Ask a compliance officer how their program is doing and you’ll often get a carefully qualified answer. Ask them what ‘great’ looks like, and the conversation might suddenly grow quiet.
That’s because financial organizations lack a common language to describe where they are in their compliance maturity journey, where they’re headed, or what progress looks like. That’s why we built one. Then we put it to the test with the 2026 AscentAI RegTech Benchmark Survey of hundreds of global financial services organizations.
The survey findings reveal an industry in transition. Most organizations struggle to confidently handle the increasing volume and velocity of regulatory change. Almost all survey respondents are working to gain that capability, and a small group is pulling ahead of the pack.
The four stages of compliance maturity
We divided compliance maturity into four stages:
- Basic – Compliance activities are primarily manual via email, spreadsheets, and documents. Dedicated compliance technology is limited.
26% of survey respondents put themselves at the Basic stage - Dependent – Compliance initiatives rely on consultants or outside counsel to be effective.
16% labeled their organizations in the Dependent stage - Emerging – Some processes are supported by software tools or point solutions (horizon scanning, data feeds, etc.)
42% self-described as Emerging (the largest single group) - Advanced – Compliance operations are highly automated across a fully integrated tech stack
16% labeled their organizations as Advanced
All told, 84% of organizations operate without fully automated, integrated compliance processes. The majority use some software, while also relying on manual work.
The industry is headed toward automation
When we asked where respondents expect to be in 12 months, the landscape shifted dramatically:
- Within 12 months, 15% fewer expect to be in the Basic stage
- The dependent stage is expected to shrink from 16% to 7%
- The Emerging group grows modestly from 42% to 46%
- The Advanced group more than doubles from 16% to 35%
What improvement looks like at each stage
Understanding where you are is only useful if you know what ‘better’ looks like. Here’s a vision of what advancing compliance maturity means in practice:
At Basic: The first step toward improvement is access to continually updated information on which regulations apply to your business. AscentAI calls this a Regulatory Map. It’s a structured view of your product offerings in the context of jurisdictions, and the regulators and regulatory content that applies to them.
At Dependent: The goal is to build internal capability that reduces reliance on external counsel. This usually begins with a clear, continually updated register of the regulatory obligations that apply to your business, which better positions your team to assess impact without relying on outside help.
At Emerging: You may have a point solution or solutions, but they either work in isolation or don’t talk to each other. The goal is to integrate systems so the regulatory intelligence they automatically feed you flows seamlessly to the people and systems that need to act on it. Automated monitoring, change detection, and GRC integration are key at this stage.
At Advanced: The focus shifts from building capability to optimizing it. How fast can you respond to a regulatory change? How confidently can you demonstrate compliance to an examiner? How quickly can you scale into a new jurisdiction? These questions define levels of differentiation at the ‘Advanced” level—the top of the maturity curve.
Next steps:
1 – Download the full Benchmark Report here.
2 – AscentAI has developed a short self-assessment scorecard focused on regulatory change management. You can read more about it and download the quiz (no email required – we promise!).
