Regulatory Technology (RegTech): Complete Table of Contents

Compliance Automation, Algorithmic Auditing, Computational Law

Front Matter

Title Page
Preface: Why RegTech Matters Now
Acknowledgments
How to Use This Book
Prerequisites

Part 1: Foundations of RegTech (Chapters 1–5)

Establishing the conceptual, historical, and technological ground upon which all RegTech rests.

Chapter 1: What Is RegTech? History, Definitions, and the Compliance Crisis

1.1 The Compliance Burden: Why Regulation Became Unmanageable
1.2 Defining RegTech: A Taxonomy of Definitions
1.3 A Brief History: From Manual Compliance to Machine Learning
1.4 The 2008 Financial Crisis as RegTech Catalyst
1.5 The Five Families of RegTech: A Functional Framework
1.6 RegTech vs. FinTech vs. LegalTech: Overlaps and Distinctions
1.7 Meet the Characters: Maya, Rafael, Priya, and Cornerstone
1.8 Chapter Summary

Chapter 2: The Regulatory Landscape: Financial Regulation and Its Architecture

2.1 Why Financial Markets Are Regulated: Market Failure Theory
2.2 The Principal Regulators: US, EU, UK, and APAC Architecture
2.3 Types of Financial Regulation: Prudential, Conduct, and Market Integrity
2.4 The Regulatory Cycle: Rule-Making, Supervision, and Enforcement
2.5 How Regulations Become Requirements: A Process Map
2.6 The Extraterritorial Problem: When Regulation Crosses Borders
2.7 Regulatory Complexity as Business Risk

Chapter 3: The RegTech Ecosystem: Players, Platforms, and Market Dynamics

3.1 The RegTech Market: Size, Growth, and Segmentation
3.2 Pure-Play RegTech Vendors vs. Integrated Platforms
3.3 Big Tech and the RegTech Stack
3.4 Financial Institutions as RegTech Builders vs. Buyers
3.5 Regulatory Bodies as Technology Consumers: SupTech
3.6 Investment Dynamics: VC, Corporate Venture, and M&A
3.7 The Consolidation Wave: What It Means for Buyers

Chapter 4: Technology Foundations: AI, ML, NLP, and Automation in Compliance

4.1 Mapping Technology to Compliance Problems
4.2 Rule-Based Systems: Determinism and Its Limits
4.3 Machine Learning Fundamentals for Compliance Professionals
4.4 Natural Language Processing: Reading Regulation at Scale
4.5 Robotic Process Automation in Compliance Workflows
4.6 Graph Analytics: Network Effects in Financial Crime
4.7 The AI Readiness Assessment for Compliance Teams

Chapter 5: Data Architecture for Regulatory Compliance

5.1 Why Data Is the Foundation of Every RegTech Solution
5.2 Data Governance Frameworks for Compliance
5.3 The Regulatory Data Taxonomy
5.4 Data Quality: The Silent Failure Mode
5.5 Data Lineage and Audit Trails
5.6 Master Data Management in Financial Institutions
5.7 Cloud vs. On-Premise vs. Hybrid: Architectural Choices

Part 2: Identity, KYC, and AML (Chapters 6–11)

The most resource-intensive domain in compliance — and the one most transformed by technology.

Chapter 6: KYC Fundamentals: Identity Verification at Scale

6.1 The KYC Obligation: Origins and Evolution
6.2 Customer Identification Program (CIP) Requirements
6.3 Document Verification: From Manual to Automated
6.4 Biometric Verification: Liveness Detection and Deepfake Risk
6.5 Electronic Identity Verification (eIDV): APIs and Data Sources
6.6 KYC Orchestration Platforms: The Architecture of Automation
6.7 Ongoing Monitoring: Keeping KYC Current

Chapter 7: AML Transaction Monitoring: Rules-Based vs. AI-Driven Approaches

7.1 The AML Framework: From FATF to Local Implementation
7.2 Transaction Monitoring: How It Works
7.3 Rules-Based Systems: Tuning, Thresholds, and Typologies
7.4 Machine Learning in Transaction Monitoring: What Changes
7.5 Managing Alert Volume: The False Positive Problem
7.6 Hybrid Approaches: Rules + AI in Production
7.7 Alert Review Workflows and Productivity Metrics

Chapter 8: Sanctions Screening: Watchlists, False Positives, and Calibration

8.1 Sanctions Regimes: OFAC, EU, UN, and the UK's Regime
8.2 The Screening Obligation: Who, When, and What
8.3 Fuzzy Matching: Algorithms and Their Trade-offs
8.4 Calibrating for False Positives: The Compliance-Operations Tension
8.5 List Management and Change Control
8.6 Real-Time vs. Batch Screening: Architectural Considerations
8.7 Sanctions Violations: Enforcement Cases as Learning Opportunities

Chapter 9: Beneficial Ownership and Corporate Transparency

9.1 The Beneficial Ownership Problem: Why Shells Matter
9.2 The Corporate Transparency Act (CTA) and EU 6AMLD
9.3 UBO Registries: Data Quality and Accessibility
9.4 Technology Solutions for UBO Discovery
9.5 Graph-Based UBO Analysis: Finding Hidden Controllers
9.6 Cross-Border Complexity: Jurisdictional Mismatches
9.7 Implementation Obligations for Financial Institutions

Chapter 10: Customer Risk Rating and Enhanced Due Diligence

10.1 The Risk-Based Approach: The Foundation of Modern AML
10.2 Customer Risk Scoring: Factors and Models
10.3 Enhanced Due Diligence (EDD): Triggers and Procedures
10.4 PEP Screening: Politically Exposed Persons and Their Networks
10.5 Adverse Media Screening: NLP at Scale
10.6 Dynamic Risk Rating: Moving from Static to Continuous
10.7 Documenting Risk Decisions: What Regulators Want to See

Chapter 11: Suspicious Activity Reporting and Case Management

11.1 The SAR Obligation: Legal Requirements and Protections
11.2 The Anatomy of a SAR: Structure and Quality Standards
11.3 Case Management Systems: From Alerts to Reports
11.4 AI-Assisted Narrative Writing for SARs
11.5 Metrics and Quality Assurance for SAR Programs
11.6 Law Enforcement Feedback: Closing the Loop
11.7 Tipping-Off Prohibitions and the Consent Regime

Part 3: Risk Management and Regulatory Reporting (Chapters 12–17)

How financial institutions measure, model, and report the risks regulators care about most.

Chapter 12: Operational Risk and Technology Risk Management

12.1 Defining Operational Risk: Basel's Framework
12.2 The Technology Risk Subset: Cyber, Model, and Vendor Risk
12.3 Risk Event Data Collection and Loss Databases
12.4 Scenario Analysis for Operational Risk
12.5 Key Risk Indicators (KRIs) and Early Warning Systems
12.6 Third-Party and Vendor Risk Management
12.7 Resilience: Recovery Time Objectives in Regulatory Context

Chapter 13: Regulatory Reporting: From XBRL to API-Based Reporting

13.1 The Regulatory Reporting Ecosystem: What Gets Reported
13.2 XBRL: The Language of Machine-Readable Reporting
13.3 Common Reporting Standard (CRS) and FATCA
13.4 MiFIR Transaction Reporting: Fields, Logic, and Exceptions
13.5 API-Based Reporting: The Future Architecture
13.6 Building a Regulatory Reporting Pipeline in Python
13.7 Data Quality Controls and Reconciliation

Chapter 14: Market Risk and the Basel Framework in Practice

14.1 Market Risk Fundamentals: VaR, ES, and Beyond
14.2 Basel III/IV: The Regulatory Capital Framework
14.3 The Fundamental Review of the Trading Book (FRTB)
14.4 Internal Model Approval: The Model Risk Implications
14.5 Liquidity Risk: LCR, NSFR, and Intraday Monitoring
14.6 Interest Rate Risk in the Banking Book (IRRBB)
14.7 Stress Testing Market Risk Exposures

Chapter 15: Credit Risk Modelling and Model Risk Management

15.1 Credit Risk Basics: PD, LGD, EAD
15.2 Internal Ratings-Based (IRB) Approach: Requirements
15.3 Building a Credit Risk Model: Process and Pitfalls
15.4 SR 11-7: The US Model Risk Management Framework
15.5 Model Validation: Independence, Testing, and Documentation
15.6 IFRS 9 and ECL Modelling: The Accounting-Prudential Link
15.7 Machine Learning in Credit Risk: Opportunities and Regulatory Friction

Chapter 16: Stress Testing and Scenario Analysis

16.1 Why Stress Testing? From SCAP to DFAST to EBA
16.2 Regulatory Stress Test Frameworks: A Comparative Review
16.3 Designing Stress Scenarios: Adverse, Severely Adverse
16.4 Running a Stress Test: Data, Models, and Aggregation
16.5 Sensitivity Analysis vs. Scenario Analysis
16.6 Communicating Stress Test Results to Boards and Regulators
16.7 Climate Stress Testing: The Emerging Requirement

17.1 The Privacy-Compliance Tension: A Structural Conflict
17.2 GDPR Fundamentals for Compliance Professionals
17.3 Data Subject Rights in a Compliance Context
17.4 Cross-Border Data Transfer: SCCs, BCRs, and Adequacy
17.5 Privacy by Design in RegTech Systems
17.6 CCPA and the Patchwork of US Privacy Law
17.7 Navigating Conflicts: When AML Requirements and Privacy Clash

Part 4: Trading Compliance and Market Surveillance (Chapters 18–22)

The high-speed world of securities trading and the technology that monitors it.

Chapter 18: MiFID II, MiFIR, and Best Execution Compliance

18.1 The MiFID II Framework: Scope and Structure
18.2 Best Execution: From Principle to Process
18.3 Best Execution Monitoring: Data Requirements and Systems
18.4 Product Governance and Target Market Assessment
18.5 Research Unbundling: The CSA and Payment Models
18.6 Transaction Reporting under MiFIR: Practical Implementation
18.7 Post-Brexit: UK MiFID and Divergence Tracking

Chapter 19: Market Surveillance: Detecting Manipulation and Abuse

19.1 Market Abuse Regulation (MAR): The Framework
19.2 Insider Dealing: Definition, Detection, and Case Studies
19.3 Market Manipulation Typologies: An Illustrated Guide
19.4 Cross-Asset and Cross-Market Surveillance Challenges
19.5 Surveillance Analytics: From Rules to Machine Learning
19.6 The Supervisory Timeline: From Detection to Referral
19.7 Regulators as Surveillance Partners: STORs and Data Sharing

Chapter 20: Pre-Trade and Post-Trade Transparency Requirements

20.1 Transparency in Markets: The Regulatory Logic
20.2 Pre-Trade Transparency: Quote and Order Display Rules
20.3 Post-Trade Transparency: Trade Reporting Architecture
20.4 Approved Publication Arrangements (APAs) and ARM
20.5 Systematic Internalisers: Obligations and Technology
20.6 Dark Pools and Waivers: Regulatory Boundaries
20.7 Consolidated Tape: The Data Infrastructure Challenge

Chapter 21: Algorithmic Trading Controls and Kill Switches

21.1 Algorithmic Trading in Scope: What Counts
21.2 Pre-Trade Risk Controls: The Regulatory Floor
21.3 Kill Switches: Architecture, Testing, and Governance
21.4 Algorithm Testing and Deployment Controls
21.5 Annual Self-Assessment Requirements
21.6 Market Making Obligations and Withdrawal Rights
21.7 High-Frequency Trading: Additional Obligations

Chapter 22: Trade Surveillance: Spoofing, Layering, and Front-Running Detection

22.1 Manipulative Trading: Legal Definitions and Enforcement History
22.2 Spoofing: Technical Mechanics and Detection Approaches
22.3 Layering: Pattern Recognition at Microsecond Resolution
22.4 Front-Running: Information Barriers and Monitoring
22.5 Cross-Desk Surveillance: The Communications Challenge
22.6 Voice and Electronic Communications Surveillance
22.7 Building a Trade Surveillance Program: A Practical Framework

Part 5: Emerging Technologies in RegTech (Chapters 23–28)

The frontier technologies reshaping what compliance can do.

Chapter 23: NLP for Regulatory Intelligence and Horizon Scanning

23.1 The Regulatory Text Problem: Volume, Complexity, and Change
23.2 NLP Fundamentals for Regulatory Applications
23.3 Building a Regulatory Horizon Scanning System
23.4 Obligation Extraction: From Regulation to Requirement
23.5 Change Impact Analysis: NLP for Gap Assessment
23.6 Semantic Search for Regulatory Research
23.7 Large Language Models in Regulatory Intelligence: Capabilities and Risks

Chapter 24: Blockchain, Smart Contracts, and Immutable Audit Trails

24.1 Blockchain Fundamentals for Compliance Professionals
24.2 Immutability as an Audit Property: What It Delivers and What It Doesn't
24.3 Smart Contracts as Compliance Automation
24.4 DeFi and the Compliance Challenge
24.5 Asset Tokenization and Regulatory Treatment
24.6 Travel Rule Compliance in Crypto: The FATF Requirement
24.7 Central Bank Digital Currencies (CBDCs): Regulatory Implications

Chapter 25: Machine Learning in Fraud Detection

25.1 Fraud Taxonomy: Payments, Account Takeover, Synthetic Identity
25.2 Supervised Learning for Fraud: Labeling, Features, and Evaluation
25.3 Unsupervised and Semi-Supervised Approaches
25.4 Real-Time Scoring: Architecture and Latency Constraints
25.5 Model Drift and Adversarial Adaptation
25.6 Challenger Model Programs in Production
25.7 Federated Learning: Collaborative Fraud Detection Without Data Sharing

Chapter 26: Explainable AI (XAI) and Model Governance

26.1 The Explainability Imperative: Regulatory and Ethical Drivers
26.2 SHAP, LIME, and Feature Importance: A Technical Overview
26.3 Explainability in Credit Decisions: The ECOA and Fair Lending Context
26.4 Building a Model Governance Framework
26.5 Model Inventory and Tiering
26.6 Documentation Standards: From MRM to the AI Act
26.7 The Governance-Innovation Tension: Managing Without Stifling

Chapter 27: Cloud Compliance: Regulatory Requirements for Cloud Adoption

27.1 The Cloud Migration Imperative and Its Regulatory Friction
27.2 Regulatory Requirements for Cloud in Financial Services
27.3 Data Residency, Sovereignty, and Localization Requirements
27.4 Shared Responsibility Model: Compliance Implications
27.5 Exit Strategy and Concentration Risk: Regulatory Expectations
27.6 Multi-Cloud Strategy for Regulatory Resilience
27.7 Audit Rights in Cloud Contracts: What You Need and How to Get It

Chapter 28: RegTech APIs, Open Finance, and Interoperability

28.1 APIs as Compliance Infrastructure
28.2 Open Banking Frameworks: PSD2, CDR, and Beyond
28.3 Financial Data Standards: FDX, FCA, and Interoperability
28.4 API Security in a Compliance Context
28.5 Consent Management and Permissioned Data Sharing
28.6 The Open Finance Vision: Regulatory Drivers
28.7 Building Regulator-Facing APIs: SupTech Integration

Part 6: Governance, Ethics, and Law (Chapters 29–34)

The principles, laws, and frameworks governing how RegTech itself is governed.

Chapter 29: Algorithmic Fairness and Bias in Compliance Systems

29.1 The Bias Problem in Automated Compliance
29.2 Sources of Bias: Data, Model, and Deployment
29.3 Fairness Metrics: An Introduction
29.4 Fair Lending and Disparate Impact in Credit Models
29.5 AML and the Racialized Surveillance Problem
29.6 Auditing Algorithms for Fairness: Tools and Methods
29.7 Building a Fairness Program: Governance and Remediation

Chapter 30: The EU AI Act and Algorithmic Accountability

30.1 The EU AI Act: History, Scope, and Risk-Based Framework
30.2 High-Risk AI Systems in Financial Services
30.3 Conformity Assessments and Technical Documentation
30.4 The General Purpose AI (GPAI) Provisions
30.5 Prohibited AI Practices Relevant to Financial Services
30.6 Compliance Timeline: What Needs to Be Done by When
30.7 Global Convergence: The EU AI Act as a De Facto Standard

Chapter 31: Regulatory Sandboxes: Innovation Meets Oversight

31.1 What Is a Regulatory Sandbox?
31.2 The FCA's Regulatory Sandbox: Design and Track Record
31.3 Sandboxes Around the World: Comparative Analysis
31.4 Applying to a Sandbox: Practical Guidance
31.5 Innovation Offices and No-Action Letters: US Equivalents
31.6 Digital Regulatory Reporting Pilots
31.7 The Sandbox Critic: What They Get Wrong (and Right)

Chapter 32: Global RegTech: US, EU, UK, APAC Comparative Landscape

32.1 Why Jurisdiction Matters: The Compliance Overhead of Fragmentation
32.2 US RegTech Landscape: OCC, CFTC, FinCEN, and SEC
32.3 EU RegTech: From ESAs to the Digital Finance Strategy
32.4 UK RegTech: Post-Brexit Positioning and FCA Leadership
32.5 APAC RegTech: MAS, HKMA, and ASIC
32.6 Emerging Markets: Africa, MENA, and LatAm
32.7 The Global Compliance Function: Managing Multi-Jurisdictional Obligations

Chapter 33: Cybersecurity Regulations: DORA, NIST, and Operational Resilience

33.1 Cybersecurity as a Regulatory Obligation
33.2 DORA: The Digital Operational Resilience Act Explained
33.3 NIST Cybersecurity Framework in Financial Services
33.4 Operational Resilience: The BoE and FCA Approach
33.5 ICT Third-Party Risk Under DORA
33.6 Incident Reporting Obligations: Timelines and Authorities
33.7 Building a Cyber-Compliance Program: Integration, Not Duplication

Chapter 34: Ethics in Automated Decision-Making

34.1 The Ethics of Algorithmic Authority
34.2 Consequentialist and Deontological Frameworks Applied to RegTech
34.3 The Right to Human Review: Regulatory and Ethical Dimensions
34.4 Accountability Gaps in Automated Systems
34.5 The Surveillance Question: Where Monitoring Becomes Oppression
34.6 Designing for Human Dignity in Compliance Systems
34.7 Toward an Ethics Charter for RegTech Practitioners

Part 7: Strategy and Implementation (Chapters 35–39)

Building and running RegTech programs that work in the real world.

Chapter 35: Building a RegTech Program: Strategy, Governance, and Roadmapping

35.1 Starting Points: The Compliance Technology Maturity Model
35.2 Strategic Framework: Aligning RegTech to Business Goals
35.3 Governance Structures for RegTech Programs
35.4 The Target Operating Model for Compliance Technology
35.5 Building vs. Buying: A Decision Framework
35.6 Roadmapping: Sequencing Implementation for Maximum Impact
35.7 Securing Board and Executive Buy-In

Chapter 36: Vendor Selection, Due Diligence, and Implementation Management

36.1 The RegTech Vendor Landscape: Navigating the Noise
36.2 Defining Requirements: Functional, Technical, and Regulatory
36.3 Request for Proposal (RFP) Design for RegTech
36.4 Vendor Due Diligence: Financial, Security, and Regulatory
36.5 Contract Negotiation: RegTech-Specific Clauses
36.6 Implementation Management: Phases, Milestones, and Governance
36.7 Post-Implementation Review: Measuring Success

Chapter 37: Change Management for Compliance Transformation

37.1 Why Change Management Is a Compliance Competency
37.2 The Human Side of Compliance Automation
37.3 Stakeholder Mapping for RegTech Programs
37.4 Communication Strategies for Compliance Change
37.5 Training and Capability Building for Automated Compliance
37.6 Managing Resistance: The Analyst Who Doesn't Trust the Model
37.7 Sustaining Change: Governance and Continuous Improvement

Chapter 38: RegTech ROI: Measuring and Communicating Compliance Efficiency

38.1 The ROI Measurement Problem in Compliance
38.2 Cost Baseline: What Compliance Actually Costs
38.3 Direct ROI: Headcount, False Positives, and Processing Time
38.4 Indirect ROI: Regulatory Capital, Penalty Avoidance, and Reputation
38.5 Building the Business Case: Templates and Methods
38.6 Communicating Value to Boards and CFOs
38.7 Benchmarking: Industry Metrics for Compliance Efficiency

Chapter 39: The Future of RegTech: SupTech, Digital Regulation, and What's Next

39.1 SupTech: Regulators as Technology Adopters
39.2 Machine-Executable Regulation: The Policy-as-Code Vision
39.3 Digital Regulatory Reporting: Direct Feed to Regulators
39.4 AI Governance Frameworks: The Next Wave of Requirement
39.5 Quantum Computing and Post-Quantum Cryptography for Compliance
39.6 The RegTech Talent Market: Skills for the Next Decade
39.7 A Practitioner's View from the Frontier

Part 8: Capstone (Chapter 40 + Projects)

Chapter 40: Integrating the RegTech Stack: A Full Program Review

40.1 The RegTech Stack: Components and Interdependencies
40.2 Common Integration Failure Modes
40.3 Data Flows Across the Compliance Ecosystem
40.4 The Character Synthesis: Where Are Maya, Rafael, and Priya Now?
40.5 Governance and Continuous Improvement
40.6 The Practitioner's Reflection: What We Know Now

Capstone Project 1: Design a KYC/AML RegTech Program for a Fintech Startup

Capstone Project 2: Build a Regulatory Reporting Pipeline

Appendices

Glossary — 200+ RegTech terms defined
Answers to Selected Exercises — Worked solutions and discussion guides
Bibliography — Annotated references and primary sources
Appendix A: Python RegTech Reference — Function and library guide
Appendix B: Regulatory Frameworks Guide — Key frameworks at a glance
Appendix C: Key Regulations Primer — GDPR, MiFID II, AML6D, DORA, Basel III/IV, and more
Appendix D: Templates and Checklists — Implementation-ready tools
Appendix E: Quick Reference Cards — Single-page summaries for key topics
Appendix F: FAQ — Common practitioner questions answered