Mark Taylor
Senior Editorial Manager
Regulatory intelligence is getting harder to manage
From tariff uncertainty to abolished supervisors, regulatory volatility is now the norm, not the exception. And mid-market regulatory compliance is getting harder as a result.
In just the first few months of 2025, the UK confirmed plans to fold the Payment Systems Regulator (PSR) back into the Financial Conduct Authority (FCA), even as it moves to tighten oversight of digital wallets.
The European Union is struggling to finalise AI regulations amid rising pressure to extend the Markets in Crypto Assets Regulation (MiCA) as adoption of digital assets grows.
In the United States, shake-ups at major agencies including the Consumer Financial Protection Bureau (CFTC), Federal Deposit Insurance Corporation (FDIC), Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) have left regulatory priorities unclear as trade and tariff policies shift without predictable timelines.
This is the rhythm of regulatory change in 2025: fast, fragmented, and increasingly difficult to manage, particularly for midmarket firms balancing global obligations with finite compliance resources.
The three-pronged compliance burden
Regulatory compliance today doesn’t move in a straight line. It arrives from all angles, in formats that rarely match, with expectations that aren’t always obvious.
Volume: Thousands of updates each year, across jurisdictions, languages, sectors, and supervisory bodies.
Variety: Not just laws, but also guidance, enforcement actions, consultations, technical standards, position papers, and speeches. Often published without clear timelines or change indicators.
Veracity: Some updates are binding. Others are advisory. Many sit in between. Without context, it’s hard to tell what demands action and what simply signals a direction of travel.
Short-term spikes in regulatory activity have led to changes. These changes make compliance teams rethink how they manage, monitor, and prioritise.
The struggle is real
Recent data shows what many already know; compliance professionals say their jobs have become harder in recent years.
Many teams are overwhelmed with regulatory updates. Manual processes still cause duplication, delays, and risks of missing important information.
These issues have operational consequences. According to PwC’s Global Compliance Survey 2025:
85% of firms say compliance complexity has increased over the past three years.
77% report that it has negatively affected growth-related areas of the business.
PwC’s analysis says, “The compliance system is more complex and connected than ever. This is because of changes, new business models, and cross-industry reinvention.”
Inefficiency carries a heavy price
Not every regulatory update arrives through formal channels. Some appear in consultation papers, enforcement updates, or regulator blog posts.
In Hong Kong, despite deepening ties between the financial hub and mainland China via the National Financial Regulatory Administration (NFRA), regulatory change is slow. The Hong Kong Monetary Authority (HKMA) and Securities and Futures Commission (SFC) often issue market critical updates via guidance, circulars and other non-legislative updates.
Around the world, regulators are more comfortable in publishing guidance that carries de facto enforcement weight even without legislative backing. Formats are inconsistent. Terminology varies. Publication timelines rarely align across jurisdictions.
This creates real operational blind spots. Compliance teams miss critical obligations buried in commentary. Other teams invest significant time reviewing content that turns out to be non-enforceable or duplicative.
These are not theoretical concerns. Financial institutions have faced fines for failing to act on updates they never classified as regulatory in nature. Internal audit trails break down and review processes can become reactive. Teams burn time trying to separate signal from noise, without confidence that they’ve caught everything that matters.
Duplicated effort, delayed response
It is also not uncommon, especially in midmarket firms, for different teams within the same organisation to monitor the same regulators in parallel. Perhaps Legal logs the update. Risk assesses the implication. Operations reviews procedural impacts.
Each group builds its own spreadsheet, unaware that another team has already completed similar work.
Elsewhere, an update published in a local language remains untranslated for weeks. By the time it is escalated to group level, operational deadlines have been missed.
This fragmentation not only increases regulatory risk but also drains limited compliance resources and slows critical response times.
The emergence of automated regulatory intelligence
Modern regulatory intelligence is more than just collecting updates. It turns these updates into insights quickly, on a large scale, and with confidence.
Manual tracking systems and inbox alerts fall short. They don’t prioritise relevance. They don’t separate noise from obligation. And they don’t provide the contextual detail teams need to act with certainty.
Firms in this environment shifting to automated regulatory intelligence systems that can:
Continuously monitor global regulatory sources in real time, rather than relying on static databases or periodic reviews.
Automatically categorise and filter updates based on geography, business line, risk theme, and regulatory significance.
Add context to alerts. This helps compliance officers quickly see if an update needs a response and what that response should be.
This compliance system reduces duplication. It speeds up decision-making. It also helps teams understand the entire regulatory environment better.
For mid-market firms, especially those dealing with international challenges, this change is now essential. They need visibility and control, even without large resources.
In the next part of this series, we will look closely at the daily life of a mid-market compliance officer.
We will identify the pressure points. We will examine how people use time. We will look at where processes fail. We will understand why visibility gaps still put firms at risk.