Post-Brexit challenges, AI regulation, data intelligence among key trends in regulatory enforcement

As financial institutions face tighter regulations, industry experts at AFME’s 8th annual conference in London highlighted the growing complexity of global compliance, showing several central areas of focus for the sector moving forward that included:

• Data intelligence
• Challenges of AI regulation
• The lasting impact of Brexit including impact on market access

Dee O'Sullivan, the Enforcement and Markets Oversight division's retail and regulatory investigations interim head at the Financial Conduct Authority (FCA), and Susie Mackenzie, Head of Legal and Regulatory Analysis at global regulatory technology firm Corlytics, conveyed a clear message - as regulators worldwide adopt more proactive, data-driven strategies, it is a must for financial institutions to rethink their approach to compliance and risk management.

The speakers offered insights into the shifting priorities of regulators, with a sharp focus on early intervention, governance failures, and the explosive rise in AI regulations. They warned that these themes will shape the regulatory landscape in the years to come and that businesses who do not adapt - risk grave consequences.

Timely data-driven enforcement: the FCA’s new weapon in the fight against financial crime 

One significant change in the FCA's enforcement strategy, as highlighted by Dee during the discussion, is the agency's growing reliance on data analytics to stop financial harm that’s growing in scope and sophistication.

“If I take data for prevention, it was 7 billion transaction reports,” O’Sullivan told the Association of Financial Markets in Europe (AFME) conference. “It is not a big enforcement outcome, but on the back of this we managed to detect significant market abuse, significant transactions that were happening in the background.” 

This shift marks a departure from the FCA’s traditional, slower response times. By leveraging vast amounts of transaction data and using AI tools, the regulator aims to detect issues before they become “full-blown regulatory breaches”.  

Dee O'Sullivan emphasised that their approach is no longer just about enforcement but about early intervention to “nip the harm in the bud”, or as quickly as possible, before it crystallises. 

This data-led strategy has become an integral part of how the FCA now approaches market oversight including active collaboration with firms, paired with strong data intelligence systems, crucial to mitigating risks in a speedy manner.  Addressing financial firms, Dee mentioned that "if you have the right data and intelligence tools, the right policies and procedures in place, we can work with you to mitigate harm and address it early on.” 

Governance failures continue to stay as a persistent compliance issue 

Susie Mackenzie reminded the audience of the difficulties businesses face with governance and compliance. “Compliance monitoring and oversight was the number one controls failure,” she noted, based on the regulatory monitoring data from Corlytics. 

Many firms are still struggling to align their governance structures with evolving regulatory demands, leaving them vulnerable to hefty fines and enforcement actions: “As our interactions with clients have shown, firms are trying their best to get ahead of the curve by implementing technology but the recurring themes we keep seeing in general are such as failures in governance, financial crime, systems and controls, and they continue to dominate regulatory enforcement actions.”

Quite often failures stem from underresourced compliance teams, a lack of effective management oversight, and poor coordination between key stakeholders within firms. The analysis of regulatory enforcement data over the past decade revealed that governance is frequently at the core of these failures. Whether it’s poor record-keeping or inadequate information management, the result is often costly enforcement actions and a damaged reputation. 

The post-Brexit regulatory tightrope intensifies

Looking into a ‘crystal ball’, there is a variety of themes that continue to be of significance. Among them, Brexit continues to cast a long shadow over the regulatory environment in Europe, and financial institutions are increasingly feeling the pressure. Susie Mackenzie mentioned the growing challenge for UK-based firms in accessing new markets due to the shifting rules with Brexit: “The post-Brexit unwind is something that is affecting and will be affecting banks significantly. There’s an element of the walls closing in somewhat on financial institutions, and we’re still understanding the full ramifications.” She pointed to the impact of upcoming regulations like CRD6, which limits the ability of third-country firms, particularly those based in the UK, to access European markets. For financial institutions, this means adapting not only to local regulations but also to new rules that could restrict cross-border operations. “The ramifications of Brexit will likely become more pronounced in the next few years,” urging firms to stay alert to changes and ensure their compliance strategies are robust enough to handle these new market barriers.

There is a spike in AI regulation. But how do you regulate machines?

AI is another frontier that regulators, especially the FCA and the European Union (EU), are trying to tackle head-on. Susie Mackenzie noted that the Corlytics regulatory monitoring system has shown a “huge spike” in AI-related regulations across multiple jurisdictions. With the EU leading the charge through its AI Act - the first global attempt to regulate AI - financial institutions will need to adjust their compliance frameworks to account for the use of machine-learning algorithms and automated decision-making: 

“AI raises a lot of very interesting questions. First and foremost, it is how do you regulate machines? We’ve seen the FCA regulate people, but AI introduces new complexities that regulators are just beginning to address.” The FCA has already issued policy updates on AI, and Mackenzie urged firms to familiarise themselves with these developments: “if there’s one paper to read on this topic, I recommend the FCA’s AI update from earlier this year.” This update highlights the FCA’s concerns around transparency, accountability and bias in AI systems, i.e. issues that will likely drive future enforcement actions. 

The future will be defined by speed of action and proactivity

As the regulatory environment becomes more complex, the panelists agreed that firms will need to adopt more proactive approaches to compliance and risk management. Gone are the days when companies could wait for regulators to flag issues. Instead, firms are expected to anticipate risks, manage them preemptively, and foster a culture of compliance that extends throughout the organisation. “Regulators globally are looking for more open and interactive dialogue with firms,” Mackenzie concluded. “It’s about getting ahead of the curve and making sure your governance structures are in place when regulators come looking.” 

For firms operating in this new regulatory reality, investing in data analytics, strengthening compliance and governance functions, and keeping a close eye on evolving AI regulations becomes crucial. The costs of failing to do so are steep, and the window for getting ahead of these changes is narrowing.