Regulatory reforms across the UK, US and EU are pulling in different directions, creating diverging requirements for financial services firms.
In the US, the Trump administration has been following through on its commitment to deregulation, signalling a lighter-tough approach and advocating for self-disclosure.
The UK’s trajectory is shaped by post-Brexit independence and focus on positioning itself as a leading global financial centre.
In contrast, the EU has continued to emphasise robust regulatory intervention, including an enforcement posture that is willing to impose significant penalties where supervisors see consumer, market integrity, or systemic risk.
The UK-EU divergence tracker found eight cases of EU-led ‘passive divergence’ from UK rules and five cases of UK-led ‘active’ divergence from the EU. The areas which are already showing early signs of that drift include, operational resilience, AI governance, Consumer Duty, Central Securities Depositories Regulation (CSDR) requirements, and ESG.
Divergence increases compliance, operational, and reporting risks by creating conflicting or non-aligned requirements across jurisdictions.
As we approach the end of 2025, it has been a particularly divergent year across the regulatory landscape, making it more challenging for financial services firms to remain compliant and risk averse.
It raises costs through duplicated assessments, parallel documentation, and control redesigns and increases the chance of misinterpretation when similar concepts are defined differently in different markets.
At a market level, fragmentation also drives inefficiency and reduces liquidity, which ultimately increases costs for end users and businesses.
That is why regulatory compliance technologies are no longer a nice-to-have but a must-have. With automated regulatory compliance, firms can detect change early, interpret consistently, implement efficiently and evidence compliance confidently across multiple jurisdictions. Find out how FinregE can do this.
What is regulatory divergence?
Regulatory divergence is the process by which different jurisdictions’ rules and supervisory expectations drift apart over time, even when they started from a similar framework. It shows up not only in what the law says, but also in how regulators interpret it, how they supervise firms, and how they enforce compliance.
It occurs because countries pursue different policy priorities and risk tolerances, shaped by factors such as political strategy, economic competitiveness goals, domestic market structure, innovation agendas, and reactions to geopolitical or economic shocks.
In the US, businesses are faced with state-by-state expectations, sector-by-sector interpretations and different teams building different controls for the same underlying risk, making it a mammoth of a challenge to ensure compliance.
One of the clearest illustrations is in data and privacy regulation, where divergence is increasingly driven by supervisory style in the EU and UK.
EU regulators have demonstrated a readiness to take formal action and apply meaningful sanctions, while the UK’s Information Commissioner’s Office (ICO) has been more engagement-led and comparatively less fine-driven.
As a result, firms operating in UK and EU struggle to know what “good” looks like operationally.
The UK
After departing from the European Union, the UK was given the opportunity to review regulatory frameworks previously inherited from EU law.
The EU continues to move ahead with its own plans to regulate rigorously and often, whereas the UK is replacing duplicative requirements, removing laws that are no longer fit-for-purpose and simplifying where possible to ease the heavy burden on organisations in a bid to boost innovation and competitiveness.
While reforms for certain regulations make the UK attractive to other businesses to operate in, the divergence from EU practices is causing compliance, risk and legal teams a headache.
The EU
The EU’s regulatory posture is increasingly defined by a simple expectation: show your working.
What that means in practice
- Operational resilience becomes provable, not aspirational. DORA is a marker here, it’s about demonstrating resilience through testing, incident handling, and third-party governance and crucially, it pushes oversight expectations further into the supply chain.
- AI is governed like a systemic risk, not a feature. The EU’s approach to AI places a heavy emphasis on controls, accountability, and protecting people from harm, especially when automation touches decisions that can materially affect consumers.
- Digital assets are treated through a comprehensive lens. Markets in Crypto Assets (MiCA) creates a more unified framework across parts of the crypto ecosystem, which raises the bar for consistency, licensing, disclosure, and market conduct.
How firms can manage regulatory divergence
- Integrate regulatory change into the business, not just compliance
Divergence is hardest when regulatory change management sits in a silo. Leading firms embed horizon scanning, impact assessment, and implementation tracking into core governance so that regulatory updates translate quickly into business decisions, policy updates, and control changes across jurisdictions. - C-suite leadership: set the “tone” and the operating model
Managing divergence requires senior sponsorship because it often involves trade-offs: consistency vs local tailoring, speed vs assurance, innovation vs risk appetite. Boards and executives should ensure teams are trained and empowered to apply new rules, align to clear customer and investor outcomes, and document decisions, especially where requirements differ by market. - Build the ability to respond quickly, without losing control
Speed matters when multiple jurisdictions move at once. Firms need clear ownership, escalation paths, and decision forums so they can interpret obligations, approve policy positions, and implement changes rapidly, while maintaining defensible evidence trails for supervisors and auditors. - Look forward: treat divergence as an emerging risk
Divergence should be tracked like any other strategic risk. Firms should identify “hot zones” where rules are most likely to separate (e.g., operational resilience, AI governance, consumer protection, ESG, digital assets), run scenario analysis on likely outcomes, and anticipate knock-on impacts on products, reporting, and third-party arrangements. - Use technology that matches the pace and complexity of change
The scale and speed of regulatory developments mean manual tracking is increasingly unreliable, important updates can slip through the cracks, especially across jurisdictions and business lines. Regulatory compliance technologies reduce the time and cost of identifying relevant developments, assessing applicability, coordinating implementation, and maintaining a single source of truth for obligations and actions. - Continuously review controls, processes, and evidence
Firms should regularly review and update controls, reporting workflows, disclosures, and customer communications to reflect ongoing regulatory change and diverging requirements. Technology can be particularly valuable here by mapping obligations to policies and controls, flagging gaps, and supporting timely, accurate reporting and disclosures across the UK, EU and US.
How FinregE helps to manage divergence
FinregE’s regulatory compliance solutions can help firms ensure compliance and stay risk-averse across multiple jurisdictions, under one consolidated platform which can prove compliance efficiently. Here’s how:
1) One horizon, multiple jurisdictions
Regulatory change management breaks when teams can’t see:
- what changed,
- where it applies,
- and how it interacts with existing rules and guidance.
FinregE helps by:
- consolidating regulatory updates into a structured view,
- tagging them by jurisdiction, regulator, theme, and business impact,
- and supporting consistent interpretation across lines of defence.
2) From “interpretation” to “implementation”, mapping obligations to policies, controls and owners
Divergence becomes manageable when you can answer three questions quickly:
- Which obligations apply to us in each jurisdiction?
- Which internal policies/controls already cover them?
- Where are the gaps, and who owns remediation?
FinregE’s approach connects:
- obligations → policies → controls → evidence → accountability,
so your response is not just “we think we comply,” but “here’s the chain.”
3) Built-in governance: decisions, rationale, and audit trails
When regulators diverge, your internal decisions matter. FinregE supports a defensible compliance narrative by helping teams capture:
- interpretation rationale,
- approvals and sign-off,
- timelines,
- and evidence bundles,
so the organisation can explain why it chose a particular approach, not just what it did.
4) Using GenAI safely: accelerate work, don’t automate risk
Used properly, GenAI can shrink the most painful part of divergence: the manual reading, comparing, drafting, and cross-referencing.
FinregE can help teams:
- interpret new regulatory texts into structured obligations,
- identify affected policies and likely gaps,
- draft policy changes and implementation actions,
- and support deduplication and consistency across policy libraries, with human oversight and governance baked in, so speed doesn’t come at the expense of control.
The biggest misconception about regulatory divergence is that it’s solved by hiring more people.
Headcount can help. For a while. But not forever.
Technology is the way forward. Get in touch today.
