With expanding EU and international regulatory frameworks such as the Markets in Crypto Assets (MiCA), the Payments Services Directive 3 (PSD3), the Digital Operational Resilience Act (Dora), and the AI Act, regulatory technology, or regtech, is becoming essential infrastructure.
The rapid growth in demand for regtech solutions is being driven by the volume, velocity and complexity of regulatory change, which is simply outpacing what manual processes can handle – and separate systems across different geographies or regulated areas of compliance are no longer keeping up either, says Keith Pyke, director of solutions at My Compliance Office.
“Those operating across multiple jurisdictions face overlapping obligations and increasingly complex regulatory requirements that no compliance team can manage without technology,” he says. “Organisations are also under pressure to demonstrate stronger governance, operational resilience and surveillance capabilities while controlling compliance costs.”
According to Pyke, regtech has become essential infrastructure, bringing structure, consistency and visibility to an increasingly complex regulatory and business environment.
READ MORE
EU frameworks such as MiCA, PSD3, Dora, and the AI Act reflect regulators responding to how quickly digital business models are evolving, such as crypto markets, open finance, and interconnected technology supply chains, says Julie Kennedy, partner, financial services risk and regulatory advisory, PwC Ireland.
“Dora requires resilience by design, MiCA requires strong governance of digital assets, PSD3 drives secure innovation in payments,” she explains. “Firms that treat these as transformation opportunities will move faster and build competitive advantage by driving investment in automated monitoring, testing and reporting platforms rather than relying on go-to spreadsheets and point-in-time reviews.”
The only way to manage compliance across jurisdictions at scale is through centralisation, says Pyke. “Firms need a single control framework that maps regulatory obligations directly to policies, workflows and controls – and keeps that mapping current as regulations evolve.
“Without that, organisations end up running parallel systems by region and by compliance function, which drives duplication, inconsistency and, ultimately, gaps in oversight.”
A centralised platform changes that dynamic, Pyke points out. “It brings data, processes and record-keeping into one place, giving compliance teams a consistent view of risk across the organisation. That not only improves operational efficiency, but it also makes it much easier to evidence decisions – how obligations were interpreted, how controls were applied and how outcomes were reached.
“In a multi-jurisdictional environment, that ability to demonstrate consistency and control is critical. Without a centralised structure, compliance becomes difficult to scale – and even harder to defend.”
The core challenge is business readiness, not just technology, says Kennedy. “Legacy environments bring fragmented data, unclear ownership and inconsistent controls – symptoms of organisations that digitised in stages without enterprise-wide design.
“Change management is equally challenging; technology alone does not solve compliance; people and processes must adapt, have clarity on accountability, processes must be re-engineered, and investment cases require board-level sponsorship.”
Artificial intelligence (AI) is making compliance technology more efficient and scalable, particularly in areas like surveillance, monitoring, investigations, and risk prioritisation, Pyke says. “At the same time, the EU AI Act reinforces what regulators have been increasingly clear on – firms need governance, transparency, accountability and human oversight around how AI is deployed, especially where decisions may affect customers or regulatory outcomes.
“The key point is that AI can’t sit outside a firm’s compliance framework. If it influences decisions, it has to be governed and evidenced in the same way as any other control. Firms need to be able to explain how it is used, what data informs it and how outputs are reviewed and challenged.”
The expectation isn’t just efficiency – it’s defensibility, Pyke continues. “If firms can’t demonstrate how AI-driven decisions were made and controlled, they create risk rather than reduce it.”
Ireland has genuine strengths, including a deep financial services ecosystem, a strong talent base, proximity to regulators, and an established, innovative culture, which together provide a strong commercial foundation, Kennedy says. “However, as technology and regulation accelerate, standing still means falling behind.
“To fulfil its potential, Ireland needs investment in scalable platforms and a step change in organisational readiness. The foundations are sound, but deliberate action is required to lead rather than follow.”
Ireland is already a hub for regtech innovation, and that will continue to grow in scope and influence, agrees Pyke. “Ireland’s position within the EU, its relationship with the Central Bank, and a talent base rooted in both technology and financial services all contribute to that momentum.
“Ireland’s position will only strengthen as EU regulatory frameworks mature. Financial services firms need a regtech base that is innovative and tech-savvy, well-versed in EU regulation, and capable of servicing the wider European market. Ireland ticks all three boxes.”
