Insights

Articles & insights.

Stay ahead with the latest trends in compliance and KYC technology.

RegTech Deployment Is Not Compliance Implementation. The Market Has Started Measuring the Difference.
Thought Leadership7 min read

RegTech Deployment Is Not Compliance Implementation. The Market Has Started Measuring the Difference.

Analysis of the Global State of RegTech 2026 adoption index alongside the RegTech Association's 2026 Best RegTech Implementation award category. Argues that near-universal RegTech adoption has produced a 68/100 maturity score in the best domain because deployment and implementation quality are different variables, with specific implications for management companies and TCSPs under AMLR.

Read More
The 800% Problem: Why Criminal AI Growth Is a Governance Issue, Not a Technology Gap
Thought Leadership7 min read

The 800% Problem: Why Criminal AI Growth Is a Governance Issue, Not a Technology Gap

Analysis of why the 'AI arms race' framing in financial crime compliance is wrong for management companies and TCSPs. Based on ComplyAdvantage's 2026 Future of Compliance summit finding that criminal AI use rose 800% in two years. Argues that compliance AI carries governance obligations criminals don't, and that TCSPs without model risk management functions face a specific accountability gap under AMLR.

Read More
OFAC Is a Risk Factor, Not a Decision: What the CJEU's Jenec Ruling Changes About CDD Documentation
Thought Leadership6 min read

OFAC Is a Risk Factor, Not a Decision: What the CJEU's Jenec Ruling Changes About CDD Documentation

Analysis of CJEU Case C-81/24 (Jenec), decided 11 June 2026, which held that an OFAC listing cannot automatically justify refusing a basic payment account under EU AML law. Confirms the legal requirement for documented individual risk assessment, not list-matching, as the basis for CDD decisions. Implications for management companies, TCSPs, and fund administrators.

Read More
The Data Act Gave You the Right to Exit. Your Compliance Records Are Still Locked In.
Thought Leadership7 min read

The Data Act Gave You the Right to Exit. Your Compliance Records Are Still Locked In.

Analysis of the EU Data Act's cloud switching regime, active since September 2025, and its intersection with AMLR retention obligations. Argues that management companies and TCSPs have a legal right to exit their compliance SaaS providers but lack the architectural prerequisites to exercise that right without losing evidentiary integrity.

Read More
The RegTech Pricing Gap Is Closing. The Data Ownership Question Is Not.
Thought Leadership6 min read

The RegTech Pricing Gap Is Closing. The Data Ownership Question Is Not.

Analysis of Q1 2026 European FinTech funding data alongside the KYCP managed service launch, arguing that managed service compliance infrastructure closes the pricing gap for smaller regulated firms but does not resolve the data portability and ownership questions that AMLR will test.

Read More
The AI Transparency Deadline That Wasn't Moved
Thought Leadership6 min read

The AI Transparency Deadline That Wasn't Moved

The Digital Omnibus moved the high-risk AI deadline 16 months. Article 50 transparency obligations were not deferred. For management companies and TCSPs using biometric verification in digital KYC, AI-powered client tools, or AI-generated content, August 2026 is a live compliance deadline eight weeks away.

Read More
The AMLA Selection Exercise Has Started. Luxembourg Fund Managers Are in the Dataset.
Thought Leadership6 min read

The AMLA Selection Exercise Has Started. Luxembourg Fund Managers Are in the Dataset.

The AMLA reporting package for its first direct supervision selection was published on 12 May 2026. CSSF formally notified investment fund managers and TCSPs on 1 June. Explains why every Luxembourg fund manager is in the dataset used to build the list of 40 directly supervised entities, and what the template's data requirements reveal about AMLR readiness.

Read More
The Compliance Audit Has Moved Into the Sales Call
Thought Leadership5 min read

The Compliance Audit Has Moved Into the Sales Call

An analysis of how institutional due diligence on service providers has expanded to include AI governance and compliance infrastructure, driven by the EU AI Act's August 2026 high-risk AI deadline and compressed LP operational review cycles. Firms with a unified, auditable compliance environment are closing mandates; firms without are losing them.

Read More
The EU's Sovereign Cloud Has a Google Problem. Yours Might Too.
Thought Leadership6 min read

The EU's Sovereign Cloud Has a Google Problem. Yours Might Too.

The EU's €180M sovereign cloud tender awarded a contract to a Thales-Google JV at SEAL-2 while three others achieved SEAL-3. This piece argues compliance teams must document their cloud providers' actual sovereignty risk profile using the EU's SEAL framework, not rely on marketing labels.

Read More
The RegTech Platform Bet: What Five Acquisitions in 18 Months Mean for Your Compliance Stack
Thought Leadership6 min read

The RegTech Platform Bet: What Five Acquisitions in 18 Months Mean for Your Compliance Stack

Analysis of the accelerating RegTech vendor consolidation wave in Q1 2026, anchored in CUBE's five-acquisition sprint and the Parker & Lawrence $245bn TAM estimate. Argues that management companies and TCSPs are unknowingly making decade-long platform bets, and that data portability is the only durable defence.

Read More
The AI Act Window and the Classification Error: What the May 19 Guidelines Actually Resolve
Thought Leadership7 min read

The AI Act Window and the Classification Error: What the May 19 Guidelines Actually Resolve

Analysis of the May 7 Digital Omnibus deal that delayed high-risk AI Act enforcement 16 months, and the Commission's May 19 draft classification guidelines that define which AI systems are actually in scope. Argues that most AML/KYC AI at management companies and TCSPs falls outside the high-risk definition under Recital 58, but that AMLR documentation obligations apply regardless.

Read More
The STR Is the Entry Point, Not the Exit: What AMLA's FIU Cooperation Standards Reveal About Your Compliance Data
Thought Leadership7 min read

The STR Is the Entry Point, Not the Exit: What AMLA's FIU Cooperation Standards Reveal About Your Compliance Data

Analysis of AMLA's 13 May 2026 draft Implementing Technical Standards for FIU cooperation and EPPO reporting. Argues that the structured data requirements these ITS impose on the enforcement chain trace back to the compliance files management companies and TCSPs build at the originating institution. Published ahead of AMLA's public hearings on 27 May 2026.

Read More
DORA Compliance as Data Plumbing: Why Cloud Sovereignty Became Infrastructure
Regulatory7 min read

DORA Compliance as Data Plumbing: Why Cloud Sovereignty Became Infrastructure

An analysis of DORA compliance as a data infrastructure problem rather than a policy one. Covers exit strategy obligations under Article 28(8), the convergence of EU and global data-portability and messaging standards (ISO 20022, FAPI), and the architectural patterns (Kubernetes, IaC, S3-compatible storage) that make six-month exits actually executable. Aimed at Luxembourg TCSPs, management companies, and fund administrators evaluating cloud strategy under DORA. This is an edited replacement for the earlier draft of the same title.

Read More
The MiCA Review Opens While Luxembourg's Licensing Model Is Under Threat: What Compliance Teams Should Actually Watch
Thought Leadership7 min read

The MiCA Review Opens While Luxembourg's Licensing Model Is Under Threat: What Compliance Teams Should Actually Watch

Analysis of the European Commission's MiCA review consultation launched on 20 May 2026, set against the parallel proposal to centralise CASP supervision under ESMA. For Luxembourg management companies, fund administrators, and TCSPs touching tokenised assets, the convergence of MiCA, AMLR, and the Transfer of Funds Regulation is becoming a single compliance surface that depends entirely on the data layer underneath.

Read More
95% Adoption, 9% Readiness: The RegTech Industry's Data Infrastructure Gap
Thought Leadership6 min read

95% Adoption, 9% Readiness: The RegTech Industry's Data Infrastructure Gap

Analysis of the Global State of RegTech 2026 report alongside the Wolters Kluwer compliance survey, arguing that the RegTech industry's adoption metrics mask a structural data readiness problem. For management companies, TCSPs, and fund administrators, the bottleneck has shifted from tool acquisition to data architecture.

Read More
Overhead view of a printed AI compliance agent reasoning trace on cream paper, with five numbered decision steps and pencil annotations in the right margin by a human reviewer.
Thought Leadership8 min read

When the Group Compliance Manager Is an AI: What AMLR Article 16 Looks Like in a World Where Most CDD Decisions Are Made by Agents

AMLR Article 16(2) requires a compliance manager at group level. When most CDD work moves to AI agents at the subsidiary level, the role of that compliance manager changes structurally. This piece argues that the future of enterprise KYC under AI automation is not a story about replacing compliance officers, but about elevating one specific role into the convergence point for AMLR, the EU AI Act, and AMLA's supervisory expectations.

Read More
From Routine CDD Field to Police Referral: What the Nordea Case Says About 'Purpose and Intended Nature'
Thought Leadership6 min read

From Routine CDD Field to Police Referral: What the Nordea Case Says About 'Purpose and Intended Nature'

Analysis of the Danish FSA's May 2026 criminal referral of Nordea Finans Danmark, focused on the failure to substantively document the purpose and intended nature of customer relationships. Explains what the case signals for management companies, TCSPs, and fund administrators under EU and CSSF supervision.

Read More
A passport laid open on a walnut desk with a small paper price tag resting on its corner, the figure $15 visibly handwritten in warm-orange ink, a fountain pen alongside, in soft north-facing window light.
Thought Leadership6 min read

$15 and Half an Hour: What the Deepfake Fraud Economy Means for Your Onboarding Stack

AI-generated identity documents now cost as little as US$15 to manufacture and take roughly half an hour to produce. Real-time deepfake KYC bypass tools are commercially available. The article argues that the cost economics have inverted: biometric-first onboarding stacks are now the soft layer, and document-first verification with multi-source corroboration is structurally more resilient under current AI economics.

Read More
A reader's hand holding a fountain pen poised over a single line of a printed regulatory report on a walnut desk, the line marked underneath with a warm-orange ink underscore, in soft north-facing window light.
Thought Leadership6 min read

Beneficial Ownership Got "Moderate": What FATF's Singapore Verdict Reveals About What Supervisors Are Actually Measuring

FATF's mutual evaluation of Singapore, published 6 May 2026, rated the country's beneficial ownership effectiveness only "moderate" despite Singapore achieving its best ever overall monitoring tier. The article reads what FATF specifically flagged about Singapore's BO regime and argues that the same fifth-round methodology will define how Mauritius, Luxembourg, and other jurisdictions are evaluated, and how AMLA will select firms for direct supervision in 2028.

Read More
Two compliance professionals reviewing a printed report together at an oak table, one pointing to a specific line while the other reads in profile, in soft north-facing window light.
Thought Leadership7 min read

AI Agents Are Coming to KYC. Here's What They Will Need from the Platforms They Run On.h

Anthropic's 5 May 2026 announcement of ten agent templates for financial services, including a KYC screener and a partnership with FIS on AML investigation agents, marks the moment AI agents become a real part of the compliance stack. The article argues that the firms that benefit will not be the ones that deploy agents fastest, but the ones whose data infrastructure is ready to make agentic decisions defensible.

Read More
AMLA's New BWRA Guidelines: Why Your Self-Assessment Should Mirror the Supervisor's Scorecard
Thought Leadership7 min read

AMLA's New BWRA Guidelines: Why Your Self-Assessment Should Mirror the Supervisor's Scorecard

Analysis of AMLA's 16 April 2026 consultation on draft BWRA Guidelines under Article 10(4) AMLR, and how the cross-reference to the supervisor RTS under Article 40(2) AMLD reshapes how management companies, TCSPs, and fund administrators should structure their business-wide risk assessment.

Read More
What's Actually in AMLA's Article 28 CDD Standards: A Read of the Draft RTS Before the Window Closes
Thought Leadership6 min read

What's Actually in AMLA's Article 28 CDD Standards: A Read of the Draft RTS Before the Window Closes

AMLA's draft RTS under Article 28(1) of the AMLR closes for consultation on 8 May 2026. Three provisions in the draft (on intermediary ownership layers, senior managing officials, and verification sources) reveal the structural shape of CDD under the new regime, and confirm that AMLR readiness is a data problem rather than a policy problem.

Read More
The 14-Month Window: Why Customer Due Diligence Is the AMLR Bottleneck Most Firms Are Underestimating
Thought Leadership5 min read

The 14-Month Window: Why Customer Due Diligence Is the AMLR Bottleneck Most Firms Are Underestimating

PwC's 2026 EMEA AML Survey reveals that two-thirds of EU institutions risk missing the July 2027 AMLR deadline. The headline misses the more useful finding underneath: customer due diligence is where the operational bottleneck actually sits, and the underlying problem is data infrastructure rather than regulation.

Read More
Synthetic Identity Fraud: Why Manual KYC Cannot Catch What It Was Not Designed to See
Thought Leadership5 min read

Synthetic Identity Fraud: Why Manual KYC Cannot Catch What It Was Not Designed to See

AI-generated synthetic identities are designed to defeat exactly the manual checks most firms still rely on. This article examines what the 2026 SmartSearch Compliance Report reveals about the gap between awareness and action, and what an effective response actually looks like.

Read More
Perpetual KYC: What It Means and Whether Your Firm Is Ready
Thought Leadership8 min read

Perpetual KYC: What It Means and Whether Your Firm Is Ready

Perpetual KYC promises to replace periodic reviews with continuous, event-driven monitoring. This article explains what pKYC actually involves, what infrastructure it requires, and whether the technology and regulatory environment are ready for it.

Read More
Document-Driven KYC: Why Documents Are the Foundation of Effective Compliance
Thought Leadership6 min read

Document-Driven KYC: Why Documents Are the Foundation of Effective Compliance

Document-driven KYC puts verified documents at the centre of every compliance decision. This article explains why this approach produces stronger compliance outcomes than form-based or interview-driven alternatives.

Read More
Layered corporate ownership structure diagram tracing indirect paths to an ultimate beneficial owner
Thought Leadership12 min read

UBO Identification: Why Compliance Teams Still Struggle with Layered Ownership Structures

Identifying the ultimate beneficial owner behind complex holding structures, trusts, and SPVs remains one of the most time-consuming tasks in KYC compliance. This article explores why layered ownership creates persistent challenges for compliance teams on both sides of the KYC relationship, what regulators actually expect including variable thresholds and the board fallback rule, and how automation can eliminate the spreadsheet-driven recalculations that slow firms down.

Read More
Thought Leadership6 min read

Smarter Compliance: Why Manual KYC Processes Are Holding Your Firm Back

Manual KYC processes built on spreadsheets and email chains create hidden costs slower onboarding, inconsistent decisions, and audit exposure. Here is what smarter compliance actually looks like.

Read More
KYC Software for Management Companies: What to Look for in 2026
Guide7 min read

KYC Software for Management Companies: What to Look for in 2026

Management companies face unique KYC challenges — complex entity structures, multi-jurisdictional requirements, and high document volumes. This guide explains what to look for when choosing KYC software purpose-built for the sector.

Read More
Regulatory7 min read

What Regulators Actually Look for During KYC Document Audits

Regulatory examinations focus on evidence, consistency, and risk-proportionate decision-making, not just process completion. This article explains what examiners actually scrutinise and how to prepare.

Read More
Diagram showing how a policy engine combines factor scores and regulatory triggers like PEP status to produce an explainable risk assessment with audit trail
Thought Leadership9 min read

Why Your KYC Platform Needs a Policy Engine, Not Just a Risk Score

Risk scores tell you how risky a customer is. A policy engine tells the AI how to think about risk in the first place. This article explains why configurable compliance policies are the missing layer in most KYC platforms, and how they transform AI-driven risk assessments from generic outputs into institution-specific intelligence.

Read More