At the start of the year, we identified five global regulatory and risk management themes that would shape 2025. Midway through, it's clear: those themes haven’t just materialized, they’ve accelerated. Supervisory divergence, regulatory innovation, and data expectations are evolving faster than even many regulators anticipated. Add in the unpredictability of global markets, AI breakthroughs, and evolving ESG expectations, and banks are now expected to do more than they signed up for.
Further, managing risk means staying ahead of relentless transformation. The financial system and the world surrounding it are evolving through both disruption and innovation. Some changes can be forecast, while others occur unexpectedly.
AI is evolving rapidly, with the power to both innovate and destabilize. Recent examples include the growing use of generative AI in credit risk modeling and fraud detection, offering efficiency gains but also raising concerns about model transparency, regulatory compliance, and systemic bias. Meanwhile, global actors are pushing strategies that seem both deliberate and destabilizing. Unlike past crises, such as the global financial crisis or the COVID-19 pandemic, today’s volatility feels engineered. Chaos isn’t incidental. It’s structural. But it can be anticipated and turned into a strategic advantage.
These developments come at a critical moment for banks, with sweeping regulatory change converging in 2025. The finalized Basel III framework, now in various stages of implementation across regions like Europe (via CRR 3), Canada, Australia, Singapore, and Hong Kong, is prompting banks to rethink how they measure risk, manage capital, and report financials. Jurisdictions still aligning with these standards will add further layers of complexity. Yet with every challenge comes a parallel opportunity to outperform.
These changes are playing out across the themes we outlined earlier this year, particularly the shift from siloed functions to integrated frameworks and the growing demand for real-time, explainable data. The complexity of what’s coming requires not just more reporting, but better control over how data flows across risk, finance, and compliance functions.
Rules all over the map
Regional and national authorities often adopt global standards to meet local needs and customs, leading to wide variation. Banks must manage data for each jurisdiction while maintaining consistency across the organization.
Across the globe, different jurisdictions are taking different paths, some aligning with global standards, others diverging.
Basel III is being implemented in Europe through Capital Requirements Regulation 3 (CRR 3), which mandates an alteration of how banks calculate risk and report capital that is sufficiently radical to drive institutions to rethink their reporting infrastructure. CRR 3 features output floors, new credit and market risk models, and enhanced data validation rules.
Requirements are being expanded to include tighter reporting standards related to Environmental, Social and Governance (ESG) risk reporting (although it has slowed down due to the geopolitical agenda), and Pillar 3 disclosures will have to be made in the machine-readable XBRL format, allowing them to align seamlessly with Common Reporting and Financial Reporting (COREP and FINREP) submissions. European banks also must contend with the Integrated Reporting Framework (IReF), which is intended to harmonize data collection and reporting methods across the region.
Also notable is the recent delay in implementing the Fundamental Review of the Trading Book (FRTB) in some jurisdictions, which reflects the complexity of aligning market risk frameworks globally.
The United States, meanwhile, is tracking somewhat against the global winds of change with a partial deregulation of financial services. Implementation of some Basel III features has been delayed or softened. Other initiatives, though, aim to beef up integrity and transparency in data reporting.
Supervisors in Britain are focusing on stress dynamics. The Bank of England’s Resolvability Assessment Framework is designed to enable failures to proceed in an orderly way. The framework compels larger institutions to demonstrate how they would manage funding and maintain or wind down operations as stresses mount. Further, the UK PRA is keen to get Basel 3.1 off the ground in January 2027.
The Asia-Pacific region is a patchwork of independent jurisdictions and governing bodies, resulting in idiosyncratic financial regulations. But authorities in leading jurisdictions like Hong Kong, Singapore, and Australia have the same broad ambition: faster, smarter, and more agile oversight. Supervisors are testing real-time feeds and granular data collection that go deeper than traditional disclosures.
The fragmented and evolving nature of regulatory requirements across jurisdictions presents significant challenges for international banks. Institutions must remain vigilant, not only to identify local variations but also to implement distinct compliance frameworks for each legal entity. This complexity raises a critical question: At what point does the cost of compliance outweigh the value of participating in a market?
Divergent requirements serving a common purpose
Regulatory demands across regions vary widely, but certain elements, such as an emphasis on transparency and data quality, are common to all frameworks. Regulators also desire to scrutinize submissions more closely, in part because new technological capabilities allow them to do so.
It is important to understand that these objectives, and the various new and expanded requirements, are not added regulatory homework, but a way to produce visible proof of control over processes and risk. Beyond the numbers that a bank comes up with, authorities want to gauge what the number crunching can tell them about the control the bank has over its processes, and therefore how much its reporting can be trusted. They want to know: How well can an institution reconcile outputs from different functions? How confident is the institution in its ability to model the impact of market or policy shocks?
In other words, banks must move beyond a checkbox approach to regulatory compliance. They need to demonstrate that the right data is being used, that robust data governance is maintained throughout the process, and that sound calculations and analytics underpin their financial and risk management practices. Done well, these practices naturally lead to compliant regulatory reports and data sets, making compliance a byproduct of strong internal processes, not a standalone objective.
With the industry still smarting from the 2008 financial crisis, the run-up this decade in inflation and interest rates, which led to insolvencies at some high-profile banks, and the recent volatility in financial markets, regulators insist that banks not only do the work of prudential risk management and ensuring capital adequacy. They must show conclusively that they’re doing the work, often in real time. Again, it’s about readiness, not reaction, and resilience to shocks.
Showing readiness by showing data mastery
To prove its readiness, a bank must do more than meet deadlines; it must demonstrate mastery over its data and, therefore, mastery over its business and a thorough understanding of the broader economic and commercial landscape. This challenge is especially great for global institutions, which must comply with multiple sets of rules and diverse operating environments.
The key to meeting it is maintaining a unified approach to data. Indeed, the more diverse a bank’s operating and regulatory environments, the more essential [SA2] it is to integrate finance, risk, and compliance functions into a single data and analytics environment with shared definitions, traceable inputs, and real-time analytics.
This remains a tall order for many institutions. What holds them back is a persistent dependence on siloed systems, especially when it comes to asset and liability management (ALM) and interest rate risk in the banking book (IRRBB). The weakness of silos, made clear during the global financial crisis, reemerged during a series of American bank failures earlier in this decade. These legacy systems are so inadequate to the task of understanding risk that they become sources of risk in their own right. What is needed is a holistic approach to risk management, one that spans across all risk types and breaks down traditional silos.
Banks must be able to assess the impact of scenarios on key risk metrics and understand the interdependencies between different risk categories. This bottom-up perspective enables a comprehensive view of risk, not necessarily by having the most advanced models, but by fostering the ability to interpret how various risks interact and influence the institution’s overall financial position.
Our OneSumX is designed to give you the data mastery you need. With its fully integrated architecture and powerful and sophisticated analytics, it creates a seamless, holistic ecosystem. It helps you generate pristine data with a full audit trail, ensuring traceability, transparency, and consistency across all of your activities in all of the jurisdictions you operate in.
A platform like OneSumX delivers real advantage because it is designed to unify finance, risk, and regulatory functions. This equips institutions to respond fully to supervisors’ demands while streamlining operations and raising overall data quality. These benefits show up in many ways, but you’ll experience them most powerfully by focusing on these five strategic priorities, which matter more than ever in 2025:
- Harmonizing cross-functional data: Put risk, finance, and regulatory teams on the same page with shared definitions, transformation logic, and reconciliation tools. Align ALM and IRRBB with financial reporting so you can speak with one voice—even under stress.
- Modernizing the accounting core: Centralize accounting with rules-based, multi-GAAP logic and automate wherever possible. This will eliminate end-of-quarter panic.
- Preparing for XBRL and dynamic disclosures: Machine-readable submissions that produce better data—not just more of it—are mandatory in many jurisdictions. Treat them as a way to confirm the integrity of your processes, not as formatting exercises.
- Linking ALM directly to resolution reporting: Supervisors are connecting the dots among liquidity, capital and crisis playbooks. Your systems should do the same.
- Performing scenario tests for macroeconomic shocks: Break down silos and model how trade wars, ESG rules or systemic events could affect your balance sheet. Build your contingency plans now, before you need them.
A monumental but surmountable undertaking
The need for data mastery, and technology that facilitates it, is especially great today, given the mix of complex, evolving regulatory demands and extreme, novel uncertainties. Tariff policies are changing on the fly—on again, off again, up again, down again—driving interest rates, currencies, and stocks into chaotic swings. At the same time, bankers and other carbon - based lifeforms are trying to keep up with AI breakthroughs made by economic and ideological rivals who, by the nature of the effort, cannot fully predict where their work will lead.
These currents and trends amplify a challenge for banks that would be monumental just due to the nature and scale of the imminent regulatory changes. Meeting the challenge will require demonstrably better systems that generate demonstrably better data, processes, and strategies. With the right systems in place, even the changes no one sees coming can be turned into opportunities - managed, mastered, and leveraged.
At Wolters Kluwer, we’re helping institutions stay ahead, not just compliant, and confident in their readiness to adapt, lead, and turn regulatory change into strategic advantage.
