower onboarding, inconsistent decisions, and audit exposure. Here is what smarter compliance actually looks like.

KYC Software for Management Companies: What to Look for in 2026
Management companies face unique KYC challenges — complex entity structures, multi-jurisdictional requirements, and high document volumes. This guide explains what to look for when choosing KYC software purpose-built for the sector.
What Regulators Actually Look for During KYC Document Audits
Regulatory examinations focus on evidence, consistency, and risk-proportionate decision-making, not just process completion. This article explains what examiners actually scrutinise and how to prepare.

Why Your KYC Platform Needs a Policy Engine, Not Just a Risk Score
Risk scores tell you how risky a customer is. A policy engine tells the AI how to think about risk in the first place. This article explains why configurable compliance policies are the missing layer in most KYC platforms, and how they transform AI-driven risk assessments from generic outputs into institution-specific intelligence.
