By Julia Chong

Banks are undoubtedly under pressure to respond to rapid changes in the governance, risk, and compliance landscape, especially under the current climate of global geoeconomic instability arising, not at the least, from the US-Iran war and ongoing Russian-Ukraine conflict. The lines of defence must respond and transform compliance functions from cost centres into strategic value centres for business growth.

One of the key takeaways from Boston Consulting Group’s Tech in Banking 2025 survey is that treating regulatory compliance as a resilience-building opportunity (read: not a cost) can create a powerful competitive edge. For this to happen, banks today must make the leap and redirect a sizeable portion of their tech investment from ‘run-the-bank’ (RTB) initiatives – core activities such as running existing applications in the cloud – toward more ‘change-the-bank’ (CTB) initiatives such as regulatory tech (regtech). As it stands, over 60% of overall tech spend is to RTB activities when it should instead be diverted to innovation and transformation efforts, the management consulting firm reports.

Here’s how to unlock value and turn governance, risk, and compliance challenges into new opportunities.

Collaborate with regtech firms

There are innumerable benefits to be gleaned from working with third-party technology firms to integrate with existing functions. Not least because of banks’ legacy systems and siloed workflows. Firms that have successfully made the transition report enhanced customer experience, more effective regulatory compliance, and greater cost efficiencies. For instance, Bain & Company estimates that implementing online customer onboarding through legacy systems at some major banks would take two years at a cost of more than USD10 million versus three months at USD300,000 if handled through a regtech specialist. The consulting firm lists the four major regtech investments currently deployed by banks:

This is not without its pitfalls. No successful integration is possible without early and ongoing conversations with the regulators in order to coordinate governance, risk, and compliance development for its ultimate approval. In recent years, regulators like the Monetary Authority of Singapore have moved toward an open API (application programming interface) architecture that can be easily used by regtech vendors and banks, making it easier and more cost effective for solutions to connect to the financial regulatory ecosystem.

Leverage data-rich sources and real-time payments

This is especially true in payments standardisation when it comes to new compliance standards.

At the global level, the best example of this is the rollout of ISO 20022, the mandatory XML-based messaging standard which is seen as the foundation for digital transformation of the global payment ecosystem. Since the global cutover from the legacy MT Messages format on 22 November 2025, the new MX Messaging format is more granular and data rich, offering banks the possibility of reducing manual interventions and enhanced compliance checks.

According to Swift, post-migration saw 97% of global payments initiated using the new MX standard with the remaining 3% relying on Swift’s auto conversion service which converts MT messages into ISO 20022 before delivering them to recipients. In a press statement, the global messaging network said: “ISO 20022 will elevate the customer experience in today’s fiat currency systems and lay foundations for a digital currency future. Richer, structured data enabled by ISO 20022 lays the ground for expanded innovation across the international financial ecosystem – boosting operational efficiency and compliance, deepening customer insights and taking the end-user experience to the next level.”

In reality, many banks are still patching legacy systems for compliance, with little time and space for innovation. This means that the full benefits of this new standard have yet to be realised. Institutions that prioritise this can unlock significant value.

Regionally, cross-border payments are also evolving towards greater collaboration. This in turn requires intense coordination – from harmonising national codes and standards to dispute resolution processes – as participating countries iron out the technicalities and move from bilaterial to regional arrangements. The upside is simplified, quicker, and cheaper costs for payments and also significant reduction in compliance costs for participating countries. 

A case in point is Project Nexus, a regional cross-border payments initiative led by the Bank for International Settlements Innovation Hub (BISIH) with central banks in Southeast Asia. It aims to establish a single, multilateral payments platform to connect participating national instant payment systems (e.g. PayNow, DuitNow, PromptPay) and simplify cross-border transfers quickly, securely, and cheaply.

Live implementation is expected in 2027 to connect Indonesia, Malaysia, the Philippines, Singapore, Thailand, and India. This necessitates additional steps such as currency conversion and compliance with anti-money laundering/countering the financing of terrorism (AML/CFT) requirements.

Once operationalised, cross-border compliance and risk data will be more transparent, interoperable, and instantaneous. This, along with the BISIH’s first two AI-based projects announced in January 2025 to explore its use in supervision, is predicted to enhance analytics of governance, risk, and compliance data to improve reporting standards and financial resilience.

Robust Compliance Builds Customer Trust

Loyalty is built through actions, not words. Banks that demonstrate a strong compliance culture – by prioritising client privacy, protecting privileged information, holding themselves accountable to industry best practice – signal to customers that they value their relationship. This, in turn, inspires trust and loyalty. It is far cheaper (and easier) to grow and retain an existing relationship than to procure a new client.

In this way, risk and compliance programmes should reorientate their focus and work together with business functions to see themselves as a critical part of the equation to improve customer experience. The strategy should be to craft governance, risk, and compliance processes – such as KYC or security updates – so they are a positive customer experience, not a point of friction.

Even in the event of crisis – for instance, data breaches or security hacks – immediate notification and timely communications with the regulators and broader market can mitigate or minimise downsides if handled efficiently and effectively.

Compliance Data = Business Intelligence

It is said that there is often money left on the street. This is true for compliance databases which, if analysed deeply, offer valuable business insights. In an age of hyper personalisation, these insights can reveal customer preferences for tailored services; identify new market opportunities through targeted product offerings; or even identifying potential operational inefficiencies.

Charlotte Bailey, CEO of the analytics firm Painintelligence, writes: “If you treat compliance as protection rather than intelligence, you are guaranteeing that your organisation will continue to make avoidable mistakes. You will lose customers for reasons you could have foreseen. You will fix processes only after harm occurs. You will redesign products only after value leaks. You will operate with slower insight than your regulator. And you will make strategic decisions without the most accurate behavioural data available.”

For this to happen, banks will need three things: a single version of the truth so that regulatory and commercial teams stop using different datasets to answer the same questions, reproducible metrics for consistent insight, and real-time visibility into the behaviour patterns that drive both harm and value.

“With these in place,” Bailey says, “compliance data becomes commercial intelligence instantly. You can identify profitable but underserved segments. You can see where product friction destroys retention. You can use outcome monitoring to predict churn. You can use affordability analysis to refine pricing. You can use vulnerability data to design better journeys.”

Work the Plan

It is time for a mindset shift. Financial institutions should stop treating governance, risk, and compliance as a resource for avoiding penalties and instead exercise it as a strategic tool for business growth. After all, the plan only works if you work the plan.

Julia Chong writes for Akasaa, a strategic consultancy and publishing firm. From its bases in London, Kuala Lumpur, and Sharjah, it delivers Asia-informed insight to a global audience.