January 2026: Transparency, Enforcement, and What’s Ahead

Authors:

Kyrstin Ritsema, IACCP®
Executive Director, Compliance Services

Lewis Davison
VP of Product, Documents & Templates Production

Mike Marmo
VP of Product, Regulatory Reporting

Introduction: Key regulatory
themes to start 2026

As the industry enters 2026, regulators across major jurisdictions are moving from rulemaking to closer supervision, validation, and enforcement. Expectations around transparency, governance, data quality, and operational resilience are no longer theoretical—they are being tested in practice through examinations, supervisory reviews, and enforcement activity.

This January edition of the RegTech Report focuses on several themes shaping the early regulatory agenda for the year:

• the evolving UK shareholder disclosure landscape and what firms should be watching
  in 2026;
• insights from global regulatory enforcement actions, highlighting where supervisory scrutiny continues to concentrate; and
• a forward-looking perspective on the U.S. regulatory environment, examining how governance, technology, and accountability expectations are converging.

We also highlight recent developments in the UK’s Consumer Composite Investments (CCI) regime, with a link to our full analysis published in December.

2026 U.S. regulatory outlook: From rulemaking to regulatory validation

The US securities regulatory environment entering 2026 reflects a deliberate tightening of expectations around fundamentals: governance, accountability, operational resilience, and the effective use of technology. After several years of rapid rulemaking, regulators are shifting from proliferation to enforcement, supervision and validation. While this looks different to large asset servicers, institutional asset owners, and private fund sponsors, that are operating globally vs. US based entities, the final product is the same; this year is less about reacting to new rules, and more about proving that existing obligations are embedded, scalable and defensible.

The US is not operating in isolation. Global regulators are converging around shared concerns – non-bank financial intermediation, private credit growth, data protection, digital operational resilience and the governance of advanced technologies. Firms with cross-border operations must therefore prepare for a regulatory environment that is increasingly coordinated in substance, even if fragmented in form.

From a U.S. perspective, 2026 is best categorized as a year of regulatory validation. Examination and supervisory programs across the securities ecosystem are emphasizing whether firms have translated rules into durable operating models. Expectations are rising around the quality of implementation, the consistency of execution across affiliates, process of merger or acquisition, and the ability of senior management to evidence oversight.

For investment advisors and private fund managers, this manifests in deeper scrutiny of fiduciary practices, conflicts management, fee and expense allocations, valuation governance and marketing accuracy. The regulatory focus has shifted from whether disclosures exist, to whether they are meaningful, consistently applied, and supported by controls. In practice, this means firms should expect examiners (and our team has witnessed) to test not just policy language, but workflows, exception handling, and the use of data to monitor outcomes. Technology will play a key role in supporting testing.

Operational resilience has also become a central supervisory theme. Amendments to data protection and identity theft rules, combined with heightened expectations around incident response and vendor oversight as evidenced with the recent compliance date of Regulation S-P, signal that regulators now view technology and operational failures as investor protection issues, not merely IT concerns. This is particularly relevant for asset servicers and complex managers whose operating models rely heavily on third-party platforms, administrators, and cloud infrastructure.

Importantly, regulators are showing less tolerance for siloed compliance functions. This has become increasingly apparent as the data provided on the Investment Advisors Public Disclosure site has shifted its focus from compliance officers employed outside the firm, to merger and acquisition activity. Risk management, compliance, operations, and technology are increasingly expected to operate as an integrated control environment. Firms that cannot demonstrate coordination across disciplines and locations, particularly during incidents or periods of market stress, will be exposed.

While retail-facing issues continue to command attention, regulators are clearly focused on the growth of private markets and their implications for financial stability. Private credit, bespoke financing structures, and less transparent liquidity profiles are no longer viewed as niche strategies; they are now core components of institutional portfolios.

In the US, this has translated into heightened interest in liquidity risk management, leverage, valuation practices, and counterparty exposure within private funds. Globally, standard-setting bodies and foreign regulators are reinforcing this focus, particularly where private market activity intersects banks, insurers, and pension systems.

For large managers and asset owners, the implication is straightforward: private market strategies are expected to be governed with the same rigor historically applied to public markets, even where rules are disclosure-based.

For smaller entities or firms entering the private markets space, the focus is less on scale and more on durability. Regulatory tolerance for informal governance and undocumented decision-making continues to narrow, regardless of firm size.

Another defining feature of the coming year is the regulatory normalization of advanced technology. Artificial intelligence, automation, and data analytics are no longer treated as experimental. Regulators increasingly assume these tools are embedded in investment processes, surveillance, client services, and operations—and they expect governance to align accordingly.

As discussed in our recent webinar, Prioritizing the Priorities, regulators are not prescribing specific technologies. Instead, they are focused on whether firms understand how systems function, what risks they introduce, and how outputs are validated. Explainability, accountability, and data integrity are baseline expectations.

At the same time, global regimes, particularly in Europe, are formalizing digital operational resilience requirements that extend beyond regulated entities to their critical service providers. For US-based firms with international operations or clients, these regimes effectively raise global operating standards.

Although regulatory frameworks differ across jurisdictions, the direction of travel is aligned. Data protection, operational resilience, systemic risk oversight, and governance of innovation are common themes across the US, Europe, and APAC markets.

What differs is the enforcement style and evidentiary expectations. US regulators emphasize accountability and documentation, while international regimes often rely on more prescriptive control frameworks. Global firms must reconcile these approaches into a coherent operating model that withstands scrutiny across regulators.

From a compliance perspective, 2026 is a year to pressure-test programs. Leadership teams should assess whether compliance and risk frameworks reflect how the business operates today, not how it operated several years ago.

Scenario-based testing is becoming increasingly important, covering not only market stress but also operational and compliance failures. Data integrity, valuation challenges, cyber incidents, and third-party outages should be discussed and rehearsed at senior management and board levels.

Boards and senior executives are also expected to remain visibly engaged. Delegation alone is not a defense. Regulators continue to emphasize tone from the top, oversight, and challenge as core components of an effective control environment.

The regulatory environment in 2026 is demanding but predictable. Regulators are signaling clear expectations around governance, operational resilience, disciplined use of technology, and accountability on a scale. Firms that treat compliance as a strategic capability—and resource accordingly will be better positioned to navigate examinations and the longer-term evolution of global regulations.

- Kyrstin Ritsema, Executive Director, Compliance Services

UK Consumer Composite Investments (CCI) regime: Final rules published

The FCA published its final Consumer Composite Investments (CCI) rules in December 2025, marking a significant milestone for UK retail investment disclosures. With an 18-month transition period now underway, firms are beginning to assess implementation priorities and operational impacts.

We have published a detailed breakdown of the final rules, including scope, timelines, manufacturer and distributor responsibilities, and disclosure requirements.

Read our full analysis here

- Lewis Davison, VP of Product, Documents & Templates Production

UK shareholder disclosures: Key developments to watch in 2026

Shareholder disclosure regimes remain a core pillar of market transparency in the UK, particularly as regulators continue to refine expectations around ownership visibility, market integrity, and timely disclosure. While the underlying framework is well-established, recent developments suggest a gradual shift toward a tighter interpretation, enhanced monitoring, and closer alignment with global transparency trends.

• Disclosure accuracy and timing: Continued supervisory focus on voting rights calculations, triggering events, and deadline management.
• Acting in concert: Greater attention to informal coordination and shared economic interests beyond direct ownership.
• Corporate actions: Buybacks, restructurings, and voting changes creating unexpected threshold crossings.
• Governance and controls: Increased emphasis on documented processes, escalation, and oversight.
• Global alignment: The need for firms operating cross-border to maintain a consolidated view of disclosure obligations.

Source reference: aosphere, Shareholding Disclosure – Key Developments

Confluence Technologies supports firms in monitoring shareholder disclosure obligations across UK and global regimes, helping teams manage complexity, maintain oversight, and adapt to evolving regulatory expectations.

- Mike Marmo, VP of Product, Regulatory Reporting

Regulatory enforcement actions: A data point for 2026

Regulatory enforcement activity continues to offer insight into supervisory priorities. According to aosphere’s Rulefinder Shareholding Disclosure, as of 2025:

• 84 regulatory enforcement actions related to shareholding disclosure have been tracked globally
• These actions total USD 190,582,625 in reported enforcement outcomes
• The figures reflect tracked actions in key jurisdictions and do not capture all supervisory reprimands or corrective measures

These data points highlight sustained regulatory interest in disclosure compliance, particularly where issues relate to transparency, governance, or delayed reporting.

Source reference: aosphere, Rulefinder Shareholding Disclosure – Enforcement Actions Tracker

Confluence Signal Investment Monitoring supports firms with disclosure reporting, workflow controls, and governance tools designed to help manage disclosure obligations consistently across jurisdictions.

Join us for our exclusive webinar: Avoiding Costly Compliance Pitfalls: Lessons from Global Regulatory Fines and How to Avoid Them.

- Mike Marmo, VP of Product, Regulatory Reporting

Looking Ahead

As 2026 progresses, regulatory momentum shows little sign of slowing. Transparency, data governance, and supervisory consistency remain central themes. Confluence Technologies continues to monitor developments closely, supporting clients with insight, technology, and operational expertise.

From all of us at Confluence Technologies, we wish you a successful start to 2026, and thank you for subscribing to the RegTech Report.

Disclaimer

The content provided by Confluence Technologies, Inc. is for general informational purposes only and does not constitute legal, regulatory, financial, investment, or other professional advice. It should not be relied upon as a substitute for specific advice tailored to particular circumstances. Recipients should seek guidance from appropriately qualified professionals before making any decisions based on this content.

Unless otherwise stated, Confluence Technologies, Inc. (or the relevant group entity) owns the copyright and all related intellectual property rights in this material, including but not limited to database rights, trademarks, registered trademarks, service marks, and logos.

No part of this content may be adapted, modified, reproduced, republished, uploaded, posted, broadcast, or transmitted to third parties for commercial purposes without prior written consent.

About Confluence^® Technologies