Will technology-driven risks be the main cause of compliance issues for companies in the coming year?

The current world is characterized by constant uncertainty, which poses a significant challenge for compliance teams, as the primary concern in this context is cybersecurity risk. While the volatility of the global economy appears to be the main catalyst for compliance issues this year, other risks may also be on the rise.

A report published in March surveyed 300 regulatory leaders worldwide about trends related to market abuse and trading surveillance. One of the most relevant findings indicates that 64% of regulatory professionals believe that cybersecurity risks are the most likely to cause compliance problems in the coming year. In the background is global economic uncertainty, cited by 58%, followed by increasing regulatory complexity.

In light of recent events this year, a question arises as to whether this hierarchy remains or if other market factors are taking a more prominent role than expected. Technology, particularly artificial intelligence (AI), plays a crucial role in technology-driven risks. While AI-based trading models are designed to maximize profits and increase efficiency, their rapid sophistication makes them unpredictable. As these trading strategies become interlinked, market movements become harder to control and predict. For this reason, proprietary trading firms, which rely on high-frequency algorithmic strategies, express significant concern about these technological risks, with 70% of respondents indicating it as a key issue for this year.

At the same time, AI is proving to be a valuable tool for compliance teams. Effective surveillance now relies on machine learning and AI to identify subtle connections between instruments, companies, or markets. These insights help compliance professionals detect more sophisticated forms of market abuse and reduce false alerts, which are a significant burden for monitoring teams.

However, technological risks are not limited to AI. Electronic communications outside of official channels (eComms), where employees use unsupervised apps like WhatsApp or Signal, also pose a significant compliance risk. Additionally, the increasing regulatory clarity around digital assets, such as the second part of the EU’s MiCA regulation set to come into force in December 2024, suggests that their integration into the market will accelerate.

Global economic uncertainty has been a major theme in 2025, with issues such as U.S. trade tariffs, geopolitical conflicts, and supply chain disruptions creating a business environment where predicting the next move becomes complicated. Still, this uncertainty is being embraced more readily, prompting both regulators and companies to configure their systems to withstand unexpected market twists.

To mitigate this uncertainty from a regulatory perspective, it is essential to have robust trading surveillance controls in place. In recent years, regulators have focused their attention on eComms surveillance and trading surveillance control systems, rather than simply imposing fines for abuses. A report shows that fines related to trading and eComms surveillance accounted for over 75% of total enforcement actions in 2024. Furthermore, a wider range of global regulators has begun to impose financial penalties on companies of all sizes, not just top-tier banks.

In an environment where certain events are impossible to predict, it is imperative to implement solid controls to mitigate risks and maintain compliance. Current compliance technology is evolving to address this increasing variety of risks, incorporating features such as conditional parameters that can adapt to market volatility or testing environments to assess new configurations in a controlled, low-risk setting.

The surveillance of eComms and trading is under intensified regulatory scrutiny, meaning that compliance strategies integrating trading and eComms data will be better positioned to manage risks this year. Trading data offers quantifiable evidence of suspicious activities, while the intent behind these activities often resides in communication data. By adopting an integrated approach, compliance teams can detect abuses that would otherwise remain hidden and build comprehensive cases.

It is still too early to determine which risks are causing the most significant compliance issues this year. Nevertheless, it is evident that the three areas highlighted by regulatory professionals align with the reality of current compliance. Rather than prioritizing one risk over another, the compliance strategy increasingly demands a holistic approach that considers the interrelations between these risks. The key lies in control: in an environment of unpredictable events, well-designed regulatory processes and efficiently executed systems are invaluable.