Risk and Compliance Research Outlook
    Reshaping Risk & Compliance in 2026
    1st January 2026
    //Risk and Compliance Research Outlook

    In 2026, five forces are reshaping how financial institutions run their risk and compliance functions. We discuss these in our Risk and Compliance Previsory Webinar, and they describe where the market is heading and how banks, insurers, and capital markets firms should adapt. They form the backbone of our 2026 research agenda:

    • Agentic AI is the ROI engine of GenAI.
    • An Integrated AFC Technology Stack is the institutional answer to industrialized financial crime.
    • Regulatory divergence is the catalyst for modernizing regulatory change management.
    • Digital-asset risk is a new fourth pillar of anti-financial crime
    • Operational resilience becomes a business strategy, as well as a regulatory necessity.

    These trends were distilled from conversations with risk and compliance executives. They constitute several concurrent structural shifts that demand changes in R&C in processes and technology. There is one overarching theme to these changes:

    Risks are increasingly interconnected, increasing in velocity, and crossing traditional boundaries. The tools used to manage risk are no longer adequate for the changing risk landscape.

    Agentic AI will push risk functions beyond workflow automation The most material technology trend for 2026 is the emergence of Agentic AI. GenAI’s co-pilot era is being replaced by systems that plan, reason, and execute with minimal human intervention. Initial pilots from 2025 will evolve into full deployments for AML investigations, KYC reviews, and regulatory change management. Governance questions—what is AI allowed to decide, and how are those decisions supervised—will become central to implementations and purchase decisions. When AI becomes a delegated actor, it changes more than processes. It changes the operating model of risk and compliance.

    Financial crime has industrialized—and so must the response Fraud and money laundering are now run as global, technology-enabled enterprises. AI-native criminal networks automate social engineering, exploit synthetic IDs, and rapidly shift funds through tokenized rails. Banks will respond by accelerating their shift toward an Integrated AFC Stack: unified data pipelines, consolidated analytics, and shared operational processes across fraud, AML, cyber, and digital-asset risk. AI will move out from efficiency enhancement to being primarily concerned with behavioral prediction, identifying risk patterns earlier and with more context. Regulatory divergence ends the illusion of global policy consistency In 2025, the U.S. accelerated deregulation—including friendlier oversight of AI and digital assets—while Europe tightened controls under the AI Act and Asia pushed forward with pro-innovation guidance and, in some markets, explicit expectations to use AI to manage risk and combat financial crime.

    This regulatory divergence requires institutions to operate under multiple regulatory regimes simultaneously. It increases the demand for regulatory-change automation, jurisdiction-specific model governance, and ERM platforms capable of handling granular policy variations. AI will be central to making all those possible.

    Managing digital-asset risk becomes a standard component of AFC operations In 2025, MiCA, the GENIUS Act, and the Hong Kong Monetary Authority put regulatory frameworks in place for digital assets. In 2026 digital-assets and digital risk will move into the mainstream. Tokenized bank deposits and FI-issued stablecoins will begin to play a high-value role in cross-border payments. As these rails gain adoption, AFC teams will broaden their surveillance to these new payment rails, and they will need a new set of tools to do so. Crypto-AML investigative tools like TRM and Chainalysis will be a pervasive part of anti-financial crime technology. See our solutionscape of these providers here.

    Operational resilience will become a business-line responsibility Following the completion of major DORA milestones in 2025, operational resilience will shift from being a compliance program to a business-line obligation. In 2026, business executives will attest to their operational durability, while risk and compliance functions will provide oversight and assurance rather than day-to-day implementation. The need for flexible, automated control monitoring, and real-time visibility into operational dependencies will reinforce the need for data-centric ERM systems and data architectures. Resilience is no longer, “Did we meet the regulation?” It becomes, “Did we protect revenue and profit?”

    A note on data and what is coming next Much of the statistical insight underlying our research agenda comes from Celent’s annual Dimensions Survey, which reflects the perspectives of 200+ global risk and compliance executives. We will publish the 2026 edition of the survey in March, and its findings will confirm (or dispute) these trends across enterprise risk management, anti-financial crime modernization, digital-asset risk, and the evolution of agentic operating models.

    Have a question?
    Try speaking to one of our experts
    Contact us
    Information
    Sign up for industry updates
    Stay up to date on Celent's latest features and releases.
    Sign up