.png)
The Connector.
The Connector.
The Connector Podcast - FinanceX #22 - RegTech - Compliance At Scale
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Thank you for tuning into our podcast about global trends in the FinTech industry.
Check out our podcast channel.
Learn more about The Connector.
Follow us on LinkedIn.
Cheers
Koen Vanderhoydonk
koen.vanderhoydonk@jointheconnector.com
#FinTech #RegTech #Scaleup #WealthTech
The $3 Billion Compliance Failure
SPEAKER_00In 2024, TD Bank was hit with this just um staggering three billion dollar fine by US regulators over anti-money laundering failures.
SPEAKER_01Yeah, three billion. It's a massive number.
SPEAKER_00Right. But here is the crazy part. They didn't get fined because they lacked a compliance policy. Like they had the policies on the books.
SPEAKER_01They did, yeah.
SPEAKER_00They got fined because their human workforce simply couldn't read the data fast enough to actually execute those policies.
SPEAKER_01Aaron Powell Exactly. It was a complete breakdown in execution.
SPEAKER_00Right. And welcome to the deep dive, by the way. Today is May 4th, 2026, and we are opening up a stack of articles from the May 2026 regtech edition of Finance X magazine.
SPEAKER_01Aaron Powell It's a really fascinating issue.
SPEAKER_00Aaron Powell It is. Because the overarching theme here is this massive fundamental shift happening in the financial world right now. For decades, compliance has been viewed as this boring, costly administrative roadblock, you know. Trevor Burrus, Jr.
SPEAKER_01Oh, absolutely. The ultimate cost center.
SPEAKER_00Trevor Burrus, Jr. Right. But we are looking at a landscape where the old models are outright breaking under the weight of modern data. And in response, compliance is rapidly transforming into this high-tech competitive weapon. So, okay, let's unpack this. Aaron Powell Yeah.
SPEAKER_01To understand the sheer scale of this transformation, we really have to look closely at the operational reality inside these banks.
SPEAKER_00Aaron Powell What's actually happening on the floor?
SPEAKER_01Aaron Ross Powell Right. The video article covering the TD bank fallout highlights something critical. The banks suffered from fragmented monitoring and really weak escalation protocols.
SPEAKER_00Aaron Powell Meaning what? Exactly.
SPEAKER_01Aaron Ross Powell Meaning they couldn't detect illicit patterns in time because their systems required humans to bridge the gaps between disconnected data silos.
SPEAKER_00Aaron Powell Oh, wow. So human analysts are literally trying to connect the docs manually across different systems.
SPEAKER_01Aaron Powell Yes. The controls existed in principle, but they simply did not scale to the reality of modern transaction volume.
Alert Overload And Business Friction
SPEAKER_00Aaron Powell Well, and while executives are obviously terrified of a multi-billion dollar penalty, you know, the reading emphasizes that the real everyday cost of bad compliance isn't actually the fine. Aaron Powell Right.
SPEAKER_01It's the friction.
SPEAKER_00Exactly, the friction. The piece from BBD lays this out by looking at what they call alert overload.
SPEAKER_01Aaron Ross Powell Oh, alert overload is such a nightmare for these teams.
SPEAKER_00Aaron Powell Yeah. Because you have this highly paid compliance team, right? And they aren't actually spending their time investigating real nuanced risks.
SPEAKER_01Aaron Ross Powell No, not at all. They are desperately trying to clear a massive volume of low-quality alerts generated by outdated rules-based software. Trevor Burrus, Jr.
SPEAKER_00Which just creates the silent drag on the entire business. Like that friction surfaces when onboarding a new corporate client takes, what, 14 days instead of 14 minutes?
SPEAKER_01Aaron Powell Yeah, because the human analyst is manually reviewing PDFs and cross-referencing them against global sanctions lists.
SPEAKER_00Trevor Burrus, Jr. Manually in 2026.
SPEAKER_01Trevor Burrus, Jr. Right. And it surfaces when trading decisions are delayed because data is trapped in these legacy mainframes that literally cannot communicate with the newer risk assessment software. Trevor Burrus, Jr.
SPEAKER_00I mean, individually, a 10-minute delay or a manual review feels manageable, but you put all those delays together across millions of transactions.
SPEAKER_01And the operational drag is enormous.
SPEAKER_00It sounds like traditional compliance operates like a series of manual toll booths on a highway. You know, you are trying to get your business to its destination, but every few miles, everything has to come to a complete stop.
SPEAKER_01You wait for the gate, hand over your documentation, get approved, and then accelerate again.
Continuous Monitoring Without Toll Booths
SPEAKER_00Right. It inherently causes latency. But this new regtech approach, detailed in the BBD piece, they call it engineered enablement, sounds completely different. It's like an electronic toll tag.
SPEAKER_01Exactly. The system is designed so the compliance checks are embedded directly into the continuous real-time data flows. Trevor Burrus, Jr.
SPEAKER_00So the checks happen at full speed without making the driver tap the brakes at all.
SPEAKER_01Right. But the transition from periodic checkpoints to continuous monitoring, it requires a fundamentally different technological engine.
SPEAKER_00Because you can't use humans for that.
SPEAKER_01Exactly. If the data is flowing continuously without human toll booths, the system has to surface risk dynamically as it occurs, rather than, you know, batch processing RIFT reports at the end of the month.
SPEAKER_00Aaron Powell Okay. So we've removed the toll booths, but that introduces a terrifying variable, right? If data is flowing continuously without manual checkpoints, you are relying entirely on artificial intelligence to spot the anomalies.
Why Old AI Failed AML
SPEAKER_01Aaron Powell And historically, the financial industry has treated AI like radioactive material when it comes to regulatory compliance.
SPEAKER_00Aaron Powell Rightfully so, right.
SPEAKER_01Right. Oh, the skepticism was entirely justified. The article by Avalon's CEO, um Anders Meinert Jurgensen, he breaks down why early machine learning was essentially useless for anti-money laundering. Trevor Burrus, Jr. Because it was a black box. Trevor Burrus, Jr. Exactly. It suffered from two fatal flaws: a lack of explainability and poor data quality. In a regulated environment, you absolutely need an audit trail.
SPEAKER_00Aaron Powell Right. Because if a model flags a transaction as high risk and a regulator knocks on your door to ask why.
SPEAKER_01You cannot simply say the computer generated a high probability score. Trevor Burrus, Jr.
SPEAKER_00Right. They will laugh you out of the room.
SPEAKER_01Aaron Ross Powell They will fine you billions of dollars. Every decision must be documented and logically defensible. Early AI just couldn't do that.
SPEAKER_00Aaron Ross Powell And the data quality issue.
SPEAKER_01Aaron Ross Powell Well, training those early models on years of historically inconsistent human compliance decisions effectively meant training the AI to replicate those exact inconsistencies at scale.
LLM Audit Trails For KYC
SPEAKER_00Aaron Powell Oh man. So you're just automating human error. But the breakthrough seems to be large language models or LLMs. They changed the mechanics of how this software operates.
SPEAKER_01Aaron Powell They did, because they can actually structure explanations.
SPEAKER_00Right. They reference the specific data they draw upon and make their reasoning visible. They maintain that audit trail regulators want.
SPEAKER_01Aaron Powell They don't just output a risk score. They show their work in plain language.
SPEAKER_00Aaron Powell Yeah. And they have the contextual awareness to dig through a messy, unstructured email chain to find a specific answer for a know your customer or KYC questionnaire.
SPEAKER_01Trevor Burrus And then they link back to the exact sentence so a human can verify it. That ability to synthesize unstructured data while maintaining provenance is what makes the technology viable for compliance today.
Agentic Banking Versus Human Signoff
SPEAKER_00It finally addresses the regulator's demand for traceability. But wait, here's where it gets really interesting. There's a massive contradiction in the reading here.
SPEAKER_01Oh, between Avalone and the German report.
SPEAKER_00Yes. The Avalone piece insists that because of this need for an audit trail, AI must strictly act as a wingperson for human analysts in AML, like keeping humans firmly in control of the final decision. Right. But then the 2026 German market report from Contextual Solutions calls this the year of agentic banking. They detail banks using AI to act completely autonomously, negotiating loan rates, executing trades, managing liquidity without any human prompting. Trevor Burrus, Jr.
SPEAKER_01Yeah, it sounds totally at odds.
SPEAKER_00Trevor Burrus, Jr. Right. Which is it? Is AI a supportive wing person or is it an autonomous agent?
SPEAKER_01Aaron Powell The contradiction actually resolves when you separate where the AI is deployed. You really have to draw a hard line between front office operations and back office regulatory decisions.
SPEAKER_00Aaron Powell Okay, break that down for me.
SPEAKER_01So in the front office trading, customer service loan origination banks are heavily deploying autonomous agents. The motivation there is speed and profit.
SPEAKER_00Aaron Powell Because the risks are primarily commercial.
SPEAKER_01Aaron Powell Exactly. If an algorithm misprices a loan by a fraction of a percent, the bank loses a little money, but they gain massive market share through instant approvals. Aaron Powell Right.
SPEAKER_00The liability is just on the balance sheet.
SPEAKER_01Trevor Burrus, Jr. Precisely. But in the back office, specifically in anti-money laundering and KYC, the liability is legal and reputational.
SPEAKER_00Aaron Ross Powell Meaning someone could go to jail.
SPEAKER_01Yes. For those decisions, you require a human to maintain a defensible audit trail. The AI does the heavy lifting. It instantaneously scans documents across disparate drives, structures the data, flags anomalies.
SPEAKER_00It even drafts the rationale for approval or rejection, right?
SPEAKER_01It does. But the human analyst legally signs off. So the AI is the ultimate wingperson in the back office and an autonomous agent in the front office.
SPEAKER_00So the algorithm does the reading, but the human takes the legal liability.
SPEAKER_01That's the balance they've struck.
EUDI Wallet And Selective Disclosure
SPEAKER_00But AI, whether it is a wingperson or an agent, is only as good as the data you feed it. If the goal is to engineer friction out of the system, the underlying data itself, specifically human and corporate identity, has to be standardized.
SPEAKER_01Which leads us to the upcoming European digital identity mandates outlined in the identity piece. Right. The European Digital Identity Wallet, or UDI wallet, represents this just massive structural shift in how data is handled.
SPEAKER_00And this isn't just a suggestion, right? It's the law.
SPEAKER_01It is a strict legal mandate under EU regulation 2024-11183. By December 2026, every single EU member state must offer a certified wallet.
SPEAKER_00Wow, that is coming up fast.
SPEAKER_01And by December 2027, regulated sectors like banking, telecom, and large tech platforms are legally required to accept it.
SPEAKER_00Okay. Think about the last time you went to a bar. You hand the bouncer your plastic driver's license. You are trying to prove one single fact that you are over 18. Right. But to do that, you are forced to hand over your home address, your exact height, your organ donor status, your full date of birth.
SPEAKER_01It's massive oversharing.
SPEAKER_00Exactly. The magic of this digital wallet is a concept called selective disclosure. It's like handing the bouncer a magical card that only flashes green to say yes, they are of age and reveals absolutely nothing else.
SPEAKER_01The technical mechanism behind that is called a qualified electronic attestation of attributes or a QEAA.
SPEAKER_00QEA.
SPEAKER_01Users can prove specific verified attributes without oversharing personal data. And from a systemic level, once these credentials are verified and cryptographic proof is generated, they become reusable across borders.
SPEAKER_00Meaning what for the consumer?
SPEAKER_01Meaning a credential verified by a government authority in Spain can instantly satisfy the compliance checks of a payment provider in the Netherlands. Aaron Powell That is huge. It is. We are already seeing the groundwork for this adoption. The source notes that Poland's Moby Waddle app currently has over 18 million downloads.
LEI And Standardized Corporate Trust
SPEAKER_00Aaron Powell 18 million. Just in Poland. Trevor Burrus, Jr.
SPEAKER_01Yeah, the adoption is happening.
SPEAKER_00Trevor Burrus And it extends beyond individuals, too, right? The GLEI article covers the global legal entity identifier, or LEI, which does the exact same thing for corporate entities.
SPEAKER_01Aaron Powell Because if you are a multinational bank trying to onboard a complex corporate client with subsidiaries in five different countries, tracking down who actually owns what is a nightmare.
SPEAKER_00A total mess.
SPEAKER_01The LEI creates a common, interoperable, global framework. We are standardizing the architecture of trust for both humans and corporations.
SPEAKER_00But the challenge with standardizing trust has always been the cold start problem, hasn't it?
SPEAKER_01Yes. What's fascinating here is how that problem is being solved. Businesses usually refuse to spend capital integrating digital ID infrastructure until users actually adopt it.
SPEAKER_00Right. Why build a scanner if no one has the barcode?
SPEAKER_01Exactly. But users won't adopt a digital ID if they can't use it to open a bank account or sign a lease. The ecosystem just freezes.
SPEAKER_00Everyone just stands around waiting for the other side to move first.
DORA Pulls Vendors Into Compliance
SPEAKER_01And the regulator broke the deadlock by forcing the issue. Setting those hard deadlines for December 2026 and 2027 is the European Union saying, we are building the infrastructure and you will integrate it by law.
SPEAKER_00Standardized data and instant AI verification mean that business is going to move faster than ever. But that brings us to the regulatory reality check.
SPEAKER_01Yeah, the enforcement side.
SPEAKER_00Right. If banks and fintechs are processing data continuously at light speed, regulators can't rely on yearly manual audits anymore. They have to match the speed of the market. And the leniency period for getting these new systems in place is officially over.
SPEAKER_01We have crossed from a phase of regulatory implementation into an era of active enforcement. The red into green article highlights a dangerous trap companies fall into regarding how they view themselves.
SPEAKER_00Oh, the naming thing.
SPEAKER_01Yeah, companies love to brand themselves as fintech or insert tech.
SPEAKER_00Right. It sounds cool for investors.
SPEAKER_01But those are marketing buzzwords with absolutely zero legal meaning. Regulation only cares about your legal entity status and the criticality of the service you provide to the financial system.
SPEAKER_00The article outlines a specific trap that small software as service providers fall into here. Like a tech company with 30 employees building a credit risk engine might assume the Digital Operational Resilience Act, DORA, doesn't apply to them because they are small and non-infrastructural.
SPEAKER_01And that assumption is fatal.
SPEAKER_00Why?
SPEAKER_01Because of who they sell to. Exactly. If a major regulated bank relies on that 30-person software company for a core function like credit scoring, that small sauce provider is instantly sucked into the DORA compliance net indirectly. Yes. The mechanism is the client contract.
SPEAKER_00Yeah.
SPEAKER_01The bank is legally obligated to impose its own strict cybersecurity and operational resilience requirement onto all of its vendors. You cannot outsource your regulatory risk. Trevor Burrus, Jr.
MiCA Deadlines And Subtech Surveillance
SPEAKER_00So if your software goes down and the bank can't function.
SPEAKER_01The regulator holds the bank accountable, which means the bank will ruthlessly audit your software.
SPEAKER_00Man. And the timelines for this enforcement are brutal. The contextual solutions report notes that the grandfathering period for Micah the Markets in crypto assets regulation ends in July 2026. Trevor Burrus, Jr.
SPEAKER_01Just a couple of months from now.
SPEAKER_00Right. If you are an unlicensed crypto firm operating in Europe at that point, you cease operations. There are no more extensions. None. And regulators aren't just waiting around for companies to submit PDF reports to find out who is failing. They are using their own technology called Subtech or supervisory technology.
SPEAKER_01Regulators are deploying advanced data analytics to become predictive and proactive rather than reactive.
SPEAKER_00Which is terrifying if you're out of compliance.
SPEAKER_01Totally. Instead of reviewing static historical reports, subtech involves building infrastructure to monitor market activity, API endpoints, and transaction ledgers in real time.
SPEAKER_00So they are looking for the anomalies before the bank even files a report.
SPEAKER_01They are looking over the bank's shoulder digitally, yes.
SPEAKER_00Aaron Powell, so what does this all mean? We have regulators using predictive AI subtech to actively monitor the financial system, and we have banks using their own agentic AI compliance systems to automatically structure data and report to the regulators.
SPEAKER_01It's an arms race.
SPEAKER_00Right. Are we basically just building a system where two algorithms negotiate with each other while humans sit back and watch?
SPEAKER_01Well, at the execution layer, algorithms are indeed communicating with algorithms, but the legal framework remains stubbornly human.
SPEAKER_00Aaron Powell Meaning the liability doesn't shift.
SPEAKER_01Exactly. If a bank's AI drafts a report that misses a systemic money laundering ring and the regulator's AI catches it, it is not the algorithm that goes to prison or pays a three billion dollar fine.
SPEAKER_00TD Bank proved that.
SPEAKER_01Right. The human executives and the board of directors carry the legal and reputational liability. The tools execute the work, but the accountability remains strictly centralized on the human leadership.
SPEAKER_00The speed of the tools is increasing, but the weight of the accountability is heavier than ever.
SPEAKER_01Much heavier.
Turning Regulation Into A Moat
SPEAKER_00But there is a massive silver lining in the contextual solutions report. Heavy regulation is usually framed as a burden that crushes innovation, right? But smart companies are turning it into a massive competitive advantage. They call it a moat.
SPEAKER_01The German company UpFest is the perfect case study for this dynamic.
SPEAKER_00Yeah, UpFest saw a 500% year-on-year increase, processing 100 million orders. And they achieved that hypergrowth specifically by running toward the hardest regulatory problems.
SPEAKER_01Because European financial regulation is incredibly fragmented.
SPEAKER_00Right. You might have overarching EU directives, but they are interpreted and enforced by dozens of local regulators.
SPEAKER_01So UpFest built the underlying compliant infrastructure to abstract all of that complexity away from their clients.
SPEAKER_00They just hid the messy wiring behind the wall.
SPEAKER_01Exactly. They solved the brutally hard problem of European regulatory fragmentation at scale, offering it through a unified API. A consumer-facing app doesn't want to build a compliance department for 27 different countries.
SPEAKER_00No, they just want to sell their product.
SPEAKER_01Right. So they just use UpVest's infrastructure. By mastering the hardest parts of the regulatory environment using new reg tech tools, UpVest didn't just survive the compliance burden, they commoditized it and sold it.
SPEAKER_00They turned compliance into an engineered capability.
SPEAKER_01Wow. So to pull all of these threads together, you know, we are looking at the end of compliance as a defensive shield. It is now a high-speed, AI-driven, standardized engine.
The Borderless Finance Question
SPEAKER_00Aaron Powell The friction is being systematically engineered out, replaced by continuous monitoring, standardized EUDI identities, and LLMs that can instantly provide the audit trails regulators demand. The companies surviving 2026 are the ones who recognize that mastering regulation is the ultimate competitive advantage.
SPEAKER_01And as we look at all these pieces interlocking, you know, the LEI for corporations, the UDI wallet for individuals, and AI systems capable of instantaneously translating and verifying cross-border regulations, it raises a really profound question.
SPEAKER_00Aaron Powell Okay, what's that?
SPEAKER_01Well, if every human soon has a perfectly standardized, borderless digital identity, and every corporation has a globally recognized entity identifier.
SPEAKER_00Right.
SPEAKER_01And if trust can be perfectly and instantaneously digitized without human friction, will the very concept of a national financial system cease to exist?
SPEAKER_00Oh wow.
SPEAKER_01If the technological and regulatory infrastructure is truly borderless, money and value might soon flow across the entire globe without ever acknowledging a physical border.
SPEAKER_00A perfectly borderless financial system. We started this deep dive talking about traditional compliance as a series of manual toll booths slowing down the global economy. What we are looking at now isn't just an electronic toll tag.
SPEAKER_01No, it is the complete removal of the toll plaza itself.
SPEAKER_00The highway is being rebuilt for frictionless high speed travel, and those who don't adopt the tech are simply going to be left idling on the off ramp.
SPEAKER_01Exactly.
SPEAKER_00Thank you for joining us on this deep dive into the reg tech revolution. Keep questioning the evolving world of finance, and we'll see you next time.