Regulators are no longer reacting; they are predicting. A decade ago, compliance meant box-ticking after the crisis. In 2026, supervisors scan transactions, emails and even ESG claims in real time. The Financial Conduct Authority (FCA) has already used data analytics to flag misleading financial promotions, while the European Securities and Markets Authority (ESMA) is intensifying scrutiny of greenwashing through coordinated reviews. The shift is clear. The real priority is not what firms disclose but what regulators can infer. Across the EU and UK, alignment on AI and anti-money laundering is growing, even as post-Brexit approaches to supervision continue to diverge.
The Regulatory Black Box
Supervision now happens in the background, often without firms realising it. The FCA and ESMA increasingly deploy AI-driven anomaly detection to identify suspicious trading patterns, while banking supervisors linked to the European Central Bank (ECB) use network analysis to trace complex flows across counterparties. Natural language processing is also being applied to marketing materials and disclosures to detect misleading claims or inconsistencies.
This creates a form of supervision without notification. Firms are assessed continuously, not just during periodic reviews. In some cases, regulators can identify emerging risks before internal compliance teams do, narrowing the traditional information gap.
The implication is stark. Static dashboards and retrospective reporting are losing value. Leading firms are investing in “regulatory mirroring”, building systems that replicate how supervisors analyse data so they can anticipate scrutiny rather than react to it.
AI, ESG Fatigue and Digital Ethics
The era of ESG enthusiasm is giving way to enforcement realism. European regulators are intensifying action against greenwashing, with the ESMA conducting coordinated reviews of sustainability disclosures, while the FCA is rolling out the Sustainability Disclosure Requirements regime to force clearer, evidence-based claims. Firms are now expected to produce auditable sustainability data, not marketing narratives.
At the same time, AI supervision is accelerating. The EU’s AI Act is moving into implementation, while the UK is advancing a principles-based model through sector regulators. A critical shift is emerging where model risk is treated as conduct risk, particularly where biased algorithms affect lending or pricing decisions.
Digital ethics is also becoming a formal supervisory concern. Regulators are examining how firms use behavioural data, from personalised pricing to algorithmic nudging. The frontier of supervision is no longer financial risk but the integrity of automated decision making.
Enforcement Without Borders
Regulatory enforcement is no longer confined by geography. Cross-border cooperation has intensified, with the FCA working alongside EU bodies such as the ESMA and global partners including the U.S. Securities and Exchange Commission (SEC) on joint investigations and shared intelligence (See IOSCO). Data sharing platforms now allow supervisors to track misconduct across jurisdictions in near real time.
A clear trend has emerged. Enforcement increasingly follows the risk, not the legal entity or location. Post-Brexit divergence in rules has not reduced scrutiny. UK firms may face parallel reviews from domestic and EU authorities, often examining the same activity through different regulatory lenses.
This creates a new vulnerability. Inconsistent disclosures or compliance narratives across jurisdictions are quickly identified and challenged. Firms are no longer judged purely on local compliance. Their global coherence, consistency and credibility are now under continuous supervisory review.
The Risk Illusion
Many firms still rely on risk frameworks designed for a different era. Internal models often depend on historical data, while regulators increasingly focus on forward-looking indicators such as behavioural trends and emerging market signals. This mismatch creates a persistent blind spot.
A common failure is treating compliance as a control function rather than a source of strategic intelligence. The FCA has repeatedly highlighted cases where firms met formal requirements yet failed to detect harmful outcomes, particularly in consumer finance.
A more subtle challenge is narrative risk. Regulators now compare what firms say in disclosures with what their data reveals. Inconsistencies, even if unintentional, can trigger scrutiny. Cultural signals also matter more than firms expect. Incentives, decision-making patterns and tone from leadership are increasingly examined.
The key point is clear. Regulators are not just measuring risk. They are interpreting intent, and many firms are still misreading how that judgement is formed.
The Data Wars
The commercial value of data has never been higher, yet neither has regulatory scrutiny. Firms are monetising behavioural and transactional data at scale, while regulators tighten control over how that data is gathered and used. Under the General Data Protection Regulation (GDPR), enforcement has moved beyond consent towards deeper questions of fairness and purpose limitation.
Tensions are especially visible in transaction monitoring, where anti-money laundering systems demand extensive data analysis, sometimes clashing with privacy expectations. The FCA has also raised concerns about the use of alternative data, such as social or geolocation inputs, in credit and pricing decisions.
This creates a compliance and innovation paradox. The more data-driven a business becomes, the more exposed it is to regulatory challenge. Increasingly, supervisors expect data lineage accountability, meaning firms must explain how data is sourced, processed and applied.
Data is no longer just an asset. It is both a growth engine and a primary source of enforcement risk.
What Smart Firms Are Doing Differently
Leading firms are moving beyond reactive compliance towards anticipatory governance. Instead of focusing only on internal risks, they model how regulators are likely to behave. Some large banks supervised by the ECB now run scenario testing that mirrors supervisory stress priorities rather than purely financial shocks.
They are also building integrated risk intelligence systems that combine legal, compliance and data science capabilities. This allows faster identification of issues such as misleading disclosures or algorithmic bias. Investment is shifting towards explainable AI and real time monitoring, reflecting expectations signalled by the FCA in its data strategy updates.
Perhaps most importantly, culture is changing. Firms are moving from defensive compliance towards strategic transparency, sharing clearer narratives with regulators and ensuring their data, decisions and disclosures tell a consistent and credible story.
The New Regulatory Reality
Supervision in 2026 is continuous, data driven and increasingly interpretive. Regulators such as the FCA and the ESMA are not simply checking compliance. They are analysing behaviour, intent and outcomes using advanced data tools.
This new reality demands a fundamental shift in mindset. Firms can no longer rely on meeting formal requirements alone. They must ask how their actions, data and decisions appear through the supervisory lens.
Those that succeed will understand that perception, consistency and transparency are now central to regulatory judgement. In 2026, the biggest risk is not breaking the rules. It is misunderstanding how those rules are interpreted and enforced in practice.
And what about you…?
- How confident are we that our internal risk systems reflect how regulators actually identify and prioritise risks, rather than how we assume they do?
- Are we still treating compliance as a defensive function, or have we embedded it into strategic decision-making and forward-looking risk intelligence?
