Global regulations form a patchwork quilt, each jurisdiction stitching its own rules with distinct threads of law, culture, and intent. This fragmentation burdens firms with spiraling costs and compliance risks, as they grapple with inconsistent standards and relentless updates. Could RegTech — fueled by AI, automation, and analytics — offer a way to harmonize this chaos into a manageable whole? The answer hinges on whether technology can bridge the gaps in a world where borders still dictate the rules.
A big step for any company looking to expand globally is being to get fully to grips with the global regulatory landscape – understanding what is possible and how. Areg Nzsdejan, founder of Cardamon, stressed that every compliance leader knows the pain of expansion.
He said, “You’re launching a product into three new markets and suddenly you’re juggling five regulators, nine overlapping rulebooks, and a spreadsheet that’s grown into a monster. The regulations might be addressing the same underlying risks – but the wording, expectations, and reporting obligations vary just enough to require weeks of legal review and months of operational planning. This is the reality for regulated firms operating across borders. Fragmentation isn’t a surprise. It’s the default.”
Enter the democratisation of AI. For Nzsdejan, this is now allowing companies to manage this much more effectively. GenAI is now able to parse hundreds of pages of regulation across jurisdictions and languages – and extract obligations with context. “On top of that, knowledge graphs connect obligations to internal policies, controls, products, and entities – so you’re not just reading rules, you’re applying them across your organisation,” he said.
These technologies together, Nzsdejan mentioned, form the backbone of what Cardamon is building.
He said, “It’s not about replacing legal & compliance teams – it’s about giving them superpowers. Our platform enables global firms to trace a regulatory change from a foreign-language consultation paper all the way through to a control gap in their payment flow.”
One of the core challenges, explained Nzsdejan, is that regulators often speak in slightly different dialects – even when they’re regulating the same thing. “KYC in the EU is not the same as AML in Singapore. Suitability in the UK might overlap with investor protection in the US – but the standards, tests, and expectations aren’t interchangeable,” he said.
He added that good RegTech platforms abstract this complexity by leveraging GenAI to extract similarities and differences – of course, the infrastructure has to be in place, the correct tools have to be applied, and the context has to be spot on. It’s not about boiling the ocean or forcing convergence. It’s about surfacing the 80 percent that’s harmonizable – and flagging the 20 percent that’s jurisdiction-specific.
For Nzsdejan, the biggest pain points in cross-border compliance today include duplicated efforts across local compliance teams, manual and inconsistent regulatory interpretations, language barriers and need for local expertise to deal with nuances, no central view of how global obligations are implemented and difficulty keeping product and policy teams aligned across markets.
He stated, “Many firms rely on consulting reports, local counsel, or PDF trackers to fill the gaps. But these approaches don’t scale, and worse – they often result in divergence between what the business thinks is happening and what the regulator expects.
With AI-powered platforms, firms can finally get a single source of regulatory truth – and tie that directly to controls, product specs, and even training materials.”
Is regulatory convergence coming? In some areas, Nzsdejan believes so. “In some areas, yes – think Basel III, FATF, IOSCO principles, and the EU’s push toward pan-European regulation. But in practice, fragmentation is not going away – after all, local regulators, whether state or country level, aren’t paid to just adopt pan-country level guidelines. If anything, we’re seeing regulators adopt shared goals but implement them in wildly different ways.”
The smart money, claims Nzsdejan, isn’t betting on harmonisation. It’s investing in agility – the ability to adapt quickly to whatever shape the regulation takes, wherever it comes from.
He remarked, “That’s the model we’ve built Cardamon around. One that lets global compliance teams act local without starting from scratch every time.
Global compliance isn’t about translating rules. It’s about translating intent – and turning that into repeatable action across your business. With the right tech stack, it’s no longer an impossible ask.
“The firms who win in this space won’t be the ones with the most headcount. They’ll be the ones with the clearest source of truth – and the shortest path from regulatory change to business action”
Return to fragmentation
After years of global regulatory alignment, we are seeing a return to a more fragmented market in terms of global standards, said global head of RegTech sales at ACA Group Marc Salter.
He said, “Not only are there different frameworks in force but implementations are increasingly inconsistent thus introducing operational complexity for global firms. Timelines for adopting regulations often vary, with the US, UK and Asia rolling out key regimes at different times. ”
Many countries, he stressed, have introduced local regulations with wider ramifications such as EU’s GDPR and US sanctions, which compel non-local institutions to comply with domestic rules in multiple jurisdictions. This leads to duplicated compliance efforts, higher costs, and potential for regulatory arbitrage, claims Salter.
He continued, “A good example has been digital assets – which have fragmented rulebooks, and different regions have set different priorities without being truly coordinated. Firms are turning to technology to help address the increased fragmentation and challenges to their business models. Technology provides the ability to automate, scale and adapt to the new challenges being faced.”
Such technologies raised by Salter include cloud-native systems, AI and ML, and compliance monitoring
He said, “The use of these technologies help firms to identify the similarities across global regulations and where there are potential pain points due to the divergence. Firms are faced with deploying multiple standards or adopting the highest bar in order to address this challenge.”
The biggest pain points in cross-border compliance, Salter stresses, stem from the complexity, inconsistency and rapidly changing environments of global regulations.
He said, “This is exacerbated by operational, technological and in some cases cultural challenges. AML/CFT, data privacy are two areas where each country has it’s own requirements forcing firms to navigate sometimes overlapping and in cases contradictory rulesets. Regulatory change is also happening at a pace unseen before leading firms to jump from project to project and being more reactive than proactive.
Data Privacy laws, like GDPR and emerging laws (India’s DPDPA-2023) restrict how data can be stored and transferred across borders, complicating global operations and increasing compliance costs. Some regulations such as EU Privacy laws apply beyond their borders, requiring firms to comply with foreign rules even for non-local activities.”
For Salter, this increased complexity then brings added risk into a compliance program. Manual country-specific programs are more complex, slower to adapt and thus become outdated quickly, he said.
Salter continued, “This lack of harmonization increase the operational and regulatory risk thus meaning firms must invest in agile technology, local expertise and continuous enhancements to manage challenges effectively but do come at a cost to the business.
Fragmentation is the dominant trend in the regulatory landscape and is expected to remain so for the foreseeable future. Whilst some regional harmonization will occur the geopolitical landscape is driving further divergence.
“Firms will need to remain agile in their approach to compliance roll outs. There will not be a one sized fits all approach and programs will need to be specific to the firm in question. Firms will be faced with cost pressures and need to balance the cost of compliance vs potential revenues,” Salter concluded.
A big opportunity
According to South African RegTech RelyComply, the financial world being more connected is a great thing for anti-fincrime collaboration, but only if everyone moves in the same lane with the right technology to hand.
The firm said, “Managing billions of cross-border payments is difficult, not just from a data processing standpoint. Each jurisdiction adheres to varying AML rules, particularly where resources to instil nationwide regulatory standards are lacking, as well as the use of beneficial ownership databases or insubstantial links to law enforcement to clamp down on terrorist financing, laundering, human and animal trafficking and other heinous crimes.”
Such high-risk areas with security risks, large transaction fees, diverse cultural challenges, third-party data usage, and time delays can all wreck the reputation of world-serving financial institutions and make the ever-growing need to build cooperative AML relationships far more difficult, said RelyComply.
On top of this, cross-border requirements in some geographies are getting more stringent (the EU’s Instant Payments Regulations, for instance) and could exclude some firms from breaking into specific markets compliantly, hindering the ecosystem’s innovative progress, said the company.
To deal with other areas such as digitalisation, cryptocurrencies, tokens, and blockchain technology, these pose exploitation avenues for criminals, yet they can also provide secure, low-cost, and auditable ways to manage cross-border payments.
RelyComply remarked, “While that exists in a regulatory grey area, instead, firms must heed the 40 Recommendations of the FATF, which calls for ongoing KYC, real-time transaction screening and monitoring, and risk reporting that maintains the speed and quality required of modern AML and counter-terrorism practices. Such guidelines are close to a global standard in our diverse financial ecosystem. In addition, it takes a more proactive adoption of RegTech everywhere to develop robust AML policies, communication channels with relevant authorities, and partnerships that bolster unified strategies that can identify fraudulent behaviours across borders.”
The company added that it believes legacy platforms are not adept at catering risk-based solutions to region-specific threats. More innovative tech-driven systems democratise AML, helping sector-wide businesses understand and adapt to varying rules and regulations to protect their integrity and the worldwide financial infrastructure.
The firm finished, “Fragmentation is still an issue, but RegTech can connect ties using sector-specific platforms built to share intelligence and provide cost-efficient compliance for every regulator, agency or institution committed to stopping crime.”
The layered approach
RegTech FullCircl outlines that it believes it is playing a key role in enabling multi-jurisdictional compliance with tools including identity verification, KYC/KYB, fraud assessments, ongoing monitoring and credit risk screening.
How can RegTech platforms map and normalise differing legal standards? For FullCircl, it believes companies are best placed to combat the patchwork of global regulations by employing a layered strategy — and RegTech platforms like FullCircl, it states, are at the forefront.
It said, “We provide API access to 400+ data sources (corporate registries, telcos, utilities, government databases) across 50+ countries. This breadth enables a unified dataset underpinning regulatory normalisation. We also have configurable rules engine to interpret and normalise disparate legal standards though custom workflows – KYC, KYB, AML, IDV. So, thresholds can be mapped across jurisdictions to ensure consistent experience.”
The company also offers end-to-end onboarding, normalising and automating regulatory checks so that customers experience a seamless compliant workflow regardless of jurisdictional variance. “We also continuously refresh compliance checks and legal standards to ensure compliance with all jurisdictional changes,” it said.
What are the biggest cross-border compliance pain points? Here, FullCircl said that the cross-border payments market has surged over recent decades because of increased mobility of goods, service, capital and people. But there are significant compliance challenges to overcome, especially in terms of commercial cross-border payments.
The firm said, “Tech-based data-driven improvements to enhanced due diligence (EDD) hold the key to resolving the biggest pain points impacting cross-border payment success.
“The complexity of financial crime remains a huge challenge for cross-border payment. Combined with rapidly evolving geo-political events and sanctions, regulated businesses are increasingly taking a risk-based approach to move beyond standard customer due diligence to enhanced customer identity assurance.
“A tech-based and data-driven approach is vital here, automating routine tasks and analysing vast volumes of data to improve the precision and efficiency of risk and compliance processes, therefore driving faster, cheaper and more efficient cross-border payment processes.”
For FullCircl, it believes that regulatory fragmentation is likely here to stay, at least for the foreseeable future.
They explained, “While there are pockets of regulatory convergence, especially in financial crime prevention (like AML/KYC), the global trend still leans heavily toward divergence, driven by politics, sovereignty, national risk appetites, and technological disparities. Looking ahead, areas where we can expect to see more convergence are AML, KYC, cybersecurity disclosures, sanctions enforcement, and sustainability disclosures.”
AI as a vital importance
To track multi-jurisdictional compliance, firms deploy AI to increase speed and accuracy of results, said Supradeep Appikonda, COO and co-founder at 4CRisk.ai.
He said, “The traditional manual method is to monitor regulations, including upcoming changes, by performing regular scans of all relevant sites and sources for regulations, rules, laws and standards applicable to their organizations to determine what truly applies. Teams research and corelate changes to laws, regulations, rules and standards applicable to their organizations by reviewing alerts and notifications from agencies and regulatory sources.
Going from here, the firms then need to gather and curate regulatory intelligence from feeds, emails and guidance, he said. “Finally, teams need to manually organize changes by topics and understand which alerts are actually in scope for their organization. That’s a huge manual burden, costly and error-prone – and it’s simply not sustainable,” said Appikonda.
Through using technologies such as AI-powered horizon scanning, teams are able to proactively monitor, track and respond to global regulatory updates with unmatched speed and accuracy — by AI that is 10, 20 or 50 times faster and can completes tasks with greater accuracy.
Appikonda continued, “For example, AI can scan, extract and parse of large and complex unstructured and structured data (including PDFs) to identify and summarize changes to regulatory requirements and identify obligations.
“In particular, AI can search authoritative sources and specific regulatory agencies, to identify regulations, rules, laws, standards, guidance and news. Ai can build curated rule books applicable to a specific organization and finally, generate business obligations, merged across similar sources, aligned with an organization’s legal requirements.”
He went on to say that AI can reduce noise, while enhancing the relevant signals, minimizing information overload through domain-aware tagging, filters and classified alerts based on a firm’s industry, geography, business hierarchy and risk profile.
For Appikonda, what are the biggest pain points in cross-border compliance today?
He explained, “Proper management of international data transfers has become one of the most challenging and costly compliance hurdles in cross-border compliance. The risk isn’t limited to tech giants and large organizations — any company that handles personal data globally is under a microscope and fines of all sizes are issued frequently.”
The 4CRisk.ai COO gave the example from 2023, where Meta’s €1.2 billion fine set the stage for aggressive GDPR enforcement. Meta was found in violation of GDPR Article 44, unlawfully transferring data to the U.S. without sufficient safeguards.
Is regulatory convergence here to stay? For Appikonda, the intersection of AI technology and regulatory compliance presents both challenges and opportunities for fostering regulatory convergence. While compliance teams must remain vigilant about the risks associated with AI, they are also embracing its capabilities to enhance their end-to-end regulatory strategies.
He said, “Fragmentation of processes raises risk by increasing the holes between processes where critical steps can break down. By leveraging AI tools to assess non-compliance impacts and streamline processes, organizations can ‘connect the dots’ and battle fragmentation, which ultimately, protects firms while fostering innovation.”
Challenging task
RegTech firm AscentAI believes that for global firms, the ability to confidently and accurately identify, prioritize, and address all of the regulatory developments happening in real-time is a constant and very difficult task given the sheer scale of information being produced by regulators every day.
The firm remarked, “Fortunately, AI technology can be a great force-multiplier here, enabling firms to rely on automation to do the heavy lifting so they can focus their time and teams on decision making and action. At the strategic level, horizon scanning tools like AscentHorizon can be tuned to monitor, capture, aggregate, and filter information from global regulators into a single source of truth.”
The company said teams are able to leverage the aggregated regulatory information, tailored to their specific interests, to get a sense of what might happen what will happen that they need to be aware of and potentially have to do something about within their business operations. It’s a way for them to triage information more efficiently and be more proactive. In addition, as regulations (and their underlying requirements/obligations) change, firms need to operationalize changes quickly and confidently within their enterprise.
“Tools like AscentFocus can automate the most arduous parts of regulatory change management, using AI to break down regulatory documents into specific obligations and assessing applicability within the firm’s obligations list to identify the changes that actually apply to them, along with downstream policies and controls in their GRC. Ai powered regtech tools are well positioned to enable firms to think and act both strategically and tactically about regulatory evolution,” said AscentAI.
Sophisticated blend
In the view of Kate Horgan, head of US business development at Zeidler Group, we are seeing an increasingly sophisticated blend of automation and legal intelligence driving multi-jurisdictional compliance.
She said, “But technologies alone aren’t enough what’s truly enabling compliance at scale is the fusion of legal technology with expert legal and compliance oversight. Platforms that keep lawyers in the loop can offer both real-time insight and contextual interpretation and that is at the heart of what we do at Zeidler Group.”
The two biggest pain points in Horgan’s mind are fragmentation and change velocity. On the first one, she stated that rules differ not only between regions, but often within them. For the second she remarked that staying ahead of constant updates across dozens of regulators is daunting.
“Automation helps, but clients still need clarity on what those changes mean for their specific structure or product. That’s why we invest in tools like our Global Knowledge Hub, updated in real time by our regulatory team with a direct line to our lawyers and regulatory experts for client-specific queries,” said Horgan.
Is regulatory convergence on the horizon, or is fragmentation here to stay? In this area, Horgan outlined that some thematic alignment is emerging especially in areas like ESG, AML, and AI but deep convergence remains unlikely.
She finished, “Even where global standards exist, local implementation and enforcement diverge. Fragmentation, for now, is the reality and the challenge is building systems that can intelligently navigate and adapt to it. Until we see meaningful political alignment across jurisdictions, compliance will remain a multi-lane road, not a single track.”
Juggling act
Joseph Ibitola, growth manager at Flagright, explained that many global firms juggle privacy, AML and consumer-protection statutes that rarely align word-for-word.
He said, “Effective RegTech systems therefore rely on two ingredients: natural-language processing to extract obligations from each new law, and a common taxonomy that maps equivalent concepts across jurisdictions. This lets local teams toggle jurisdiction-specific requirements while the organisation maintains one coherent control framework.”
Ibitola remarked that Flagright implements this approach by linking new obligations to a shared knowledge graph; the same graph feeds policy templates, monitoring rules, and evidence collection so that reporting packages differ only where the underlying law truly diverges.
He added, “The thorniest pain points remain data-residency clauses and conflicting reporting deadlines, and we do not expect global convergence in the near term. The pragmatic answer is modular, API-first infrastructure that can absorb new regional statutes quickly yet still roll up consolidated reporting to headquarters, reducing the time spent re-tooling each time a new jurisdiction introduces its own twist on familiar principles.”
Multi-org deployment
One particular area providing significant benefits for firms is multi-organisation deployment.
According to Blanca Barthe, head of product marketing at Napier AI, multi-org offers substantial benefits for firms navigating fragmented global regulations, enabling them to operate with agility across jurisdictions while maintaining governance and control.
She said, “By allowing each entity within a group to configure compliance rules, risk thresholds and workflows according to local regulatory requirements, multi-org architectures reduce the complexity of cross-border compliance.
“At the same time, they support centralised oversight, streamlined reporting and consistent policy application across the enterprise. This structure helps firms manage regulatory divergence more effectively, improve audit readiness and scale their compliance operations with confidence. Napier AI supports this approach with flexible deployment options designed to meet the needs of global financial institutions.”
Fragmented AML and Crypto
For Darragh Hayes, CEO of LEI Worldwide, global AML and crypto regulation is fragmented — especially when it comes to the FATF Travel Rule.
He said, “Different countries have rolled it out with varying timelines and standards, which creates a mess for cross-border compliance. One way to bring order is through identifiers like the Legal Entity Identifier (LEI). FATF’s updated Recommendation 16 now explicitly supports the LEI for identifying senders and beneficiaries when they’re legal entities. That’s a big step. ”
Hayes concluded by stressing that the LEI gives firms a consistent, recognised way to verify parties — no matter where they’re based. Tools like the LEI and ISO 20022 are helping RegTech platforms map differences and simplify reporting.
“We might not get perfect regulatory harmony soon, but interoperability is possible — and that’s where the LEI really delivers,” said Hayes.
