From Box-Ticking to Brain Power: RegTech's June 2026 Coming-of-Age Story

With AMLA holding its first conference in Frankfurt, DORA's grace period over, and perpetual KYC becoming the de facto default, the compliance industry is no longer a cost centre. It's the operating model.

There are years in compliance where nothing happens, and weeks where decades happen. June 2026 has been one of those weeks.

In a single fortnight, the EU's new Anti-Money Laundering Authority (AMLA) hosted its inaugural conference in Frankfurt, supervisors across Europe quietly transitioned from informal DORA tolerance to active enforcement, supervisory technology vendors rolled out their first production-grade AI tools, and the global banking industry effectively retired the periodic KYC review. Each of these would be a top-of-mind story on its own. Together, they tell a single, larger story: RegTech in 2026 is no longer a vendor category. It is the way modern financial institutions stay alive.

AMLA's Frankfurt debut: a regulator finds its voice

On 9 June 2026, the Authority for Anti-Money Laundering and Countering the Financing of Terrorism held its first conference at the Alte Oper in Frankfurt am Main. Hosting your inaugural event in a 19th-century opera house is, as branding goes, intentional. AMLA wants to be heard.

According to AMLA's own announcements, the agency followed up on 10 June with a webinar on the identification of obliged entities eligible for direct supervision, the precursor to the 40 high-risk financial institutions AMLA will directly supervise from 2028. The timing matters. As of 1 January 2026, the European Banking Authority (EBA) completed the transfer of all its anti-money laundering and counter-financing-of-terrorism mandates to AMLA, according to AMLA's official communications. That handover was not symbolic. It made AMLA the sole pan-EU AML supervisor, with the mandate, staffing, and

political backing to behave like one.

The consultation backlog turns into a rulebook

Earlier this year, on 9 February 2026, AMLA launched three consultations on draft regulatory technical standards (RTS), as reported by Hogan Lovells: one on customer due diligence; one on criteria for identifying business relationships, occasional and linked transactions, and lower thresholds; and one on pecuniary sanctions and harmonized supervision for the non-financial sector. Two of those consultation windows closed on 8 May 2026. The non-financial sector consultation closed on 9 March 2026.

What comes next is the part the industry has been waiting for: AMLA must issue guidelines on ongoing and transaction monitoring by 10 July 2026, according to analysis from Moody's. That guideline package is expected to tighten supervisory expectations on what "effective" monitoring actually looks like, and the working assumption among compliance officers is that the days of periodic, snapshot-based reviews are numbered.

Perpetual KYC: the default, not the differentiator

Speaking of which. The single most consequential operational shift in financial-crime compliance is now no longer hypothetical. In a 15 May 2026 piece for Fintech Global, the industry consensus was crystallized: banks face rising risk as perpetual KYC becomes standard. The 2026 question, as TrustSphere.ai's industry analysis put it this spring, is no longer whether to migrate to perpetual KYC, but how to sequence the migration and how to demonstrate it to the supervisor.

According to Capgemini and Fenergo research, firms implementing perpetual KYC frameworks can reduce maintenance costs by as much as 40% while improving risk detection. Major core-banking and onboarding platforms have built event-driven trigger frameworks into their 2026 releases, and large-bank deployments are reporting double-digit reductions in review-team headcount alongside materially better risk outcomes.

The shift has a regulatory tailwind. In 2024, the UK's Financial Conduct Authority (FCA) imposed more than £176m in financial crime-related penalties on UK banks, underscoring the gap between supervisory expectations and the legacy "review every two years" model. Continuous, event-driven monitoring is no longer the moonshot, it is the floor.

The vendor landscape consolidates

The global perpetual-KYC vendor landscape has matured from point solutions into end-to-end operating models, according to ACAMS's 2026 best-practice guide. The cost-benefit case has become unambiguous, and the conversation in procurement has shifted from "do we believe in this?" to "which provider and how fast?"

DORA's grace period ends, and the bills start arriving

If AML/KYC is the slow-motion overhaul, the Digital Operational Resilience Act (DORA) is the wake-up call.

According to coverage from Regulation-DORA.eu published this spring, national competent authorities across the EU are now conducting active enforcement reviews, cross-checking Register of Information data automatically, and issuing the first compulsion payments. The informal tolerance period that characterised 2025 DORA supervision is finished. 2026, in the words of one DORA analyst, "marks the transition from paperwork compliance to proof of operational resilience."

The penalty framework is not subtle. Non-compliant organisations face fines of up to 2% of global annual turnover or EUR 10 million, whichever is higher. Senior management can face personal fines up to EUR 1 million for compliance failures.

The grim part: according to Deloitte research circulated this year, only 50% of institutions expected to reach full compliance by end of 2025, with a further 38% pushing their target into 2026. That means nearly half of all regulated entities are entering the enforcement phase with known gaps, and supervisors know it.

SupTech grows up

While the rule-takers scramble, the rule-makers are upgrading their own toolkits. On 12 May 2026, SQL Power Group announced the launch of SupTech AI, an AI-powered supervisory technology suite integrated into the company's flagship SupTech Hub. According to the company's press release covered by the National Law Review, SupTech AI is a secure, on-premise solution that operates entirely within a regulator's own network, with role-based access controls, complete auditability of AI outputs, and rigorous model validation.

The use cases are sweeping: prudential supervision, fit-and-proper assessments, market conduct surveillance, AML/CFT monitoring support, and risk-based determination of onsite examination priorities. In plain English: regulators are getting machine-learning systems that can read regulatory filings, flag anomalies, and prioritize examination schedules at machine speed, and they are now buying these tools in production form, not as research projects.

The implication for regulated firms is straightforward and a little uncomfortable: the supervisor's analytical bandwidth is about to expand significantly, and the cost of submitting messy, inconsistent, or incomplete reporting just went up.

The funding side: investors are paying attention

The capital markets noticed early. According to FinanceX Magazine's own coverage of the sector, RegTech deals have dominated fintech funding in the first half of 2026 as AMLA launches, AI compliance specialists like Norm AI scale, and perpetual KYC replaces legacy controls.

Recent funding activity reflects the trend. On 4 March 2026, Vivox AI secured £1.3m, according to FinTech Global, to expand its AI agents focused on AML and KYB compliance. It's a small round, but it's a representative one: a thin, fast, AI-first compliance startup raising at meaningful valuations because the market knows the incumbents must respond.

The bigger forecast number: the global market for AI in RegTech is projected to reach $3.3 billion by 2026, growing at a compound annual growth rate of 36.1%, according to widely cited industry estimates compiled by AML Watcher and RegTech Analyst.

The bigger picture: compliance as competitive advantage

Step back from any individual headline this month, and the pattern is clear. Regulators are getting more powerful, faster, and better instrumented. The penalty regimes, DORA, AMLA, FCA financial-crime enforcement, are now serious enough that the cost of underinvestment in compliance technology exceeds the cost of building it. And the technology itself has reached the point where perpetual, event-driven, AI-augmented compliance is no longer aspirational.

For chief compliance officers and chief risk officers reading this in June 2026, the brief is short: the institutions that treat compliance modernization as an IT line item will spend the second half of the decade explaining themselves to regulators. The ones that treat it as a strategic investment will spend it onboarding the customers their competitors can't.

The opera house in Frankfurt was a hint. The aria has started.