The Compliance Paradox Facing Banks in 2026

For compliance teams, 2026 may look like a relief story from a distance. Federal priorities appear clearer, and some institutions see room to streamline. But in a new episode of the ProSight Banking Strategies podcast, ProSight’s Amy Repp and Chris Boersma explain why the day-to-day compliance picture is getting more complicated. Boersma, product manager of compliance at ProSight, calls the current environment “a paradox”: less federal pressure in some areas, but more complexity overall. 

The conversation builds on ProSight’s Compliance Outlook Survey for 2026, which drew responses from 150 compliance leaders. In the survey, 88% of respondents said they have a clear view of federal regulatory priorities, but views were mixed on what that means in practice: 41% said the federal approach would create opportunities to streamline compliance, 20% expected mostly challenges, and 34% expected both. 

Several key points emerged: 

State rules are filling the gaps. Boersma pointed to new state regulatory activity around AI, digital assets, privacy, and consumer protection. For multistate institutions, that can mean conflicting standards, more legal and operational complexity, and additional technology investment. 

Compliance programs need to stay flexible. Repp, product manager for compliance and risk at ProSight, noted that change has long been a constant in banking. Her advice: maintain reliable sources of information, clear processes for implementing updates, and tools that help teams understand and apply changes as they come. 

Cyber and data risks are leading the resource conversation. In the survey, 78% of respondents said data security and cybersecurity would demand more attention and resources. Boersma said those risks differ from traditional compliance concerns because they are constantly changing in complexity, volume, and sophistication—and because their impact can be much greater than a traditional compliance violation. 

Fraud and AML are moving faster. Boersma said legacy compliance systems are struggling to keep up with modern financial crime tactics, especially as instant payments and borderless payment rails expand. Repp added that fraud risks now include social engineering, deepfake technology, and AI-generated phishing campaigns, pushing institutions from reactive detection toward proactive prevention through training, customer education, systems, and automation. 

AI is both a tool and a control issue. Institutions want to use AI to improve monitoring, fraud detection, and efficiency, Repp said. But it also introduces risks around models, data quality, and misuse by bad actors. The balance comes from clear governance and human accountability. 

Vendor management needs a deeper look. Boersma said financial institutions often do a good job with due diligence on primary vendors but still struggle with the “nth degree”—including fourth- and fifth-degree vendors. That means the critical vendors supporting primary partners also need attention. 

The takeaway: Compliance teams are dealing with risks that increasingly overlap. As Repp put it, risks that are often treated as distinct are “colliding inside the same institution.” The institutions best positioned for 2026 will be the ones that can connect those risks across departments, update controls dynamically, and communicate clearly with leadership about what strong compliance now requires. Listen to the entire conversation here.