Fill out the form to stay updated on ecosystem innovation topics, activities and opportunities Cetif
More than 30,000 professionals make up the ecosystem of Cetif: we facilitate the meeting and exchange between banks, insurers and companies in an academic Center, competent and independent environment to share knowledge, experience and strategies on the most innovative drivers of change.
16 Research Hubs focused on dynamics of strategic evolution, regulatory updates, organizational and process practices, and the effects of digitization: we study innovation trends and best practices and share them with our communities.
Over 60 events including Main events (Workshop and Summit) and Community events (related to research activities) and Webinar: we bring together banks, insurance companies and businesses for shared growth on trends and challenges to outline innovative development strategies.
More than 40 Executive Education tracks, 4 Master's programs and numerous Company Specific Programs: we transfer innovative financial-oriented content with a scientific approach.
An experimental spin off combining academic research and entrepreneurial approach: we turn innovation and digitization into a concrete business advantage.
The financial sector continues to undergo profound change, driven by technological developments and an increasingly complex and stringent regulatory environment. Institutions must operate in a scenario where compliance is intertwined with the modernization of IT infrastructure, the evolution of service models, and the strengthening of organizational controls.
Regulations such as Credit Consumer Directive II, Retail Investment Strategy, Saving & Investment Union, and Digital Operational Resilience Act, together with emerging directives such as AI Act, PSD3, and ESG/CSRD standards, are no longer mere compliance obligations. Regulatory evolution is proving to be a significant and cross-cutting driver, influencing governance, risk management, cybersecurity, and operational resilience. According to expert assessments, many regulatory initiatives are in areas with high readiness and already significant investments, particularly in compliance, digital resilience, and cybersecurity. At the same time, areas such as digital lending, wealth management, and certain components of IT and retail banking require further maturation efforts.
In this context, regulatory evolution is no longer just a constraint, but an enabler of transformation. An integrated approach, combining technological, organizational, and strategic interventions, becomes essential to transform regulatory obligations into levers of efficiency, innovation, and sustainable competitive advantage.
The central role of the Compliance function
Within this framework, the Compliance function plays a central and cross-cutting role, assuming increasing strategic importance in order to cope with ever-growing regulatory and technological complexity. Its mission is not limited to verifying formal compliance with provisions, but extends to the operational translation of regulatory requirements into consistent policies, controls, and organizational structures.
In complex regulatory areas such as those governed by the Consumer Credit Directive II, Compliance is called upon to oversee the interpretation and implementation of provisions in a structured manner, with particular attention to gap analysis and the review of internal policies. The impact is not theoretical: it concerns creditworthiness assessment processes, information transparency, and mechanisms for preventing over-indebtedness. The function therefore becomes a key player in defining governance controls and mitigating legal and reputational risk.
This evolution consolidates a model in which Compliance acts as an internal advisor, interacting with IT, Risk Management, and business lines to ensure consistency between innovation, operations, and the regulatory framework.
RegTech as a lever for strengthening controls
In the current regulatory environment, RegTech solutions are playing a central role in helping financial institutions effectively manage regulatory obligations and strengthen control systems. The adoption of digital tools is no longer limited to experimental initiatives, but is part of a structured strategy of automation and continuous monitoring.
According to data from Digital Compliance HUB 2025, 61% of institutions use text analysis technologies applied to complaints, highlighting how semantic analysis and automated text data processing are now established tools for identifying critical conduct issues and emerging areas of risk. Fifty-five percent use solutions for intercepting and monitoring regulations, with the aim of reducing the time needed to implement new regulations and ensuring timely alignment between external provisions and internal frameworks.
AML to be a priority for 41% of organizations, confirming the central role of anti-money laundering measures in the control system. At the same time, 32% of technological initiatives are related to DPO activities, highlighting the focus on data protection and privacy risk management in increasingly digitized ecosystems. Finally, 30% of applications relate to gap analysis, demonstrating how automation directly supports the process of assessing the gap between internal structures and regulatory requirements.
These figures highlight a clear trajectory: the digitization of compliance focuses on information-intensive activities and processes that require timeliness, traceability, and advanced analytical capabilities. RegTech solutions not only generate operational efficiency, but also help to strengthen the quality of controls and the predictive capabilities of the organization.
Investment priorities: DORA, AI Act, and AML
The investment and control agenda of financial institutions is now heavily influenced by three regulatory areas that dominate in terms of strategic and technological impact: DORA, the AI Act, and AML.
The Digital Operational Resilience Act (DORA) introduces stringent requirements for ICT risk management, operational resilience testing, incident reporting, and control over critical technology suppliers. Its impact extends to infrastructure architectures, outsourcing models, and business continuity measures, requiring significant investment in monitoring and testing tools.
The AI Act introduces a governance framework for artificial intelligence systems, with specific requirements in terms of transparency, documentation, risk management, and human oversight. In an industry that increasingly integrates algorithms into decision-making processes, from credit to fraud prevention, the ability to govern AI in a compliant manner becomes a critical element of operational model sustainability.
Finally,AML continues to be a pillar of the control system, with a direct impact on technological investments, ex-ante activities, and ex-post controls. The automation of monitoring activities and the integration of advanced analytics are now essential components for ensuring the effectiveness, scalability, and traceability of anti-money laundering controls.
DORA, the AI Act, and AML therefore AML the agenda of institutions not only because of their technical complexity, but also because of their ability to redefine priorities, methodologies, and organizational structures.
Towards integrated and proactive compliance
The evolutionary trajectory is clear. Compliance can no longer be conceived as a reactive function, focused exclusively on ex-post controls. It must operate in an integrated manner, contributing to process design, IT architecture definition, and governance model structuring.
In a context characterized by increasing digitization and interconnection, the ability to combine regulatory, technological, and organizational skills is the real differentiating factor. Regulatory Evolution, if managed with an integrated approach, allows regulatory obligations to be transformed into levers for efficiency, innovation, and strengthening trust.
Data from the Digital Compliance HUB confirms that the process is already underway: investment in RegTech, the central role of the Compliance function, and the focus on regulations with a high technological impact outline a model in which compliance and competitiveness are not in conflict, but rather part of the same strategy.
In the medium to long term, the solidity of financial institutions will depend on their ability to incorporate regulation into the very architecture of their business. It is no longer a question of "complying" with the rules, but of designing resilient, transparent, and technologically governed organizations, in which compliance becomes a strategic infrastructure and not simply a control mechanism.