AMLA Drops Its First Real Playbook as Agentic AI Eats the Compliance Stack

A week of supervisory milestones in Frankfurt, a SaaS rebrand backed by $75 million, and a market that has quietly tripled since 2020, RegTech in May 2026 has stopped being an experiment and started looking like infrastructure.

For the better part of a decade, "RegTech" sat in the awkward space between buzzword and budget line. As of this week, that's over. Monday, 11 May 2026, the European Union's Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) made two announcements in a single day that reshape the supervisory perimeter for every cross-border bank operating in the bloc. Meanwhile, on the funding side, the most expensive compliance startups in history are scaling at a pace that finally matches the headline market estimates. And in the engine room, "agentic AI" has stopped being a slide and started showing up in production logs.

Here's what just changed, what it means, and why every Chief Compliance Officer should be reading the small print.

AMLA's Big Monday: Roadshow Findings + Cross-Border RTS

On 11 May 2026, AMLA released two artefacts that, taken together, mark the regulator's first real on-the-record positioning.

The first was the publication of the findings from the Chair's 2025 EU-wide Roadshow, AMLA's own description of its first systematic engagement with national supervisors, Financial Intelligence Units (FIUs), and private sector representatives across all 27 EU Member States. According to AMLA's own communication, the roadshow surfaced the gap between the harmonized rulebook on paper and the wildly divergent practice on the ground, exactly the gap AMLA was created to close.

The second was a public hearing on Draft Regulatory Technical Standards (RTS) for home-host supervisory cooperation. In English: AMLA published the rules that govern how a bank's home regulator and the regulators in countries where it operates branches or subsidiaries will share information, run joint inspections, and coordinate enforcement. For a global bank with operations in eight EU jurisdictions, this is not paperwork, this is the difference between being supervised eight times and being supervised once.

Why this matters now, not in 2028

AMLA does not begin directly supervising its first batch of 40 high-risk financial institutions until 2028. That's been the polite excuse for treating the new authority as a future problem. But as Jones Day flagged in its analysis of AMLA's investigatory powers, the staging is misleading. The European Banking Authority completed its full transfer of AML/CFT mandates to AMLA on 1 January 2026. AMLA confirmed in a February 2026 statement that it would be fully operational by 2028. The supervisory standards being written this year, like the RTS published Monday, are the rules that bind from day one of that 2028 cycle. Build to them now, or rebuild later.

EY's recent analysis of AMLA framed it bluntly: the authority brings promise and challenges in equal measure, but the cost of waiting is rising every quarter.

The Money Is Following the Mandate

If you've been hearing more about RegTech funding rounds lately, you're not imagining it. According to FinTech Global's Q1 2026 deal tracker, U.S. RegTech investment alone reached $2 billion across 103 deals in the first quarter, a 28% jump in capital and 36% jump in deal count year-on-year. Nine-figure rounds, FinTech Global noted, "dominated" the quarter.

The most visible name was Bretton AI, the company formerly known as Greenlite AI. In February 2026, businesswire confirmed the firm closed a $75 million Series B led by Sapphire Ventures, with new investor TIAA Ventures joining existing backers Canvas Ventures, Greylock, Thomson Reuters Ventures and Y Combinator. Less than a year earlier, the company had closed a $15 million Series A. The rebrand and the round are framed by the company as a build-out of its agentic AI platform for financial crime, supporting transaction analysis, KYC and KYB reviews, AML and sanctions investigations, and ongoing transaction monitoring.

Bretton is not alone. As reported by Sanction Scanner's annual market scan and FinTech Global's deal trackers, recent rounds include:

• IDfy, the Mumbai-based identity verification platform, closed a $52 million Series F led by Neo Asset Management.

• Napier AI secured £45 million from Crestline Investors in February 2026 to expand its AI-powered financial crime compliance platform.

• Novatus Global completed a £30.5 million round led by Silversmith Capital Partners to scale its regulatory reporting technology.

• Sphinx raised $7.1 million in seed funding for end-to-end AI compliance automation.

• Sinpex, the German AML startup, closed a €4 million round to scale its transaction monitoring solutions.

Combined UK RegTech funding crossed £100 million in the first weeks of 2026 alone, reinforcing London's position as the global venture capital hub for the category.

The macro picture, per Future Market Insights and Business Research Insights, is consistent: a global RegTech market of roughly $19–24 billion in 2025–2026 on a trajectory toward $50 billion-plus by the early 2030s. The optimistic scenarios cited by Sanction Scanner go higher, over $100 billion by 2034 on a 20% CAGR.

The Technology Story: From Pilots to Production

The capital is following a real shift in what the technology can actually do. The catchphrase of the moment "agentic AI" has a specific meaning in compliance: software agents that can chain together investigative steps (pulling a customer record, checking a sanctions list, reviewing a transaction history, drafting a SAR narrative) the way a junior analyst would, with human review at the decision points.

As FinTech Global reported in February 2026, agentic systems are now driving the next phase of AML innovation. RegTech Analyst's January 2026 outlook for KYC/AML at financial institutions identified four converging trends: a move from periodic KYC refreshes to perpetual KYC; the application of large language models, graph neural networks and advanced machine learning to monitoring, screening and reporting; the productionization (not piloting) of AI in core compliance workflows; and a tightening cost-per-alert economic equation that finally makes the business case for AI investment self-funding.

Perpetual KYC, in plain English

Traditional KYC refreshes a customer file on a calendar, every one, three or five years depending on risk tier. Perpetual KYC does it on a trigger: an ownership change, a new sanctioned counterparty, a sudden transaction pattern, a behavioural anomaly. Fenergo's recent commentary on RegTech KYC framed perpetual KYC as the only operating model that scales when ownership structures and sanctions lists are themselves changing daily, which, in 2026, they are.

The Governance Catch: The EU AI Act Is Watching

There's a regulatory subplot here that compliance leaders cannot ignore. The EU's AI Act, now fully in force, classifies AI systems used in financial crime compliance as high-risk. As regulatory analysts including Confluence and Inside Global Tech have flagged in their 2026 outlooks, that classification imposes specific obligations around transparency, human oversight, data quality, model documentation and bias testing.

For an AML team buying an agentic AI tool in 2026, those obligations now live in the procurement checklist alongside the price quote. Vendor due diligence has shifted from "does it work?" to "does it work, can you prove it doesn't discriminate, and can you produce the model card on demand?" The MDPI's recent paper on digital regulatory governance, which traces the parallel rise of SupTech tools used by regulators themselves, makes the same point from the other side: regulators using AI to supervise banks face the identical bar.

What's Coming in the Next 90 Days

Three deadlines and milestones sit on the immediate horizon.

1 July 2026, Australia's so-called Tranche 2 AML reforms extend AML/CTF obligations to non-financial sectors (real estate, legal services, accountants and trust providers, dealers in precious metals and stones). RegTech Analyst's 2026 KYC/AML outlook identifies this as one of the largest expansions of the AML perimeter in the Asia-Pacific region in two decades, and one that will pull a wave of new institutional buyers into the compliance technology market.

Mid-2026, AMLA's continuing publication of supervisory standards and RTS. Following Monday's home-host RTS hearing, expect more in quick succession.

Throughout 2026, UK's continuing reform consultations as the country builds toward a single AML supervisor for professional services firms, replacing the current fragmented model.

The Bottom Line for CCOs and CISOs

If the financial market infrastructure story of the week (covered elsewhere on FinanceX) is "tokenization is shipping," the RegTech story is its mirror image: supervision is industrializing. AMLA is building a centralized European authority on the regulator side. Bretton, Napier, IDfy, Novatus, Sphinx and Sinpex are building it on the supervised side. The two are growing into each other.

The choice for compliance leadership is no longer whether to modernize the stack. As of this week, with AMLA's first supervisory standards on the table, with $2 billion of Q1 capital placed behind agentic AI, and with the EU AI Act setting the rules of the road, the choice is whose stack to bet on, and how fast to integrate it before the 2028 supervisory cycle bites.

In Frankfurt yesterday, AMLA stopped being a future problem. The rest of the market is catching up in real time.