Compliance Priorities for 2026: The Most Unpredictable Year Yet

In today’s environment, regulators may not be approaching the traditional priorities in the same ways we have come to expect—at least not in all major jurisdictions. This creates a different dynamic for financial institutions thinking about their compliance priorities for 2026, and it has prompted a change in how we are approaching our 2026 outlook.

We’ll begin with some thoughts on the current state of financial institution regulation, followed by commentary on recent global and regional industry developments. Lastly, we’ll discuss what this all means for the financial industry’s 2026 compliance plans.

But first, how did we do with our 2025 predictions? As highlighted in the midyear special edition of Compliance Insights, we expected 2025 to be a year of rapid change in regulatory priorities and approaches, and it lived up to those expectations. We adopted a regional view in 2025, and we think national and regional differences continue to demand attention. Our 2025 compliance priorities of Artificial Intelligence (AI), Financial Crime, Operational Resilience, Third Party Risk Management, Information Security & Privacy, Consumer Protection, Compliance Function Optimization and Resourcing remain relevant to the industry today, but it’s harder to predict what that means in the regulatory environment we describe below.

Current state of financial institution regulation

Despite the vital role financial institutions play in maintaining the stability, integrity, and fairness of the financial system, they have always had their share of critics. Common complaints include the following:

• The regulators exercise too much discretion, without transparency or accountability.
• The regulators are inconsistent.
• Regulators often base their findings on supervisory guidance that is not rooted in or that exceeds actual legal and regulatory requirements.
• The regulators focus on process and not outcomes.
• The regulators continually criticize the “small stuff” despite their stated aim to be risk-based.
• The regulators don’t customize their approach for smaller institutions, creating significant burden on these institutions.
• The regulators don’t have the skills or tools to address emerging areas of risk.
• The regulators don’t do enough to encourage and promote innovation and expect new applicants to be as sophisticated as those already subject to regulation.
• Cross-border collaboration among the regulators is less than optimal─requirements are not designed with international alignment or harmonization in mind.
• The regulators’ actions and supervisory approaches stifle competition.

These criticisms tend to follow patterns and cycles, often influenced by government changes and broader economic conditions. What’s striking about the current regulatory landscape isn’t that we are hearing these complaints—it’s the volume and the reach. The complaints have grown louder, more persistent, and more geographically widespread than we’ve seen in years. From the United States to the United Kingdom, from the European Union to Australia, voices across the financial ecosystem are challenging regulatory bodies to reevaluate whether their approaches are consistent with their mandates, are proportionate, and foster competition. Finding the right balance between addressing critics of bank regulation and maintaining a safe, stable financial system is a complex challenge, and there are no easy answers.

In the U.S., where the Trump administration has been the loudest, but certainly not the only, critic of financial institution regulation, we have already witnessed at the federal level the rescinding of Biden-era rules and policies, reduced consumer protection, rolling back of existing and proposed anti-money laundering (AML) requirements, agency staff reductions, and the appointment of new agency leaders intent on carrying out the administration’s priorities, from promoting crypto to cracking down on “politicized debanking” to fostering a more accommodating environment for mergers and de novo charter activity.

In the United Kingdom, a similar (although less dramatic) shift toward regulatory simplification and lighter-touch financial services regulation has emerged as a key government strategy to stimulate economic growth and foster innovation. A wide variety of initiatives across prudential capital, conduct, and regulatory reporting requirements, as well as speeding up authorization processes and reducing prospectus requirements, are intended to encourage greater investment and create a regulatory framework that is agile enough to support emerging technologies like blockchain and AI.

In the European Union, there has also been an effort to embrace lighter-touch financial services regulation as part of a broader strategy to enhance economic growth and innovation across member states. One area of focus has been reducing regulatory reporting and disclosure such as reporting frameworks for the European Central Bank, sustainability disclosures and reporting, and streamlined prospectus requirements. The regulators are also looking to encourage innovation, including through the establishment of regulatory sandboxes, changes to the Payments Services Directive 3 to allow easier licensing requirements and greater access to open banking frameworks. The challenge for EU regulators is to simplify regulations while maintaining harmonization across the member states.

The push toward lighter-touch regulation is not as pronounced in the fragmented APAC market. Regulators in the region have for some time signaled an understanding of the need to encourage innovation without sacrificing the integrity of the market, and there is a renewed focus in certain countries, such as Australia, on proportionate regulation aimed at easing the burden on smaller institutions and promoting competition.

Regardless of whether the regulatory changes we are seeing are good for the industry longer-term (and we have written previously about what happens when periods of lighter-touch regulation end), the current environment affords financial institutions in several jurisdictions a degree of regulatory relief and flexibility that they have not witnessed for a while. The way financial institutions balance business objectives with compliance considerations will have strategic consequences and will not only shape competitive positioning but also influence risk profiles, the course of innovation, and stakeholder confidence across the financial services landscape.

Global and regional industry developments

The global financial services industry is undergoing a profound transformation, with significant implications for compliance. We discuss the most significant developments (apart from the economy itself) shaping the industry below:

The AI revolution

AI is transforming risk management, fraud detection, operations, customer service, financial planning and forecasting, and more. However, the use of AI raises compliance challenges around algorithmic transparency, bias mitigation and data governance, among other issues. Financial institutions operating across borders currently must navigate a patchwork of AI regulations and jurisdictional priorities.

Digital assets and tokenization

The growth of digital assets and tokenization presents both opportunities and challenges for the financial services industry. Tokenization, for example, is unlocking new asset classes and liquidity, but as is the case with digital assets generally, there exists jurisdictional ambiguity as regulators look to catch up with market developments and provide greater clarity on their expectations for managing attendant risks, including anti-money laundering, sanctions, consumer privacy and other consumer protections, as well as operational risks.

Quantum computing

Quantum computing is poised to revolutionize the financial services industry by solving problems that are currently intractable for classical computers, promising, for example, breakthroughs in portfolio optimization and cybersecurity. Quantum computing also poses future risks to encryption standards and introduces a new level of regulatory complexity as the regulators and the industry figure out how to apply compliance standards in a quantum world. While many suggest Q Day (the hypothetical day when a quantum computer becomes powerful enough to break the encryption that secures much of our digital world) is nearly upon us, regulators are in the early stages of exploring post-quantum cryptography and resilience planning. The risks—massive fraud, market manipulation, loss of customer trust—to the financial services industry of not being prepared for Q Day are significant.

Fintech innovation

The financial technology sector is undergoing rapid transformation, driven by technological advancements, increasing consumer demand for digital financial services and evolving market dynamics. As already noted, the accelerated development of AI, blockchain adoption, stablecoins, central bank digital currencies and quantum computing technology will fuel fintech and encourage the growth of open finance, alternative lending and savings platforms. The challenge for regulators is to balance the desire to encourage innovation and growth in their jurisdictions with the need to ensure stability and consumer protection.

Embedded finance

Embedded finance is experiencing significant growth, moving beyond early use cases like “buy now, pay later” and payments integration. Lending, insurance, savings, and cross-border payments are increasingly being integrated into nonfinancial platforms—ranging from e-commerce sites to business management software and social networks. Innovations include the rise of embedded lending, where credit is offered directly within digital platforms using alternative data sources for risk assessment, and the expansion of agentic AI, real-time payments, and biometric security to enable frictionless, personalized financial experiences. Strategic partnerships between traditional financial institutions and fintech disruptors are redefining how financial services are accessed and delivered, making them more convenient and tailored to individual needs.

Private credit

In private credit markets, nonbank institutions—such as private credit funds and asset managers—provide loans directly to businesses, typically outside public markets and with fewer disclosure requirements than traditional bank lending. Over the past decade, private credit has become a defining growth story, accounting for over $3 trillion in assets under management at the beginning of 2025 and expanding rapidly into sectors like technology and infrastructure. The market’s evolution is blurring lines between public and private credit, offering more tailored financing solutions but also introducing new risks and regulatory challenges as its scale and complexity grow.

The recent collapse of First Brands Group, a major U.S. automotive parts supplier, has highlighted significant risks within the private credit market with the chair of the Financial Stability Board warning of “alarm bells” in the private credit market and cautioning consequences parallel to the 2008 global financial crisis. This translates into calls for enhanced oversight of the private credit space and portends potential additional obligations for financial institutions that manage or invest in private client funds.

Customer expectations and empowerment

Customer expectations in the financial services sector continue to evolve significantly, driven by advancements in technology, increased access to information, and a growing demand for personalized experiences and prompt and efficient customer service. Many, but not all, customers also expect enhanced digital engagement and increased access to their data. While many of these expectations increasingly are met by fintech and emerging technology, consumer protection is key to sustaining responsible growth.

Industry consolidation and ‘platformization’

There has been a surge in industry merger-and-acquisition deals in 2025, motivated by a mix of strategic, technological and regulatory considerations. Concurrently, the industry is experiencing a rise in platformization in which various services and tools are being integrated into a unified digital platform, streamlining operations and data management. Both developments present compliance challenges: M&A primarily due to integration complexities and potential cultural misalignment, and platformization because of data governance challenges, third party reliance and, in some cases, rapid platform innovation that may outpace the development of regulatory frameworks.

Sustainable and green finance

Despite waning commitments to net zero in some countries, sustainable and green finance is rapidly evolving, with significant growth in green bonds, continuing integration of ESG criteria into investment decisions, and the emergence of robust regulatory frameworks such as the EU Taxonomy Regulation and Sustainable Finance Disclosure Regulation. However, the financial industry is pushing back against some more onerous aspects of the strict disclosure requirements, standardized definitions for sustainable products and the integration of climate-related risks into supervisory practices. We expect international regulatory policy misalignment to continue, with regulators moderating disclosure requirements for smaller organizations.

National security

National security risks for the financial services industry, especially for organizations that operate cross-border, are at an all-time high. Their wide span includes economic sanctions, foreign and domestic investment restrictions, cybersecurity, supply chain risks, and critical-infrastructure protection. Financial institutions face significant challenges managing the complexity, scale and evolving nature of these risks.

Expanding cyber and fraud risk landscape

The fraud and cyber risk landscape is rapidly evolving, marked by a significant rise in identity theft, sophisticated AI-driven scams, and increased, and high-profile, ransomware attacks, which are compelling financial institutions and regulators to adapt swiftly. As fraudsters and cyber criminals continue to innovate, the regulatory landscape—and the industry—must remain agile to protect consumers and maintain trust in the financial ecosystem.

What this means for compliance and compliance planning

Why is 2026 the most unpredictable year yet for determining compliance priorities? There are just too many moving parts—compliance priorities are shifting due to political changes, global coordination challenges, technological advancements, and evolving threats. This all comes against the backdrop that compliance organizations, just as with the financial services industry at large, are undergoing a transformation.

Financial institutions are under pressure to do more with less and those that fall behind are ruthlessly punished by the stock market. Compliance functions are frequently targets of cost-cutting measures. Additionally, compliance functions are being challenged to evolve from reactive, rule-enforcing units into strategic partners that enable business resilience and growth. This transformation is largely driven by advancements in technology, such as AI and cloud, and through talent acquisition and management. Technological advancements are allowing compliance functions to introduce greater efficiency and effectiveness into their processes. Compliance professionals need to be tech-savvy to be successful in the current environment and to be strategic partners to the business. They also need to be able to navigate complex regulatory landscapes while integrating compliance into broader risk management frameworks. For many financial institutions, this transformation is likely to be difficult since compliance functions face the same challenges experienced by other parts of their organizations, including legacy infrastructures and talent constraints.

In addition to managing their own transformations, compliance functions must deal with the regulatory complexities and the ambiguity surrounding many of the issues discussed above, which will require compliance officers to make tough decisions about what their organizations can and cannot do in the future based on the limited guidance available today. They will also need to guide their organizations through this period of lighter-touch regulation and supervision, remembering that stakeholders other than the regulators—shareholders, customers and community advocates (and in the U.S., state regulators)—will continue to monitor and care about how organizations act even if the national regulators are “not watching” now—but may have a renewed interest in the future.

Here are six suggestions for compliance organizations as they plan for 2026 (and beyond):

1. Commit to repositioning compliance from a reactive, rule-following function to a forward-looking, risk-aware strategic partner. This requires redefining compliance function’s role in governance, embedding it into product development, customer engagement, and digital innovation. It also requires developing an adaptive compliance mindset and framework where instead of saying “no” (the unfair stereotypical response many expect from compliance), compliance is known for saying “Let’s figure out together how this could work.” It also means focusing on outcomes rather than processes, mirroring regulators’ new focus.
2. Reexamine your resourcing model. Transformation and technological advancements demand a new talent model. Compliance organizations must attract and retain professionals with diverse skills—legal, regulatory, data science, and tech fluency. Consider the location of compliance resources (on-premises, remote, offshore, nearshore) from the perspective of access to talent pools, cost effectiveness, and oversight and dependability.
3. Continue to align common areas of focus across the three lines of defense and ensure that overlaps with business-line controls testing, risk functions and internal audit are identified and managed in a coordinated manner.
4. Determine which of the industry developments discussed above will be impactful to your organization and integrate the compliance effort into broader business goals and risk management strategies. This involves aligning compliance metrics with business key performance indicators (KPIs), harmonizing risk appetite across departments and ensuring that compliance insights inform strategic decisions.
5. Emphasize the importance of horizon scanning and work closely with your counterparts in legal, IT, risk, and the business to ensure that regulatory foresight translates into actionable strategy across the organization.
6. Hold your ground when necessary. Compliance plays a key role in building and sustaining stakeholder confidence and trust. In the absence of regulatory pressure, the role of compliance as the organization’s conscience and ethical compass will be even more critical.

Compliance leaders must be bold to remain effective. This requires not only guiding their organizations through uncertain times but also championing a new vision for compliance that challenges legacy thinking—one that is collaborative, tech-enabled and deeply embedded in business strategy and the organization’s long-term success.