This report is based on the 2026 ProSight Financial Association Compliance Outlook Survey, which was conducted online in the first quarter of 2026, gathering 150 responses from a range of compliance leaders at financial institutions of all sizes. Find out more about the survey, including the demographic profile of respondents, here. A downloadable version of this report is available here.
In the second year of a presidential administration that made looser financial industry regulation a priority, financial institution compliance leaders are finding that the overall environment they face can be complicated by countervailing state stances and plentiful uncertainty about the future. At the same time, rapid advances in AI—including its implications for fraud—and the uptake of digital assets are prompting compliance teams to develop new muscles in the race to keep up. With that in mind, the 2026 ProSight Compliance Outlook Survey set out to capture insights from leaders with oversight of compliance from global, regional, mid-tier, and community banks as well as credit unions. Its main findings, including the top challenges as compliance leaders see them and their plans to address them, align to two key themes:
A Changed Regulatory Environment—For Now: Survey respondents described a federal regulatory environment that feels streamlined for the near term, but which is part of a larger picture. While 88% of respondents said they have a clear view of federal regulatory priorities for the next three years and more than 90% plan to focus on material financial risks rather than process-heavy compliance, this shift is not reducing workloads. Nearly half (46%) of respondents expect compliance budgets to rise by at least 5% annually, driven largely by inconsistent state-level regulation and heightened scrutiny of emerging risks such as AI-enabled financial crime, digital assets, and geopolitical threats. After the survey was fielded, concern over the release of Anthropic’s Mythos tool, including a special meeting with bank CEOs called by top regulators, illustrated the need to manage emerging risks. Many compliance leaders also warned that anticipated re-regulation under a future administration creates ongoing uncertainty and demands sustained compliance vigilance. While the favorable regulatory benefit could be expected to benefit compliance teams, survey respondents are not, in fact, abandoning their compliance framework because the underlying risks have not gone away.
A Changed Technology and Talent Environment—Here to Stay: Survey respondents highlighted technology-driven transformation as a defining compliance challenge over the next three years. The category of data privacy, cybersecurity, and information security ranked as the most resource‑intensive area (78%), followed by digital assets (61%) and payment systems (58%), reflecting rising fraud, faster payments, and complex, multi‑jurisdictional regulation. Strategically, institutions are prioritizing data analytics, automation, and AI governance. Compliance leaders emphasize pairing technology investment with workforce upskilling, succession planning, and strong human judgment to sustain effective, scalable compliance programs.
Survey Background
The 2026 ProSight Compliance Outlook Survey casts light on the challenges in managing changing regulations, the complexities of fraud mitigation, the momentum of digital banking, and opportunities and threats presented by rapidly advancing AI. The leaders of financial institutions are always keenly aware of the risks and opportunities of any circumstance. To borrow from a saying from the U.S. national pastime: that’s banking. But these days it’s particularly hard to consider a positive development without seeing the potential negatives flashing red on the other side—and vice versa. Has looser federal regulation been a positive for financial institutions? Yes, the ProSight survey shows, but it has also prompted state regulators to fill in perceived gaps and created other complexities. And at the same time AI makes for frighteningly effective fraud and cyber exploits, it can be a force multiplier for compliance and risk management efforts to defend against those and other threats.
Christopher J. Boersma, ProSight Product Manager of Compliance with Learning and Development, describes the state of compliance work in 2026 as “operating in a paradox—lower federal oversight but higher, more complex compliance demands. Despite federal deregulation, compliance departments must maintain or boost compliance budgets to tackle emerging technology risks and rising state-level legislation and enforcement, while improving data quality and placing a larger focus on the recruitment and development of compliance talent.”
This report is based on 150 responses to an online survey ProSight fielded in the first quarter of 2026. It features the perspectives of a range of compliance leaders—including chief compliance officers, chief risk officers, and other executives—from a group of financial institutions varying in size from small community institutions to global money center banks. Throughout, it highlights the top challenges and priorities of compliance officers and how they are being addressed.
A Changed Regulatory Environment—For Now
The headlines about a loosening of federal regulation—and the related relief that a reduced focus on check-the-box and non-financial risks brings—do not capture the whole story about the impact on financial institution compliance. Missing is the reality of some states stepping in where they perceive gaps in federal regulation, as well as the expectation of a future swing of the regulatory pendulum.
After a steady flow of pronouncements and rule changes from federal regulators, including an end to examining for reputation risk and a de-emphasis of non-financial risks in general, the vast majority of survey respondents—88%—agreed strongly or somewhat with this statement: “We have a clear view of our regulatory and supervisory priorities over the next three years.” (See Figure 1.) Given that clarity, more than 90% said they are likely to focus on managing material financial risks rather than on “process-based controls of nonfinancial risks, ‘box-checking,’ and pro-forma documentation.”
That shift, however, is not translating to a lighter financial institution compliance load, according to respondents. And respondents from smaller institutions were much less likely to express a very high level of clarity on their regulatory/supervisory priorities over the next three years compared with their peers from larger organizations. Only 11% of respondents from institutions with less than $25 billion in assets strongly agreed that they had a clear view on these priorities; 49% from banks over $25 billion said the same. (This ProSight report will be followed by additional articles detailing the differences in perspective among banks of various asset sizes; visit prosightfa.org to find them.)
Overall, half expected compliance budgets to rise by 5% or more annually over the next several years, while less than 10% anticipate lower budgets. (See Figure 2.) Seventy-six percent agreed with the statement, “The current administration’s approach to banking regulation is likely to increase our compliance budget over the next three years,” consistent with a concern expressed by some research participants that an unintended consequence of federal deregulation could be increased regulatory burden overall in terms of documentation and costs.
Boersma said financial institutions “are currently struggling to manage a fragmented regulatory environment, characterized by a conflict between federal deregulation and numerous and inconsistent state-level laws regarding AI, privacy, digital assets, and consumer protection.”
“This patchwork of requirements forces multi-state institutions to navigate conflicting compliance standards, resulting in significant operational challenges,” he said. In a written survey response, a respondent from a California-based institution said, “We assume that the state will offset any decreases in federal compliance drag.”
Compliance leaders are also grappling with the fact that certain areas of federal regulatory oversight are requiring more compliance activity. “It is crucial to note that while the intensity or breadth of some traditional regulatory expectations may decrease, there is a concurrent, heightened focus from regulators on emerging financial crime risks,” a financial crimes executive at a global bank said. “This includes areas like the amplified AML/ CFT risks posed by AI and deepfake technologies, the burgeoning digital asset markets, vulnerabilities within the non-bank financial institutions (NBFI) sector, and broader geopolitical risks.” Nearly three-quarters (74%) of respondents said they expected compliance with the Bank Secrecy Act and anti-money laundering statutes to demand more time, management attention, and resources over the next three years. (See Figure 3.)
Several respondents, in written comments, noted that managing non-financial risk well remains crucial even if regulators are tipping their focus more toward financial risk. That point was highlighted after the survey was fielded, as alarm greeted the release of Anthropic’s Mythos model. In response to concern about the AI tool’s ease in finding software security vulnerabilities, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell gathered large-bank CEOs for an April 7 meeting.
Adding to the complex picture: a potential shift to a different federal regulatory approach under a future presidential administration. More than half of survey participants (55%) see the current state as a short-term shift in priorities which may well change. (See Figure 1.) The chief risk officer of a Midwestern community bank said in a free-text response, “Our bank continues to evaluate systems and solutions that can improve our compliance risk [management]. Even with some easing of regulations, we anticipate the pendulum may swing back if there is a change in administration at the next national elections.”
Another respondent, a senior compliance executive at a $500 million bank in the South, said, “With the uncertainty of what the regulatory landscape looks like under the current administration, we are trying to stay nimble and able to pivot easily in either direction (ramp up or down).”
There is also a question of how actions financial institutions are taking now—or not taking—could have consequences under a changed regulatory regime. “Lookbacks are common requests from BSA/AML examiners,” a senior line of business leader at a global bank said. “Banks must anticipate re-regulation to mitigate the risk of a lookback—what did we miss during the less stringent regulatory environment?”
Said the CRO of a New England bank holding company: “We are acutely aware that our actions today will be judged by a new administration with a potentially different set of expectations.”
In the meantime, though, many respondents believe the current regulatory approach does give them a freer hand to manage risk and compliance concerns in ways that best match their institutions’ strategy and profile. On balance, 41% said the approach would create opportunities, 20% said it would create challenges, and 34% said it would do both while the rest of the respondents said they were unsure. (See Figure 4.)
Notably, respondents from banks below $25 billion were less optimistic as a group, compared with their larger peers. They split evenly on the opportunities versus challenges presented by the current regulatory approach at 27% each, while 43% selected both challenges and opportunities (4% were unsure). In contrast, half of respondents from banks above $25 billion said the approach would largely create opportunities, while 16% chose challenges, and 28% chose both challenges and opportunities (5% were unsure).
“My anticipation is that regulatory expectations for our institution will de-crease somewhat in the near term,” the global bank financial crimes executive said. “This could translate into a slightly less intense supervisory approach in certain areas. Furthermore, we observe a growing global trend, especially within UK and EU regulatory bodies, towards ‘simplification’ and ‘streamlining supervision,’ which aims to reduce unnecessary burdens and foster more risk-based regulatory practices… potentially allowing for greater efficiency and a focus on high-impact areas.”
A Changed Technology and Talent Environment—Here to Stay
As financial institution compliance activities and strategy adapt to a fluid regulatory environment, they also reflect profound changes brought about by the shift to electronic transactions, the rise of digital assets, and the growing capabilities and reach of artificial intelligence.
Technology and technology-related concerns figured prominently when survey respondents were asked to name the regulatory and compliance areas that will receive the greatest attention in the next three years, as well as the areas that will get the most strategic focus and resource investment.
Data privacy, cybersecurity, and information security was the most-selected category (78%) when respondents were asked about the compliance areas that will demand the most time, management attention, and resources over the next three years (See Figure 3). The digital assets category was selected by 61%.
“Digital assets are significantly increasing compliance costs for financial institutions by forcing them to adapt to rapidly evolving and complex federal and state regulatory frameworks,” Boersma said. “To mainstream digital assets, firms are investing heavily in specialized technology and upgraded systems to manage elevated financial crime risks, such as money laundering and tax reporting deficiencies, and blockchain transactions across state and federal borders.”
Digital assets was another notable area of distinction between banks above and below $25 billion: 49% of respondents from the larger institutions said their compliance budget for digital assets increased by 5% or more this year, while only 22% of respondents from smaller institutions saw a similar increase.
The category of payment systems (such as ACH, RTP, and Fedwire) was selected by 58% of respondents, while 54% said compliance spending regarding electronic transactions—prime targets for fraud, especially as faster payments make recovering funds exceedingly difficult—increased more than 5% from 2025 to 2026, as shown in Figure 5.
“Fraudsters shift constantly and crime evolves as quickly as new financial products become available,” said a senior line of business executive at a community bank in the Southwest. “It takes focus and investment to stay ahead of financial crimes.”
Boersma said that in this increasingly challenging environment, “many banks are enhancing internal cooperation between their cybersecurity and anti-fraud teams and seeking information about the latest exploits from peer institutions and groups like ProSight’s Fraud Alert Network.”
In a world where deep-fake and other AI-enabled attacks are proliferating, getting cheaper for bad actors to launch, and supercharging cyber exploits “we need to enhance fraud detection and prevention at all phases and end-points of the client lifecycle,” said the chief risk officer at the New England bank holding company.
A senior compliance officer at a small credit union said, “We will continue to work with our third-party fraud monitoring vendor to utilize their capabilities to the fullest extent. All staff will continue to receive extensive training in the areas of fraud and financial crimes.”
Regarding areas of greatest strategic focus and investment for compliance activities over the next three years, 38% of respondents—the top response—selected “making better use of data analytics and automation to monitor and manage compliance risk” as a top priority (see Figure 6). Twenty-nine percent cited “developing compliance frameworks for AI and advanced analytics.”
“Making better use of data analytics and automation is a core strategic initiative for how our organization monitors and manages compliance risk,” a senior global bank executive said. “Our focus and investment in this area are designed to enhance the precision, efficiency, and scalability of our risk management processes, moving beyond traditional manual methods.”
A senior compliance executive at a regional bank said, “We are investing in advanced data analytics and automation to continuously monitor compliance risks, identify anomalies, and surface emerging issues earlier. By automating controls, reporting, and testing, we aim to improve accuracy, reduce manual effort, and enable more timely, data-driven decision-making across the compliance lifecycle.”
New technology is essential, said a respondent from a global bank, due to the massive amounts of data generated by auditors and other functions: “This is key to any improvement to current audits and audit functions. As the technology scales up and information increases, we must use data analytics to keep up with the scale of information now being produced.”
Respondents expect to ramp up AI use to help them meet their compliance goals. Importantly, that includes training employees to use AI effectively—understanding how inputs influence AI outputs, and how to assess the quality of those outputs. The global bank executive noted a “firm-wide effort to integrate AI, as demonstrated by initiatives like mandatory AI prompt training and the deployment of AI agents to improve productivity, ensuring our teams have the necessary institutional and technological understanding to address new risks.”
The aforementioned global bank senior line of business officer said that amid all that AI, “We need talented humans to tell our compliance story—what we do well, what are our weaknesses, what we do to mitigate risk.”
Respondents cited a need to develop expertise and “bench strength” to support growth and backfill retiring experts. The regional bank senior compliance executive said, “We are investing in compliance capability through targeted hiring, focused upskilling, and clear succession planning. This includes building regulatory and leadership depth while leveraging AI and advanced analytics to increase efficiency, scalability, and proactive risk management.”
Similarly, the chief compliance officer at a mid-tier bank in the East said, “Strengthening compliance talent and capacity will be a priority in 2026. By investing in skill development, role clarity, and scalable resourcing, we aim to enhance program effectiveness, reduce key-person risk, and better support sustainable growth.”
Closing Thoughts
Taken together, the 2026 ProSight Compliance Outlook Survey findings underscore a compliance environment defined by regulatory relief but also sustained complexity and enduring transformation. While many institutions welcome near-term clarity and a more risk based federal regulatory posture, state-level activity, heightened enforcement in areas such as AML, and the strong possibility of regulatory reversal demand continued vigilance.
At the same time, technology change is not cyclical—it is permanent. The rapid growth of digital assets, faster payments, AI, and AI-enabled fraud are forcing institutions to invest simultaneously in advanced analytics, cybersecurity, and human expertise. As one respondent warned, adversaries evolve as fast—or faster—than financial innovation, requiring constant attention at every point in the client lifecycle. The institutions best positioned for the future will be those that remain nimble, anticipate re-regulation, and pair technology investment with strong governance, skilled talent, and disciplined judgment—ensuring compliance remains resilient, credible, and strategically aligned regardless of how the regulatory pendulum swings.
In the first quarter of 2026,* ProSight surveyed 150 leaders with responsibility for compliance at financial institutions varying from small community institutions to global money center banks in the United States and Canada. The inaugural annual ProSight Compliance Outlook Survey sought perspectives on the top challenges and priorities of practitioners including chief compliance officers, chief risk officers, and other executives.
Represented institutions by asset size
- Less than $25 billion: 44%
- $25 billion-$50 billion: 12%
- $50 billion-$100 billion: 11%
- $100 billion-$250 billion: 10%
- $250 billion-$500 billion: 6%
- $500 billion-$1 trillion: 9%
- More than $1 trillion: 8%
Positions held by respondents
- Chief compliance officer or equivalent: 24%
- Senior compliance executive (e.g., EVP, SVP): 18%
- Compliance executive (e.g., VP, Director): 16%
- Head of a line of business (e.g., divisional CEO, EVP, SVP): 16%
- Senior risk management executive (e.g., VP, Director): 10%
- Chief risk officer or equivalent: 5%
- Senior line of business executive (e.g., VP, Director): 4%
- Information technology executive: 2%
- Senior corporate finance executive (e.g., EVP, SVP): 1%
* This survey was fielded prior to Treasury Secretary Scott Bessent and Fed Chairman Jerome Powell’s April 7 meeting with large-bank CEOs about Anthropic’s Mythos release. The new AI tool caused alarm over its unprecedented ability to find security vulnerabilities in software.
