Chapter 32: Further Reading — Global RegTech: US, EU, UK, APAC Comparative Landscape

Primary Regulatory Texts

AML / KYC

FATF — The FATF Recommendations (2012, as updated 2023) The foundational global AML/CFT standard-setting document. All forty recommendations and interpretive notes. Chapter 32 references the risk-based approach (Recommendation 1), customer due diligence (Recommendations 10–12), correspondent banking (Recommendation 13), and suspicious transaction reporting (Recommendation 20). Available at: https://www.fatf-gafi.org/en/topics/fatf-recommendations.html

EU AML Regulation (2024) Regulation (EU) 2024/[number] establishing the Anti-Money Laundering Authority and laying down rules on AML/CFT for financial sector entities. The key development from AMLD6. Official Journal of the EU. Available via EUR-Lex.

EU Anti-Money Laundering Authority (AMLA) — Establishment Regulation Regulation (EU) 2024/[number] establishing AMLA, its supervisory remit, and its powers to issue binding technical standards. Monitor the AMLA's publications as its BTS program develops from 2025 onward.

FinCEN Customer Due Diligence Final Rule — 31 CFR Part 1010 (as amended 2024) The US beneficial ownership CDD rule, including 2024 amendments. Sets the 25% beneficial ownership threshold for legal entity customers. Available at: https://www.fincen.gov/resources/statutes-regulations

MAS AML/CFT Notices and Guidelines MAS Notice SFA 04-N02 (Capital Markets Services); MAS Notice FSG-N02; and accompanying Guidelines. Available at: https://www.mas.gov.sg/regulation/anti-money-laundering

JMLSG Guidance — Prevention of Money Laundering / Combating Terrorist Financing (2017 as amended) The UK industry guidance endorsed by HM Treasury. Particularly Parts I and II covering risk assessment and customer due diligence. Available at: https://www.jmlsg.org.uk/guidance

Operational Resilience

DORA — Regulation (EU) 2022/2554 Digital Operational Resilience Act, full text. Official Journal of the EU. Articles 1–64. Supplemented by the regulatory technical standards (RTS) and implementing technical standards (ITS) published by EBA, EIOPA, and ESMA in 2024.

DORA RTS on Major Incident Classification Joint Committee of the European Supervisory Authorities, RTS specifying the criteria for classifying ICT-related incidents as major, and the thresholds for significant cyber threats. Essential for implementing DORA incident management workflows.

FCA / PRA Policy Statement PS21/3 — Building Operational Resilience The UK operational resilience framework. Includes the final policy, supervisory statement SS1/21 (PRA), and the FCA's operational resilience Policy Statement. Available at: https://www.bankofengland.co.uk/prudential-regulation/publication/2021/march/building-operational-resilience

MAS Technology Risk Management Guidelines (2021) The definitive MAS guidance on technology risk for financial institutions operating in Singapore. Covers system development, IT operations, cybersecurity, and outsourcing. Available at: https://www.mas.gov.sg/regulation/guidelines/technology-risk-management-guidelines

AI and Algorithmic Governance

EU AI Act — Regulation (EU) 2024/1689 The EU Artificial Intelligence Act, full text. Official Journal of the EU. Particularly relevant: Title I (general provisions); Title III (high-risk AI systems); Title VIII (transparency and accountability). Available via EUR-Lex.

NIST AI Risk Management Framework (AI RMF 1.0) NIST's voluntary framework for managing risks in AI systems. Published January 2023. Core functions: Govern, Map, Measure, Manage. Available at: https://www.nist.gov/system/files/documents/2023/01/26/AI RMF 1.0.pdf

MAS FEAT Principles — Principles to Promote Fairness, Ethics, Accountability and Transparency The original MAS FEAT document (2018) and subsequent guidance on AI governance in Singapore's financial sector. Available at: https://www.mas.gov.sg/news/media-releases/2018/mas-sets-out-principles-to-promote-fairness-ethics-accountability-and-transparency-in-the-use-of-ai

Federal Reserve SR 11-7 — Guidance on Model Risk Management The foundational US regulatory guidance on model risk management, applicable to AI models in financial services. Available at: https://www.federalreserve.gov/supervisionreg/srletters/sr1107.htm

Data Privacy

GDPR — Regulation (EU) 2016/679 General Data Protection Regulation, full text. Available via EUR-Lex. Chapter 32 particularly references Article 17 (right to erasure), Article 44–49 (international transfers), and Articles 83–84 (penalties).

Singapore PDPA — Personal Data Protection Act 2012 (as amended 2021) The PDPA and accompanying regulations. Available at: https://www.pdpc.gov.sg/Overview-of-PDPA/The-Legislation/Personal-Data-Protection-Act

GLBA Safeguards Rule (16 CFR Part 314, as amended 2023) The Federal Trade Commission's updated Safeguards Rule under Gramm-Leach-Bliley, requiring financial institutions to implement information security programs. Available at: https://www.ftc.gov/business-guidance/resources/ftc-safeguards-rule-what-your-business-needs-know

International and Comparative Studies

FSB — RegTech in Financial Supervision (2020) Financial Stability Board report on the use of technology in financial supervision, including cross-border coordination challenges. Available at: https://www.fsb.org/work-of-the-fsb/markets-and-investments/fintech-and-financial-innovation/

IOSCO — Recommendations for Cloud Providers (2021) IOSCO report providing regulatory recommendations for financial services firms using cloud services, with comparative analysis of jurisdictional approaches. Available at: https://www.iosco.org/library/pubdocs/pdf/IOSCOPD681.pdf

BIS — Regtech and the New Supervision Agenda (2021) Bank for International Settlements paper examining RegTech from a supervisory perspective, including cross-jurisdictional considerations. Available at: https://www.bis.org/fsi/fsipapers19.pdf

Global Financial Innovation Network (GFIN) — Cross-Border Testing Reports GFIN — a network of international financial regulators — publishes reports on cross-border regulatory innovation and comparative regulatory analysis. Available at: https://www.thegfin.com

EBA — Report on the Use of RegTech in the EU Financial Sector (2021) European Banking Authority report covering how EU firms use technology for compliance across AML, reporting, risk management, and supervisory oversight. Includes comparative analysis across EU member states. Available at: https://www.eba.europa.eu/regulation-and-policy/innovation-and-fintech/regtech

HKMA — Regtech Watch The Hong Kong Monetary Authority's quarterly publication on regulatory technology developments, including jurisdictional comparisons. Available at: https://www.hkma.gov.hk/eng/key-functions/international-financial-centre/fintech/regtech-watch/

Post-Brexit Alignment References

FCA Statement on UK-EU Regulatory Alignment The FCA's position paper on its approach to EU regulatory alignment post-Brexit, covering MAR, GDPR (as UK GDPR), and operational resilience. Available at: https://www.fca.org.uk/markets/international-markets/brexit

PRA Statement — Approach to International Insurance Regulation Post-Brexit The PRA's approach to maintaining international regulatory alignment while developing UK-specific frameworks. Available via: https://www.bankofengland.co.uk/prudential-regulation

Academic and Practitioner References

Arner, D., Barberis, J., and Buckley, R. (2020). The Evolution of Fintech: A New Post-Crisis Paradigm? Georgetown Journal of International Law, 47(4), 1271–1319. A foundational academic treatment of RegTech's emergence.

Magnuson, W. (2018). Regulating Fintech. Vanderbilt Law Review, 71(4), 1167. Analysis of regulatory approaches to financial technology across US and international jurisdictions.

Financial Times — Lex column on EU AI Act implementation (2024–2025). Ongoing coverage of AI Act implementation challenges for financial services.

Thomson Reuters Regulatory Intelligence — Global AML Benchmark Report. Annual report comparing AML regulatory requirements and enforcement across major jurisdictions. Subscription required.