In 2024, regulatory failures had cost companies over US$4.5 billion in fines. This led senior management to rethink compliance as a necessity and forced companies to change and evolve from considering ‘regulating’ as an active verb rather than a noun.
Both regulation and regulating impact compliance by creating a legal and procedural framework, within which organizations must operate to meet required standards and avoid penalties.
- ‘Regulation’ provides a mandatory set of expectations and legal requirements (the “what”).
- ‘Regulating’ involves enforcement, supervision, and management of these requirements (the “how”).
- Compliance is the outcome achieved when organizations align policies, processes, and behaviours with these regulations through regulating actions. Compliance is essentially adherence to these externally imposed requirements.
Regulation is the authored framework, or “rulebook”, imposed to govern financial entities. Regulating is the continuous practice and enforcement of rules by authorities to ensure financial services are compliant and safe.
In the financial ecosystem, both are essential for protecting customers, preventing fraud, ensuring transparency, and maintaining trust in banks and related financial services. Here’s how:
Regulation (as a noun):
- It refers to the set of formal laws, rules, and frameworks laid down by governing or regulatory bodies to control and govern financial institutions and activities.
- These are legally binding and aim to ensure market stability, protect consumers, prevent fraud, and maintain overall financial system integrity.
- It specifies what is allowed and what is prohibited for institutions such as banks, insurance companies, and other financial entities.
- Examples include: prudential regulation (capital requirements), conduct regulation (fair treatment of customers), market regulation (fair securities trading), and AML/CFT compliance (anti-money laundering and counter-terrorism financing).
- Regulatory bodies do enforce these rules and have the authority to penalize violators.
Regulating (as a verb):
- The active process of implementing, supervising, monitoring, and enforcing these regulations.
- It involves actions taken by regulatory authorities, such as on-site inspections, reviewing firms’ practices, monitoring transactions, and ensuring compliance with laws.
- Regulating aims to detect, prevent, and address misconduct, fraud, or risks in real time to maintain the health of the financial system.
- It is ongoing and dynamic, adapting rules as needed based on market developments/emerging risks.
At the crossroads of business and technology, ‘regulating’ and ‘regulation’ have become critical to support innovation and growth of industries at a global level. While at first glance, both look interchangeable, they carry distinct values. As we evolve in an era of technological advancements, particularly with AI and blockchain, understanding the difference remains significant and central to how businesses operate within modern economies.
Industries such as technology, healthcare, and sustainability require quick compliance actions to stay ahead because of rapid developments in the sector. Without active regulation, which involves continuous monitoring and adaptation, businesses risk falling into compliance gaps.
To address these loopholes, regulators must treat regulation as a moving process. This must involve regular audits and leveraging technology to monitor compliance in real-time. By focusing on dynamic regulation, industries can align with societal goals, mitigate risks, and encourage innovation.
For 2025-26, new regulations shall mostly influence compliance controls related to data protection, cybersecurity, financial reporting, risk management, and operational controls.
Compliance controls impacted include:
- Technical controls such as firewalls, encryption, access controls, and data loss prevention to protect sensitive information, especially with evolving privacy and cybersecurity regulations like GDPR and HIPAA.
- Financial controls and reporting processes driven by updated laws like Sarbanes-Oxley (SOX) and other financial regulatory changes.
- Risk management controls that monitor compliance across multiple departments and jurisdictions, integrating regulation updates into operational activities.
- Continuous monitoring and audit controls that detect and respond to compliance gaps promptly in the face of constantly changing rules.
- Controls related to employee behaviour monitoring and third-party/vendor management as regulations broaden their scope.
- Digital and AI-enabled compliance automation tools are increasingly adopted to keep pace with rapid regulatory changes.
Overall, new regulations typically drive updates in the controls that secure sensitive data, ensure accurate reporting, manage risks organizationally, and automate compliance monitoring to reduce human error and have accelerated response measures.
In the evolving world of compliance, staying constant creates more problems than it tends to solve!