Previous Article in Journal
Executive Equity Incentive, Internal Control and Organizational Resilience
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
IJFS
Volume 13
Issue 4
10.3390/ijfs13040217
ijfs-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Digital Regulatory Governance: The Role of RegTech and SupTech in Transforming Financial Oversight and Administrative Capacity

by
Niloufar Bagherifam
1,†,
Sajjad Naghdi
2,*,†,
Vahid Ahmadian
2,
Alireza Fazlzadeh
2 and
Milad Baghalzadeh Shishehgarkhaneh
3
1
Department of Business Administration, Faculty of Management and Economics, University of Tabriz, Tabriz 5166616471, Iran
2
Department of Accounting, Faculty of Economics and Management, University of Tabriz, Tabriz 5166616471, Iran
3
Department of Civil Engineering, Monash University, Melbourne 3800, Australia
*
Author to whom correspondence should be addressed.
These authors contributed equally to this work.
Int. J. Financial Stud. 2025, 13(4), 217; https://doi.org/10.3390/ijfs13040217
Submission received: 5 October 2025 / Revised: 7 November 2025 / Accepted: 11 November 2025 / Published: 14 November 2025
Browse Figures
Versions Notes

Abstract

Rapid digitalization is transforming how public and private institutions manage regulation, compliance, and supervision. This paper explores the rise of Regulatory Technology (RegTech) and Supervisory Technology (SupTech) as instruments of digital regulatory governance and examines their implications for administrative efficiency, defined as the optimization of regulatory and supervisory processes through automation and data-driven coordination, institutional capacity, and policy innovation. Using a systematic literature review of 59 peer-reviewed studies published between 2017 and 2025, the study identifies how RegTech enhances compliance management and risk control in financial institutions, while SupTech enables regulators to improve supervisory agility, transparency, and real-time oversight. The findings show that these technologies create significant administrative value by streamlining reporting, enhancing accountability, and strengthening governance networks across the public–private interface. However, adoption is constrained by cybersecurity vulnerabilities, algorithmic opacity, regulatory fragmentation, and organizational resistance. To address these issues, the study proposes an integrated governance framework that maps opportunities and barriers across compliance, risk, technology, and institutional coordination. By synthesizing fragmented evidence, this research contributes to the field of administrative sciences by positioning RegTech and SupTech not only as technical innovations but as transformative tools of digital public administration and regulatory modernization.

1. Introduction

Traditional compliance frameworks, built on manual reporting, fragmented IT systems, and paper-based procedures, were ill-suited to handle this regulatory deluge. Institutions found themselves allocating 15–20% of operational budgets to compliance-related functions, creating severe inefficiencies and, in some cases, threatening their viability (Walker, 2018). Scholars such as Bamberger argued that compliance burdens were disproportionately heavy for smaller and mid-sized institutions, which lacked the resources to maintain large compliance departments (Bamberger, 2009). The FSB and IMF likewise highlighted the growing compliance–innovation trade-off, warning that excessive regulatory complexity could stifle market dynamism while failing to ensure resilience (Borio et al., 2020).
Against this background, scholars and practitioners began to explore the role of technology as a potential solution. The emergence of RegTech and SupTech was a direct response to these challenges. While the former refers to technology-enabled compliance solutions within firms, the latter encompasses supervisory applications adopted by regulators themselves. Together, they promise to reduce costs, increase efficiency, and enable real-time, data-driven regulatory governance.

1.1. Conceptual Evolution of RegTech and SupTech

The conceptual emergence of RegTech and SupTech is deeply rooted in the post-GFC environment, when the scale and complexity of regulatory reforms reshaped compliance and supervision across global financial systems. In the years following the crisis, regulators across the G20 economies introduced tens of thousands of new rules, with estimates suggesting more than 50,000 regulations were enacted between 2009 and 2012, alongside continuous updates in subsequent years (Konina, 2021). This unprecedented surge in regulatory requirements created heavy operational and financial burdens, particularly for financial institutions whose legacy compliance systems were dependent on manual interpretation, fragmented IT infrastructures, and paper-based processes that could not efficiently scale (Memminger et al., 2016). In this context, both scholars and policymakers recognized the limitations of traditional supervisory mechanisms and began exploring how digital technologies might transform compliance and oversight (Borio et al., 2020). Recent analyses, such as El Khoury et al. (2025), provide a comprehensive review of this evolution, showing how RegTech and SupTech emerged as adaptive responses to post-crisis institutional complexity and digital acceleration. Their work identifies institutional adaptation, algorithmic supervision, and global regulatory coordination as key pillars of RegTech’s conceptual foundation. This historical backdrop provides the intellectual foundation for the rise of what became defined as “Regulatory Technology,” or RegTech, and later “Supervisory Technology,” or SupTech.
The first scholarly attempts to frame RegTech conceptually came in the mid-2010s, particularly through the influential work of Arner et al., who positioned RegTech as a distinct subset of FinTech (Arner et al., 2016). While FinTech broadly referred to innovations in customer-facing financial services, RegTech was defined as technology designed specifically to enhance regulatory monitoring, reporting, and compliance (Anagnostopoulos, 2018). This differentiation was critical because it carved out a conceptual space for RegTech as a field, avoiding its subsumption under the broader FinTech umbrella. Reinforcing this distinction, the Financial Stability Board characterized RegTech as inward-looking, focused on governance, auditing, and compliance functions, while FinTech remained outward-facing, centred on client services (Press release, 2020). Similarly, the World Bank emphasized that RegTech’s role was not in product delivery but in strengthening risk management and compliance frameworks (G. L. Boeddu et al., 2018). Anagnostopoulos (2018) further refined this understanding by linking RegTech to the structural transformation of financial regulation, noting that its opportunities and challenges reflected a deeper shift toward data-driven compliance ecosystems. These contributions ensured that RegTech gained recognition not merely as a technical offshoot of FinTech but as an independent trajectory of innovation in the regulatory sphere.
Institutional actors also played pivotal roles in shaping RegTech’s definition and scope. The Institute of International Finance defined RegTech as technologies that reduce risk, lower cost, and simplify regulatory processes, framing efficiency as the central driver of adoption (Finance, 2015). This framing resonated with industry concerns about spiralling compliance expenses, and subsequent analyses emphasized how RegTech could address this cost–compliance trade-off. Das et al. (2017) highlighted that RegTech’s promise lay not only in lowering costs but also in improving accuracy, timeliness, and transparency in compliance. W. Li (2024) further underlined the point by noting that RegTech represented a fundamental reallocation of institutional resources, reducing the inefficiencies inherent in legacy compliance processes. Y. Li et al. (2025) provide supporting empirical evidence that RegTech adoption enhances corporate investment efficiency by mitigating informational frictions and compliance costs in the banking sector, demonstrating the economic payoffs of digital regulation. Shi et al. (2025) complement this by showing that internal RegTech systems significantly reduce bank credit risk through enhanced regulatory intensity and improved prudential discipline. Similarly, C. Xia et al. (2025) find that RegTech applications within the Shenzhen Stock Exchange materially improved error detection in supervision, providing robust real-world validation of RegTech’s oversight benefits. These perspectives shifted the academic debate towards efficiency and cost reduction as central to RegTech’s conceptual legitimacy.
Among regulators, the United Kingdom’s FCA was especially influential in operationalizing RegTech discourse. In its 2016 “Call for Input,” the FCA defined RegTech as the application of innovative technologies to improve how firms manage regulatory obligations. Beyond mere definitional work, the FCA actively promoted RegTech adoption through regulatory sandboxes, pilot projects, and collaborative forums with industry participants (Butler & O’Brien, 2019). Tsai and Peng (2017) analyzed the role of these sandboxes, showing that they provided essential spaces where regulators and innovators could test new compliance tools in controlled environments, thereby fostering trust while balancing innovation with oversight. McCarthy (2023) expands this discussion by examining the regulatory principles underpinning RegTech and SupTech governance, arguing for coherence between legal frameworks and technological experimentation to avoid regulatory asymmetries. The FCA’s practical interventions marked a turning point by moving RegTech from theory into regulatory practice, transforming it from a conceptual discussion into a functional ecosystem.
Scholars also pushed the boundaries of how RegTech was understood. Cave (2017) argued that RegTech should not be confined to automating compliance tasks but should be viewed as a driver of broader regulatory innovation, capable of reshaping how regulation is designed, implemented, and enforced. This critical perspective broadened RegTech’s scope beyond technical efficiency and compliance automation, positioning it as a transformative force in regulatory governance. Campbell-Verduyn and Lenglet (2023) echoed this sentiment by cautioning against an overly narrow focus on technical fixes, arguing instead for recognition of RegTech’s potential to alter regulatory logics and institutional dynamics. Campbell-Verduyn and Lenglet (2023) contribute a critical perspective, suggesting that the success of RegTech depends not only on its technical functionality but also on the imaginaries and institutional expectations that surround it—highlighting the importance of managing “imaginary failure” in the governance of digital regulation. White (2023) similarly argue that RegTech’s societal implications must extend beyond efficiency toward questions of financial democracy, inclusion, and accountability. By expanding the field of vision, these scholars laid the groundwork for considering RegTech not just as a reactive compliance tool but as an active component in shaping future regulatory architectures.
This intellectual expansion paved the way for the conceptual emergence of SupTech, the supervisory counterpart to RegTech. The Financial Stability Board was among the first to articulate SupTech explicitly, defining it as the application of FinTech solutions by supervisory authorities to enhance oversight capacity (Press release, 2020). This reframing extended the logic of RegTech beyond regulated firms to the regulators themselves, recognizing that supervisory authorities faced many of the same challenges of data volume, complexity, and timeliness as the institutions they monitored. The World Bank built on this by developing one of the most comprehensive early frameworks of SupTech, highlighting its dual role in strengthening prudential supervision and promoting financial inclusion, particularly in emerging economies (G. L. Boeddu et al., 2018). Teichmann et al. (2023) expand this view by analyzing how RegTech and SupTech tools reshape regulatory institutions’ capabilities, emphasizing the need for ethical data governance and algorithmic transparency. By situating SupTech within development agendas, the World Bank demonstrated that its significance extended beyond advanced economies and encompassed broader global financial governance.
Broeders and Prenio (2018) provided further intellectual consolidation by systematically analyzing SupTech’s applications in prudential reporting and data analytics. They argued that SupTech tools enabled supervisors to shift from reactive, episodic reporting to proactive and predictive oversight by harnessing continuous data flows. This represented a paradigmatic change in supervisory practice, moving from retrospective inspections to near real-time monitoring of risks. Kolari et al. (2019) highlighted how these tools could support systemic risk modelling, allowing supervisors to conduct macroprudential analysis and anticipate contagion effects. Similarly, Antunes (2021) underscored SupTech’s capacity to empower regulators to simulate stress scenarios dynamically, improving the resilience of financial oversight frameworks. Papantoniou (2022) further explore how the adoption of RegTech and SupTech redistributes institutional power, shifting regulatory authority and creating new dependencies between regulators and technology providers—a theme increasingly central to understanding governance transformation. Together, these contributions established SupTech as not merely an extension of RegTech but as an innovation with its own distinct supervisory logic.
The literature consistently emphasizes that RegTech and SupTech have evolved along parallel but interdependent paths. Currie et al. (2018) demonstrated how RegTech applications in anti-money laundering monitoring directly informed the development of SupTech oversight systems, as regulators used the same datasets to validate institutional reporting. Reports by the Basel Committee on Banking Supervision similarly reinforced this complementarity, noting that data standards developed for RegTech adoption often facilitated SupTech applications (Jović & Nikolić, 2022). Yet, the co-evolution has not been without obstacles. Zetzsche et al. (2019) highlighted the barriers created by semantic interoperability issues, describing the resulting fragmentation as a “Tower of Babel” problem in regulatory reporting. Butler (2017) likewise warned that inconsistent global standards risked undermining the efficiencies promised by RegTech and SupTech, exacerbating complexity instead of reducing it.
Despite these challenges, the overall trajectory has been clear. RegTech has developed from a conceptual subset of FinTech into a recognized field of compliance innovation, supported by both academic inquiry and regulatory practice. SupTech has emerged alongside it as a supervisory counterpart, reflecting regulators’ need to modernize oversight in an era of data abundance and systemic risk. Together, these innovations underpin contemporary debates on regulatory digitalization, financial stability, and governance reform. Their intellectual evolution shows a progression from definitions centred on efficiency and cost reduction to broader debates about regulatory design, supervisory logics, and institutional transformation. In this sense, RegTech and SupTech should not be viewed merely as technological tools but as conceptual innovations that redefine the very relationship between regulation, supervision, and digital technology in the 21st century. Table 1 compares the conceptual, institutional, and technological distinctions between RegTech and SupTech, highlighting their complementary yet interdependent roles in regulatory governance.

1.2. Technological Foundations of RegTech and SupTech

At the core of RegTech and SupTech lies the integration of advanced digital technologies. AI and ML emerged as central enablers, providing tools for pattern recognition, anomaly detection, and predictive analytics. For instance, Chakraborty and Joseph demonstrated how AI techniques could be used to automate AML monitoring, reducing false positives while improving detection rates (Chakraborty & Joseph, 2017). Jagtiani et al. (2018) highlighted similar applications in credit risk assessment, noting the potential of ML to transform supervisory analytics.
Cloud computing and big data analytics represented another foundational layer. Studies such as those by Climent et al. (2019) showed how cloud-based infrastructures could support scalable compliance solutions by integrating and analyzing vast dataset’s across multiple jurisdictions. Von Solms (2021) likewise emphasized the role of big data in enabling real-time supervisory interventions. Distributed ledger technology (DLT) and blockchain were frequently cited as transformative tools. Takeda and Ito (2021) argued that blockchain could revolutionize KYC processes by creating immutable, shareable identity records accessible to both firms and regulators. Similarly, Kavassalis et al. (2018) highlighted blockchain’s potential to improve auditability and transparency in compliance reporting. Digital identity solutions linked to blockchain further strengthened these capabilities, as illustrated by Arner et al. (2016) in their study of e-KYC systems.
Another important development was the emergence of regulatory sandboxes, promoted by regulators such as the FCA and MAS. Tsai and Peng (2017) examined how sandboxes allowed firms to test compliance technologies in controlled environments, thereby fostering innovation while managing risk. The FCA itself documented the benefits of sandbox experimentation in aligning innovation with supervisory objectives (Loiacono & Rulli, 2022).

1.3. Institutional and Governance Perspectives

Beyond technology, scholars have explored how RegTech and SupTech reshape institutional dynamics, supervisory models, and governance structures. Broeders and Prenio (2018) argued that SupTech could shift supervisors from reactive approaches to proactive, data-driven oversight. The Basel Committee on Banking Supervision similarly documented the potential of SupTech to improve macroprudential analysis and systemic risk modelling (Fachsandy, 2025).
At the firm level, Currie et al. (2018) demonstrated how RegTech applications such as automated transaction monitoring and fraud detection improved compliance efficiency but also required significant organizational change. McNulty (2017) cautioned that such technologies did not reduce liability but rather redistributed it, creating new governance dilemmas. Bamberger (2009) went further, suggesting that automation could inadvertently erode accountability if human judgement was displaced by opaque algorithms. The role of trust and transparency has been a recurring theme. Zetzsche et al. (2019) argued that global adoption of RegTech was constrained by the absence of semantic interoperability—often described as the “Tower of Babel” problem in regulatory reporting. Butler (2017) highlighted the dangers of inconsistent standards, which could exacerbate fragmentation rather than alleviate it. Meanwhile, Packin (2018) raised ethical concerns about algorithmic bias, noting that the automation of compliance tasks could entrench discriminatory outcomes if not carefully governed.
The legal dimension has also been widely debated. Micheler and Whaley (2020) explored the implications of RegTech for corporate governance, arguing that machine-readable regulations could challenge traditional notions of fiduciary responsibility. Campbell-Verduyn and Lenglet (2023) offered a critical perspective, warning against “solutionism” in RegTech discourse, whereby technological fixes are treated as panaceas for complex social and regulatory problems.

1.4. Gaps and Contributions of the Current Study

Taken together, the literature paints a rich picture of the evolution, technological underpinnings, and institutional implications of RegTech and SupTech. Early works established their conceptual foundations, distinguishing them from FinTech and emphasizing their transformative potential (Arner et al., 2016). Subsequent studies demonstrated diverse technological enablers, from AI and big data to blockchain and sandboxes (Climent et al., 2019; Kavassalis et al., 2018; Takeda & Ito, 2021). Institutional research further highlighted how RegTech and SupTech could enhance efficiency, transparency, and supervisory capacity, while also creating new risks related to liability, accountability, and ethical governance (McNulty, 2017).
Yet, despite the breadth of this scholarship, significant gaps remain. Much of the literature focuses on what RegTech and SupTech can do, rather than on the practical challenges of implementing them within organizations. While technical feasibility and theoretical benefits are well-documented, less attention has been devoted to the organizational, cultural, and strategic barriers that firms and regulators encounter when attempting adoption. Studies often analyze technologies in isolation, without providing an integrated framework for mapping challenges to solutions across departments. This gap provides the foundation for the present study. By conducting an SLR, this research aims to consolidate fragmented insights, categorize implementation challenges, and map them to potential solutions. The goal is to develop a practical, evidence-based framework that organizations can use to navigate the complexities of RegTech and SupTech adoption. Such a framework will not only advance academic debates but also provide regulators, financial institutions, and technology providers with actionable guidance for ensuring that RegTech and SupTech fulfil their transformative promise.
The main contributions of this study are threefold. First, it advances academic discourse by systematically synthesizing fragmented literature into a structured taxonomy of implementation challenges and corresponding solutions, thereby addressing a major gap in prior research. Second, the study contributes practical value by proposing a dynamic, feedback-enabled framework that organizations can use to evaluate emerging challenges and update solution pathways, thereby making RegTech and SupTech adoption not only theoretically robust but operationally actionable.

2. Research Methodology

2.1. Systematic Literature Review (SLR)

An SLR is a methodical process for examining existing research that uses clear, repeatable steps to locate, assess, and synthesize primary studies on a specific topic. Unlike traditional narrative reviews, SLRs aim to provide a thorough, objective, and detailed summary of current knowledge within a set timeframe. This study follows the PRISMA guidelines to structure the review (Baghalzadeh Shishehgarkhaneh et al., 2022; Sarkis-Onofre et al., 2021). The procedure includes four key steps: defining research questions, performing a literature search, screening the results, and analyzing the collected data (Baghalzadeh Shishehgarkhaneh et al., 2025).

2.1.1. Research Questions

The effectiveness of SA is shaped by various factors such as the level at which analysis is conducted, the methodologies and techniques applied, the datasets utilized, the metrics used for evaluation, and the specific domains of application. Considering these dimensions, this study poses the following research questions:
  • What are the key publication trends, intellectual structures, and thematic clusters shaping the development of RegTech and SupTech research?
  • What are the primary opportunities presented by RegTech and SupTech in enhancing regulatory compliance and risk management within financial institutions?
  • What challenges do financial institutions face when implementing RegTech and SupTech solutions, particularly regarding technological maturity and cybersecurity?
  • How do RegTech and SupTech technologies transform the processes of data reporting and institutional supervision in the financial sector?

2.1.2. Search Strategy

The literature retrieval process followed the PRISMA guidelines, which emphasize a clear and systematic approach. This process was divided into three core phases: identification, screening, and inclusion. Each stage progressively refined the pool of studies—starting with a broad collection, applying inclusion and exclusion criteria, and concluding with a final selection for in-depth analysis (Shishehgarkhaneh et al., 2023). The overall procedure is summarized in Figure 1.
In the identification phase, a comprehensive search targeted peer-reviewed journal articles, conference proceedings, and book chapters with no limitations on publication date, ensuring the inclusion of both foundational and recent contributions. To ensure wide and credible coverage, the search included reputable scientific databases and academic search engines such as Scopus, Web of Science, and IEEE Xplore. Searches were confined to titles, abstracts, and keyword fields to enhance the accuracy and relevance of results. The final search was executed on 20 June 2025 using the following Boolean expression:
(“Regulatory Technology” OR RegTech OR “Supervisory Technology” OR SupTech OR “compliance technology” OR “regulatory innovation” OR “technology-enabled compliance”) AND (benefit* OR advantage* OR challenge* OR barrier* OR limitation* OR issue* OR opportunity* OR risk* OR implication*) AND (“financial institution*” OR “financial organization*” OR bank* OR insurance* OR “financial service*” OR fintech OR “financial sector” OR “regulatory body” OR “financial regulator”)

2.1.3. Inclusion and Exclusion Criteria

During the screening phase, we implemented a set of predefined inclusion and exclusion criteria to ensure that only studies aligned with the research objectives were selected. Studies meeting all inclusion criteria were retained for further analysis, while those meeting any exclusion criteria were excluded. This structured approach helped maintain both the quality and relevance of the selected literature. Table 2 outlines the specific criteria used in this review. An initial screening of titles and abstracts was conducted to identify potentially relevant studies. When titles and abstracts lacked sufficient detail, full texts were examined to assess eligibility. As a result of this systematic process, 59 articles were selected for comprehensive analysis in the inclusion phase.

2.2. Bibliometric Methodology

Bibliometric analysis is a quantitative method used to systematically explore large volumes of scientific literature, helping to reveal structural trends, collaboration patterns, and thematic developments within a research area (Bancong, 2024; Visser et al., 2021). In this study, bibliometric indicators were applied to evaluate various aspects such as publication trends, journal output, author impact, institutional and regional contributions, and citation performance. Data collected from Scopus were standardized and analyzed using Microsoft Excel for basic statistics and VOSviewer 1.6.20 for visualizing networks. This approach enabled the identification of annual publication patterns, key journals and influential publications, as well as leading authors and countries involved in Blockchain–BIM integration research. Special focus was placed on analyzing keyword trends over time to track evolving themes and emerging research priorities (Alka et al., 2023).
Beyond basic metrics, advanced science mapping techniques were used to visualize relationships and detect research communities. Co-authorship analysis highlighted collaboration networks among researchers, institutions, and countries, offering insights into global research dynamics. Unlike traditional methods that credit only the lead author, this study accounted for all listed co-authors to better capture international contributions (Baghalzadeh Shishehgarkhaneh et al., 2022). Additionally, a keyword co-occurrence analysis was conducted to explore conceptual linkages, where node size reflected keyword frequency and edge thickness indicated the strength of their connection.
To group related terms, the Louvain algorithm—a widely used method for detecting communities in large datasets—was applied (Ellegaard & Wallin, 2015). These clusters, colour-coded in VOSviewer 1.6.20 visualizations, revealed distinct thematic areas such as interoperability, trust mechanisms, smart contracts, and scalability issues. This comprehensive approach offered a dynamic overview of the research landscape, identifying both well-established topics and emerging trends, while also mapping the collaborative and thematic structure of Blockchain–BIM integration research (Donthu et al., 2021).

3. Results and Discussions

3.1. Publications Trend

As shown in Figure 2, the publication trend on RegTech and SupTech shows a clear shift from foundational conceptualization after 2017 toward diversified empirical and design-oriented studies in the early 2020s, with an acceleration into policy, tool-building, and impact-measurement work by 2024–2025. The earliest items in your corpus lay the groundwork: they define RegTech, connect it to post-GFC regulatory overload, and argue for digitizing reporting and compliance while foreshadowing proportionate, near-real-time supervision (Arner et al., 2018). Alongside these conceptual pieces, early practice-oriented essays and chapters sketch the scope of RegTech and SupTech, their implications for regulators and banks, and the idea that technology can catalyze culture change in compliance and supervision (Anagnostopoulos, 2018; Gasparri, 2019). Methodologically, this phase also includes proposals for new reporting architectures—such as dynamic transaction “digital doppelgangers” anchored in distributed ledgers—that anticipate granular, machine-readable reporting streams for supervisors (Kavassalis et al., 2018). By 2019–2020, review, mapping, and early analytics papers begin to consolidate the field, documenting the rise of AI and DLT in compliance, the dominance of “compliance management” in practice and “risk management” in research, and the importance of semantic standards to avoid a “Tower of Babel” in regulatory data (Becker et al., 2020; Butler & O’Brien, 2019). Parallel streams probe design challenges (e.g., GDPR “accountability” and interoperability gaps), automation prospects for supervision and compliance, and sectoral case studies of adoption, indicating that even beyond finance, RegTech logics have portability—but require careful governance and validation (Miglionico, 2020; Ryan et al., 2020). Overall, the 2017–2020 period builds the definitional, architectural, and promise-versus-risk baseline against which later empirical and institutional work would scale.
From 2021 into 2022, the volume and breadth of publications increase and the centre of gravity tilts toward institutional dynamics, supervisory architecture, and concrete tool proposals. Several works argue that the spread of FinTech and RegTech compels a rethink of supervisory institutions and public-law accountability, with SupTech framed as a paradigm shift toward more flexible, collaborative oversight (Chirulli, 2021). At the same time, empirical “flashback” analyses of crises show how technological imbalances between markets and supervisors create vulnerabilities, motivating new SupTech disclosure models for future events (Zeranski & Sancak, 2021). Cross-sector and public-value lenses expand the agenda beyond bank compliance toward societal benefits and collaborative governance, signalling a maturing conversation about outcomes rather than tools alone (Bolton & Mintrom, 2023). By 2022, the corpus contains broader frameworks and bibliometric syntheses, multi-country/regional policy analyses, and early operational SupTech proposals: these include the anatomy of digital regulatory capacity and inclusion, arguments for sandbox-style “smart regulation” to avoid regulating “in the dark” on sustainability, and concrete early-warning SupTech systems built on supervisory data (Guerra et al., 2022). Country-level and sectoral works deepen this turn: Canada’s “delegated regulation” proposal situates banks as quality gatekeepers for RegTech vendors; UAE determinants research highlights adoption drivers; and China-wide evidence links FinTech/RegTech to financial development and policy sequencing—together mapping the institutional contingencies that make adoption succeed or stall (Konina, 2021; Muganyi et al., 2022). Conceptually adjacent strands catalogue capabilities and pillars of RegTech/SupTech for IT audiences and extend the conversation to crisis resolution (“ResTech”), signalling a research frontier that sees regulation as a full lifecycle—from prevention to resolution—supported by digital infrastructures (Loiacono & Rulli, 2022). In short, the 2021–2022 tranche marks a pivot: more studies interrogate how supervisory architectures, governance constraints, and data standards shape real-world RegTech/SupTech trajectories.
The 2023 wave adds sector-specific SupTech prototypes, institutional-pressure case studies, and legal–economic analyses of the digital economy’s implications for supervision—evidence that the literature moves from “could” to “does” with domain-anchored tools and settings. SupTech tools for European insurance supervision using self-organizing maps show high predictive accuracy for early deterioration, pointing to practicable machine learning pipelines in prudential oversight (Jagrič et al., 2023). A Lebanese AML/CFT field study surfaces coercive, mimetic, and normative pressures as adoption drivers, while highlighting vendor selection and data quality as persistent barriers in low- and middle-income-country contexts (Bakhos Douaihy & Rowe, 2023). Legal analysis of digital economy transformations stresses that SupTech can enhance supervision without altering legal foundations, yet data-rights and discrimination concerns require careful boundary-setting—linking technical promise to fundamental rights (Laguna de Paz, 2023). Tool-building and architecture papers continue—e.g., generic RegTech solution designs promising dramatic process efficiency—alongside reviews that underscore AI’s role in risk signalling, cybercrime detection, and real-time monitoring, but warn of limitations and the need for targeted improvements (Sharma et al., 2023). At the same time, Delphi-based foresight on AML compliance anticipates AI as the most impactful technology, with time-to-integration flagged as the binding constraint, which aligns with the institutional frictions reported in country cases (Bakhos Douaihy & Rowe, 2023; Kurum, 2023). Conceptual chapters articulate that SupTech’s spread will test public-law accountability while offering collaboration gains, and policy essays argue for balancing innovation with safeguards to deliver inclusion and public value—evidence that the research agenda now embeds normative and societal questions (Bolton & Mintrom, 2023). Overall, by 2023, the literature documents working SupTech exemplars, varied institutional pathways, and persistent governance/compliance trade-offs in different legal-economic settings.
By 2024–2025, the corpus clearly tilts toward measurement, comparative policy, and synthesis—showing both volume growth and thematic consolidation. Hybrid and SLR studies integrate bibliometrics with content analysis across 2010–2023, mapping four dominant themes (applications; compliance/ fraud management; digital transformation and governance; and AI/ML/DLT integration) and setting explicit research agendas for regulators and institutions (El Khoury et al., 2025). Multi-country policy pieces and regional case studies probe sandbox governance, cross-border coordination, and regulatory competition, e.g., in the Greater Bay Area, reinforcing that institutional design choices shape innovation trajectories (Neuwirth & Tan, 2024). Practitioner-adjacent works report what adopters perceive: meaningful cost reductions, faster and more accurate compliance, and improved internal controls—counter-balanced by integration frictions and skills gaps (Firiza et al., 2024). Country-specific overviews in low- and middle-income contexts (e.g., Bangladesh) document nascent “RegTech 2.0” adoption around core compliance amid rapid FinTech growth, underscoring heterogeneity in readiness and the role of AML/CFT imperatives (Uddin et al., 2025). SupTech case studies deepen with the FCA’s BLENDER tool and institutional drivers like “regulatory competition,” while AI adoption by government is shown to increase regulatory intensity with regional heterogeneity, linking state capacity, transparency, and digital environments to supervisory outcomes (Pan et al., 2024). Most notably, 2024–2025 introduces bank-level empirical designs: internal RegTech indices mined from annual reports are associated with lower liquidity and credit risk, and bank RegTech is linked to improved corporate investment efficiency and downstream performance and innovation—signalling a maturing evidence base that traces real economy effects via financial intermediation (Y. Li et al., 2025; Y. Xia et al., 2024). Bibliometric analyses explicitly confirm the sharp recent increase in RegTech/SupTech publications and identify persistent keyword clusters around regulation, supervision, compliance, finance, and technology, with prominent scholar networks emerging—an independent triangulation of the visible surge in your dataset (Fachsandy, 2025). Together, these results depict a field that has moved from definition and architecture (2017–2020) to institutional pathways and prototypes (2021–2023), and now to causal inference, regional policy comparison, and synthesis (2024–2025)—with opportunities in efficiency and risk reduction balanced by integration, governance, and standardization challenges that remain front-of-mind for both regulators and firms.
Figure 3 and Figure 4 show the percentages of methodologies and their categorical distribution across the 59 reviewed studies. The methodological distribution of studies reveals a strong reliance on literature-based approaches, which together account for more than two-fifths of the corpus (40.7%). Within this group, narrative and conceptual reviews dominate (23.7%), showing that much of the scholarship on RegTech and SupTech remains exploratory and theory-building rather than empirically tested. Systematic Literature Reviews (10.2%) and bibliometric analyses (6.8%) are also present, but to a lesser extent, reflecting an effort to consolidate fragmented findings and map the intellectual structure of the field. This suggests that the domain is still in a formative stage, where scholars prioritize conceptual clarification, framework development, and agenda-setting over extensive empirical validation.
By contrast, quantitative empirical research represents 28.8% of studies, with econometric panel analyses being the most prominent (16.9%). These studies rely on large datasets—often from banks, firms, or supervisory databases—and deploy sophisticated statistical techniques such as fixed-effects models, difference-in-differences, and instrumental variables. Machine learning-driven SupTech applications (8.5%) mark an emerging but rapidly expanding frontier, while survey-based SEM (3.4%) remains relatively rare. Qualitative empirical designs are less common overall (15.3%), though interviews and case studies provide important contextual insights into adoption processes. Design and engineering contributions (5.1%) and legal/policy analyses (10.2%) occupy niche but complementary roles, offering prototypes, frameworks, and normative analyses.

3.2. Bibliometric Analysis

3.2.1. Contributions of Authors

The bibliometric analysis of author contributions provides insights into the productivity, citation impact, and collaborative positioning of scholars active in RegTech and SupTech research. Table 3 summarizes the leading authors according to three indicators: the number of publications, total citations, and total link strength, which together capture research output, academic visibility, and integration within collaborative knowledge networks.
As shown in Table 3, Singh, C. and Arman, A.A. emerge as the most prolific contributors, each with three publications. While Singh has accumulated 56 citations, reflecting moderate recognition of his work, Arman’s output has so far achieved 12 citations, suggesting emerging rather than established impact. Their total link strengths of 4 and 3, respectively, however, indicate active integration into collaborative clusters of RegTech scholarship. By contrast, Arner, D.W., Barberis, J., and Buckley, R.P. stand out for their scholarly influence. Despite each having only two publications, they have each attracted an impressive 341 citations, demonstrating that their works are widely referenced as foundational contributions. Their equal total link strength of 4 further confirms that these authors not only shape the intellectual discourse but also maintain visible positions within collaborative research networks.
Other contributors, such as Grassl, I. and Lanfranchi, D., each with two publications and 31 citations, occupy a middle ground: they show consistent productivity and measurable impact, though not at the scale of the field’s most cited figures. Similarly, Lin, W. (two publications, 42 citations) represents a scholar whose steady output is gaining traction and whose collaboration link strength matches that of more established peers. At the same time, several emerging contributors, such as Firmansyah, B. (one publication, seven citations), Erker, N. (one publication, one citation), Horvat, R. (one publication, one citation), and Jagrić, T. (one publication, one citation), highlight the breadth of author engagement. Despite lower citation counts, their relatively strong link strengths of 6 suggest active collaboration within the network and potential for future influence as their work gains visibility. Moreover, incorporating the h-index values further clarifies that while Singh and Arman are the most productive authors, figures such as Arner, Buckley, and Barberis possess substantially higher h-index scores, marking them as the most influential and conceptually central contributors to the RegTech and SupTech research domain.

3.2.2. Contributions of Country

The country-level bibliometric profile of RegTech–SupTech research shows a concentrated but diverse landscape (Table 4, which presents the top ten most productive countries by publication output). The United Kingdom leads on sheer output with 11 publications and the highest collaboration reach (total link strength 53), paired with 531 citations, signalling both productivity and strong network centrality within international teams. A second cluster of countries encompasses Australia, China, and Indonesia, with each contributing six publications, but with markedly different impact profiles: Australia couples its output with 369 citations (high per-paper influence) and moderate collaboration (17 link strength); China records 159 citations with similar network integration (17), pointing to steady, broad-based activity; Indonesia shows early-stage growth (18 citations) but a comparatively robust collaboration footprint (25), suggesting that network building is outpacing citation accrual and may translate into greater impact over time. Italy (5 publications, 47 citations, link strength 24) rounds out the high-output group with a balanced mix of domestic productivity and cross-border collaboration.
A second tier is distinguished by fewer papers but notable influence and/or connectivity. India (4 publications) and Germany (3) post high total link strengths (35 each), indicating outsized collaborative reach relative to output; Germany complements this with 72 citations, while India’s 8 citations suggest a pipeline still gaining recognition. Among lower-output countries, Hong Kong stands out with 2 publications garnering 341 citations, an exceptional citation-to-paper ratio that reflects the field-defining status of a small number of highly cited works, though with modest network linkage (6)—influence is broad, collaboration ties comparatively concentrated. Luxembourg (2 publications, 82 citations, link strength 9) and the United States (2 publications, 56 citations, link strength 13) exhibit strong per-paper impact with moderate integration into co-authorship networks. Overall, the pattern from 2017 to 2025 is uneven but maturing, where the UK anchors global collaboration; Australia and China combine output with solid impact; Hong Kong and Luxembourg demonstrate how select, high-quality contributions can drive field visibility with few papers; and countries such as Indonesia, India, and Germany are building network centrality that is likely to convert into higher citation influence as the literature expands.
Figure 5 presents a network visualization of co-authorship relationships among countries contributing current research. The United Kingdom appears as the central node in the network. Its large size reflects the highest number of publications, while the thick connections indicate strong and extensive co-authorship ties. The UK links to both Asian countries such as China, India, Indonesia, Hong Kong, Taiwan, the United Arab Emirates, and Japan, as well as European countries including Italy, France, Belgium, and Luxembourg, with additional links to Bangladesh and Macau. This central position shows the UK acting as the main broker in the network, connecting regional clusters and facilitating knowledge exchange. In practice, this means that many cross-jurisdictional RegTech and SupTech studies are coordinated by UK-based teams, with international partners contributing context, data, and case studies.
Other countries also play important roles in supporting the structure of the network. Australia is a major contributor, with strong connections to the UK, Italy, China, and Luxembourg, and a smaller link to Ireland. These links suggest repeated institutional collaborations rather than isolated partnerships. Australia’s position, although less central than the UK, demonstrates a bridging function between the Asia–Pacific and European research communities. This reflects Australia’s active participation in collaborative projects that translate technological insights from Asian markets into comparative regulatory frameworks. China is another key player, located at the centre of a red cluster with the United States, Saudi Arabia, and Taiwan. Its multiple ties with the UK, Italy, and, to some extent, the US and Indonesia, highlight its dual role as both regionally grounded and globally integrated. China’s expanding role signifies its growing scholarly and policy-oriented engagement in RegTech and SupTech, where domestic innovation intersects with international governance research. This centrality underscores China’s contribution to the diversification of knowledge sources in the field. Italy also holds a strategic position near the core of the network, connecting to the UK, China, India, Indonesia, the US, and Luxembourg. This places Italy as a hub within Europe as well as a bridge to Asia, reducing distances between clusters and improving connectivity.
The Asian region shows clear growth in collaboration. India, represented in the green cluster, has fewer publications than the UK or Australia but shows strong collaboration intensity, linking widely with the UK, China, Italy, Hong Kong, Luxembourg, Jordan, and the UAE. Indonesia, in the yellow cluster, presents a similar pattern, with connections to the UK, Italy, India, China, the UAE, and Japan. This indicates a deliberate effort to build multi-regional partnerships, a common feature of emerging research hubs that rely on collaboration to expand influence. Hong Kong, although smaller in output, is also well connected with the UK, China, and India, reflecting selective but impactful collaborations that have produced widely cited research.
At the periphery of the network are countries with fewer connections. France links mainly to the UK, while Belgium, Bangladesh, and Macau also rely on UK ties. Ireland connects primarily with Australia, while Jordan and the UAE link into India and Indonesia’s collaborations. Japan has weaker connections, mainly with Indonesia and the UK, reflecting occasional rather than consistent engagement. These patterns are typical of emerging fields, where smaller contributors first join through established hubs before gradually expanding collaborations or strengthening ties as domestic capacity grows. Hence, the United Kingdom and Australia occupy the most central linking positions, functioning as cross-regional intermediaries, while China and Italy demonstrate emerging connectivity across Asian and European clusters. These structural patterns align closely with the function that high Betweenness Centrality would capture in formal network analysis.
Figure 6 shows the keyword co-occurrence network generated from publications on RegTech and SupTech between 2017 and 2025. In this visualization, node size represents the frequency of keyword appearance, while the thickness of connecting lines reflects the strength of co-occurrence between terms. A total of 21 clusters were identified, revealing both the conceptual structure and the thematic diversity of the field. The distribution of nodes highlights a dense conceptual core anchored around “regtech,” with satellite communities reflecting methodological innovations, supervisory perspectives, and application domains. A detailed analysis of the most significant clusters underscores how the literature has evolved from foundational conceptualization to technological development and institutional embedding. Overall, the network structure suggests four dominant thematic dimensions—regulatory innovation, supervisory technology, computational methods, and governance frameworks—that are closely interlinked, illustrating how the field integrates technical, institutional, and policy perspectives into a cohesive research agenda.
At the centre of the network, the largest and most interconnected cluster revolves around “regtech,” tightly linked with “fintech,” “risk management,” “regulation,” “compliance,” and “data.” This cluster represents the intellectual and operational nucleus of the field. Its configuration demonstrates that most research is situated at the intersection of compliance automation, reporting efficiency, and regulatory risk management. The dense interlinkages with “financial institutions” and “banking sector” illustrate that the empirical evidence base is still predominantly concentrated in banking, though it is gradually broadening to insurance and capital markets. Importantly, the links to “accountability” and “compliance management” suggest that the discourse has moved beyond narratives of cost reduction and efficiency toward a richer consideration of governance, institutional responsibility, and trust-building. This reflects a growing consensus that RegTech is not merely a technical fix but a transformation in how regulatory obligations is operationalized within organizations.
A second critical cluster centres on “suptech” and “supervisory technology,” surrounded by terms such as “financial system,” “financial crises,” “smart regulatory compliance,” “european insurance market,” and “digital euro.” This indicates that supervisory authorities are increasingly adopting technology not only to streamline reporting but also to anticipate systemic risks and maintain market integrity. The close co-occurrence with “algorithmic process” and “cbds” shows that SupTech discourse is being pulled into debates about digital currencies, programmable finance, and the infrastructure of next-generation monetary systems. The strong linkages between the suptech cluster and the regtech core highlight the interdependence of firm-level compliance solutions and authority-level supervisory tools. While firms generate standardized, machine-readable compliance data through RegTech, supervisors are using SupTech to consume, validate, and analyze these flows for prudential oversight and macro-stability monitoring. This reciprocal relationship suggests that the boundary between firm compliance and supervisory oversight is becoming increasingly blurred, with shared data architectures serving as the bridge.
Another set of clusters highlights the technological foundations of RegTech and SupTech. Keywords such as “artificial intelligence,” “machine learning,” and “internet of things” form a methods-oriented cluster, which is strongly connected to application terms such as “anti-money laundering,” “counter-terror finance,” and “banking supervision.” This reflects the rapid uptake of predictive analytics, anomaly detection, and network modelling techniques in financial regulation. The presence of “english law” and “legal frameworks” within this network indicates that technological innovation is being scrutinized alongside questions of legitimacy, accountability, and proportionality. On the right side of the map, a smaller but tightly linked cluster around “algorithmic decision-making,” “automation,” and “algorithmic standards” points to an emerging governance agenda. While still peripheral, this community signals the recognition that automated decision systems in compliance and supervision must be auditable, explainable, and subject to regulatory validation. Taken together, these clusters underscore the dual movement of the field: expanding the technological toolkit while simultaneously grappling with the normative and legal challenges that such tools entail.
Finally, a set of practice- and review-oriented clusters illustrates how the field is consolidating knowledge and codifying best practices. Terms such as “regulatory technology,” “compliance technology,” and “generic solution architecture” point to studies that focus on system design, interoperability, and enterprise integration. These works often propose frameworks or proof-of-concept prototypes that align regulatory requirements with emerging IT infrastructures such as distributed ledgers or cloud-based supervisory platforms. Closely linked are nodes such as “bibliometrics,” “systematic literature review,” and “business model canvas,” which reflect a growing meta-literature. This branch of scholarship synthesizes findings, maps intellectual trajectories, and develops typologies or business models for RegTech and SupTech providers. Moreover, peripheral but significant terms like “eu green deal,” “financial development,” and “developing countries” indicate that the research agenda is broadening to address adoption challenges, sustainability concerns, and the unique institutional contexts of emerging markets. This suggests that future research will not only focus on technical feasibility but also evaluate societal implications, policy coherence, and capacity-building needs across diverse jurisdictions.

3.3. Synthesis of Findings

3.3.1. Evolution of RegTech and SupTech Definitions in Organizations (2017–2025)

Table 5 shows the definitional evolution of RegTech and SupTech between 2017 and 2025. The trajectory of RegTech begins in 2017 with its recognition as IT for monitoring, reporting and compliance, automating processes to reduce costs and enable real-time supervision (Arner et al., 2016). At the same time, scholars framed it as more than a subset of FinTech, presenting it as the next stage of regulation capable of sustaining continuous, data-driven oversight (Arner et al., 2018). These early conceptualizations highlight both efficiency and transformation, showing that RegTech was initially understood not only as a technical instrument but also as a paradigm shift in the regulatory landscape. By 2018 and 2019 the definitions expanded, first by characterizing RegTech as a subset of FinTech that applied new technologies to compliance and supervision (Anagnostopoulos, 2018), or as a market segment producing tools such as real-time fraud detection relevant to regulators themselves (Michaels & Homer, 2018), and then by embedding it within the core operations of financial institutions, integrating compliance with analytics and reporting (Jung, 2021). This transition reflects how the literature shifted from narrow compliance support toward systemic integration, driven by the increasing complexity of financial markets and the demand for more responsive compliance infrastructures. The early 2020s reinforced this trend as definitions stressed digitization for efficiency (Miglionico, 2020), a broadened scope that included regulators and firms beyond finance (Clarke, 2020) and the use of AI, big data, blockchain and cloud to achieve adaptive, real-time supervision (Du & Wei, 2020). A major definitional milestone occurred in 2021, when RegTech was formally differentiated into compliance, supervisory and regulatory variants, reflecting growing recognition of its diverse applications across actors and contexts (Colaert, 2021). Later definitions in 2022 and 2023 positioned RegTech as a driver of stability and accountability, fusing law with digital innovation (Saifullah et al., 2023), and evolving into RegTech 3.0, where data-driven strategies such as “know your data” became central (Kurum, 2023). By 2024 and 2025, RegTech was consistently characterized as AI- and ML-driven, fusing multiple digital technologies to automate reporting and reduce risks (Singh, 2024). Ultimately it was reframed both narrowly, as compliance technology within banks, and broadly, as an umbrella concept expanding to regulators and governments to advance public value (Bansal & Taneja, 2025; Shi et al., 2025). The definitional arc thus illustrates how RegTech evolved from a compliance efficiency tool into a systemic governance mechanism, shaped by technological innovation, regulatory needs and broader public-policy goals.
SupTech, in contrast, emerges later in the literature but develops rapidly once defined. In 2019, it appears as supervisory agencies’ use of technology to digitize reporting and regulatory processes, enabling more efficient and proactive monitoring (Jung, 2021). Unlike RegTech, which began as firm-focused, SupTech was, from the outset, linked to supervisory authority functions, reflecting regulators’ own struggle to cope with expanding data and increasingly complex markets. In 2020 the focus shifted toward supervisors’ infrastructures, analytics and automation that enabled standardized data submissions and continuous oversight (Miglionico, 2020). By 2021 SupTech definitions broadened to cover licencing, reporting, enforcement and even experimental tools such as blockchain (Chirulli, 2021). Literature in this period also emphasized its role in closing the gap between rapidly digitalized markets and supervisors through real-time monitoring and big-data analytics (Zeranski & Sancak, 2021), as well as predictive and partially automated supervision using AI and ML (Chirulli, 2021). The surge of definitions in 2022 coincides with the post-COVID regulatory landscape, where digital transformation accelerated supervisory reliance on technology. SupTech was described as supervisors’ direct use of technology to ensure compliance (Kristanto & Arman, 2022), as digital tools for data gathering and fraud detection (Khalatur et al., 2022), as advanced analytics for real-time supervision and regulatory drafting (Loiacono & Rulli, 2022), as regulators’ adoption of RegTech solutions for tasks such as authorization and enforcement (Grassi & Lanfranchi, 2022), and as predictive systems delivering early warnings (Guerra et al., 2022). These conceptualizations highlight how SupTech evolved in response to supervisory challenges of scale, speed and complexity. By 2023, definitions stressed its capacity to enhance supervisory efficiency and agility (Avramović, 2023), to digitize supervision for real-time oversight (Saifullah et al., 2023), and to verify firms’ RegTech outputs through analytics (J. Li et al., 2023). In 2024, it was framed as technology enabling data-driven oversight and proactive risk identification (Firiza et al., 2024). By 2025, it had become a fully developed supervisory toolkit, including API-based reporting, chatbots and AML analytics (Fachsandy, 2025). The definitional trajectory of SupTech therefore shows an evolution from basic digitization toward advanced, predictive and interventionist supervisory capabilities, with the regulator positioned at the centre of technological adaptation.

3.3.2. Systematic Opportunities of RegTech and SupTech in Financial Institutions

Table 6 and Figure 7 show that RegTech and SupTech opportunities are distributed unevenly across organizational departments, with Technology and Data, Legal and Governance, Compliance, and Risk gaining the most opportunities, while Finance, Customer and Strategy, and Human Resources are less represented. The table provides a detailed mapping of individual opportunities to functions, while the radar chart visually confirms that certain departments dominate in both volume and variety of opportunities. Together, these two perspectives show not only where organizational attention is most needed but also where gaps may exist that require strategic reinforcement (Miglionico, 2020). This uneven distribution highlights the necessity of strategic foresight in aligning digital investments with core risk and compliance mandates, particularly in functions that may appear peripheral but play enabling roles in the wider RegTech ecosystem (Olaiya et al., 2024).
The first and most striking finding is the dominance of Technology and Data. Figure 7 shows that this department has the largest cluster of opportunities, extending furthest on the radar compared to all others. Data confirms that activities such as machine-readable rulebooks, schema registries, and automated regulatory submissions are located primarily within Technology and Data (Colaert, 2021). This reflects the dependence of RegTech and SupTech on digital infrastructures, data pipelines, and system interoperability. For example, opportunities like golden sources of data and standard taxonomies create consistency in reporting that can be reused across multiple compliance tasks (El Khoury et al., 2025; J. Li et al., 2023). Without these building blocks, other improvements such as anomaly detection or transparency reports cannot function effectively (Du & Wei, 2020). The implication is that institutions must prioritize investment in data governance frameworks, common reporting utilities, and robust system architecture. Organizations that neglect Technology and Data will find themselves unable to implement higher-level opportunities in risk, compliance, or customer protection. As financial systems become increasingly digitized, the foundational role of data infrastructure grows more critical—serving not only as an enabler of automation but also as a risk mitigator and compliance accelerator (Ghosh, 2021).
Closely linked to Technology is Legal and Governance, which also appears as one of the most opportunity-rich departments. Legal and Governance opportunities focus on codifying rules, designing control libraries, and enabling board-level oversight (Ryan et al., 2020). For instance, machine-readable rulebooks require legal interpretation of regulatory texts before they can be translated into executable algorithms (Miglionico, 2020). Similarly, control libraries with clear RACI ownership link governance structures to accountability, ensuring that specific individuals or committees are responsible for compliance outcomes (Konina, 2021; Zabat et al., 2024). Legal and Governance nearly matches Technology in scope, which reflects the interdependence of technical feasibility and legal validity. In practice, this means institutions must align Chief Legal Officers and Chief Technology Officers around shared projects. Investment in one without the other would result in systems that either lack compliance credibility or fail to deliver technical scalability. This legal–technical alignment is also essential for scaling RegTech solutions across jurisdictions, particularly as regulatory fragmentation grows with cross-border financial operations (Yang & Tsang, 2018).
Compliance and Regulatory Affairs also emerge strongly in both sources, though with a slightly narrower focus compared to Technology and Legal. Its primary opportunities are in automation of evidence collection, consolidation of controls, and continuous testing, all of which reduce operational costs and enhance reporting efficiency (Khalatur et al., 2022; Kristanto & Arman, 2022). Research shows that automating compliance activities reduces penalties by ensuring proactive control design rather than reactive correction (Colaert, 2021). Consolidating duplicate processes lowers redundancies and allows compliance officers to focus on higher-risk issues (Zabat et al., 2024). Continuous testing, which is clearly assigned to Compliance, ensures that obligations are met in real time rather than through retrospective audits (Chirulli, 2021; Jung, 2021). This illustrates a shift in compliance from static documentation to dynamic verification, aligning with the broader movement towards regulatory technology integration. Compliance departments are therefore at the centre of this transformation, but their success depends heavily on collaboration with Technology and Legal to ensure that automated systems are aligned with regulatory expectations.
Risk and Audit is another department that scores highly, positioned near the outer range of Figure 7. Its opportunities are concentrated in anomaly detection, risk tiering, conduct surveillance, and fraud/AML monitoring. For example, machine learning applied to anomaly detection reduces false positives, improving both efficiency and accuracy of monitoring systems (Kurum, 2023). Risk-tiering enables supervisors to focus resources on the highest-risk entities, a principle that aligns with proportionate regulation (Arner et al., 2018). Conduct and market abuse surveillance further extends the scope of risk monitoring into behavioural areas, ensuring that misconduct is identified early (Anagnostopoulos, 2018; Avramović, 2023). Continuous controls testing also supports the Risk function by embedding compliance within day-to-day processes (Colaert, 2021). In practical terms, Risk and Audit departments are evolving from reactive assessment to proactive supervision, with RegTech tools enabling them to detect problems earlier and allocate resources more effectively.
Finance, by contrast, is less represented but still critical. Finance sits closer to the centre of the radar, showing fewer opportunities overall (Shi et al., 2025). However, the opportunities assigned to Finance are strategic in nature, including capital modelling, liquidity early-warning indicators, benchmarking of compliance costs, and stress testing (Guerra et al., 2022). Stress testing and scenario analysis provide predictive insights into financial resilience, while benchmarking costs ensures transparency in how resources are allocated across compliance functions (Jung, 2021; Khalatur et al., 2022; Zabat et al., 2024). Liquidity early-warning indicators directly support treasury operations by identifying vulnerabilities before they escalate into crises (Y. Li et al., 2025). Thus, although Finance has fewer opportunities, they are high-value and central to organizational survival. Institutions should not interpret Finance’s smaller footprint as reduced importance; instead, they should view it as evidence of concentration in areas that are mission-critical to resilience and stability (B. Armstrong et al., 2024). This aligns with broader literature showing that RegTech applications in finance are essential for stabilizing core functions, especially in crisis scenarios, where capital adequacy and liquidity visibility are paramount (Campbell-Verduyn & Lenglet, 2023; Gasparri, 2019). Further, financial supervisory technologies are increasingly used for macroprudential surveillance, reinforcing the strategic nature of Finance even within a limited operational scope (El Khoury et al., 2025).
Customer and Strategy appear further inside the radar, reflecting moderate but meaningful opportunities (Michaels & Homer, 2018). These opportunities include fairness and bias testing in decision-making models, dispute resolution automation, and public transparency reports. Research shows that fairness testing not only ensures regulatory compliance with anti-discrimination requirements but also strengthens consumer trust in automated decision-making systems (Singh, 2024). Dispute resolution automation improves customer satisfaction by accelerating response times and reducing bottlenecks (Clarke, 2020). Transparency reports also reinforce legitimacy by making compliance performance visible to the public (Michaels & Homer, 2018; Zeranski & Sancak, 2021). While fewer in number, these opportunities are strategically important because they link regulatory technology with customer outcomes. Institutions that embed fairness and transparency into their operations are better positioned to maintain legitimacy and trust, which are critical for long-term market confidence (Işgın & Sopher, 2015).
Human Resources is the least represented, with only a handful of opportunities. However, its contribution is nonetheless important because it connects technological innovation with people and organizational culture. Opportunities such as human-in-the-loop retraining, fairness awareness, and staff education ensure that compliance systems remain accountable and adaptive (Bakhos Douaihy & Rowe, 2023). Research shows that staff training is essential in reducing human error and maintaining oversight over machine-assisted decision-making (Kurum, 2023). Although HR’s footprint in the radar is small, its strategic value lies in embedding cultural and ethical practices within the organization. This ensures that RegTech and SupTech are not only technically sound but also socially responsible.

3.3.3. Implementation Challenges in RegTech and SupTech Adoption

Table 7 and Figure 8 show that financial institutions face a wide spectrum of challenges when implementing RegTech and SupTech, with technological and cybersecurity issues standing out as the most pressing. These challenges are deeply embedded in the digital transformation of financial services, where the increasing reliance on interconnected systems introduces significant operational risk (Gasparri, 2019). Cybersecurity remains a primary concern, as data breaches, hacking incidents, and vulnerabilities in outsourced or cloud-based infrastructures continue to threaten the integrity of sensitive regulatory information (Adeosun et al., 2025). As noted by Michailidou (2020), even minor breaches can cascade across systems due to interdependencies, especially when RegTech tools are embedded within core regulatory frameworks. These risks are particularly critical because regulatory compliance depends on the confidentiality and accuracy of data, meaning that even small breaches can undermine trust in supervisory systems. The challenge becomes more acute in cross-border operations, where the absence of harmonized international standards increases exposure to external threats and creates gaps in security (Du & Wei, 2020). Privacy concerns further complicate this picture, as compliance with frameworks such as GDPR and CCPA requires firms to adopt stringent data handling practices while still ensuring operational efficiency (Colaert, 2021). The results indicate that the burden of managing these technological and privacy risks falls most heavily on Technology and Data departments, highlighting that the immaturity of digital infrastructure continues to limit large-scale adoption. As emphasized by Kristanto and Arman (2022), building secure, interoperable digital ecosystems is now foundational for any institution seeking to deploy advanced regulatory solutions. Unless institutions prioritize investments in secure, interoperable systems, cybersecurity and privacy risks will remain significant barriers to innovation.
Algorithmic complexity and opacity present another major limitation, raising fundamental questions of trust, fairness, and accountability. Financial authorities increasingly rely on machine learning to automate oversight, but the ‘black box’ nature of these models poses risks to legal transparency and democratic legitimacy (Chirulli, 2021). Bias introduced through incomplete or poor-quality training data can generate inconsistent or unfair outcomes, particularly in areas such as fraud detection or customer risk scoring (Sharma et al., 2023). These risks are difficult to detect and mitigate because supervisors often lack access to the underlying algorithms due to trade-secret protections, limiting their ability to validate or challenge the outputs (Vats et al., 2025). Such opacity reduces accountability and makes it harder for regulators and institutions to guarantee that decisions are transparent and explainable (Chirulli, 2021). Grassi and Lanfranchi (2022) argue that the tension between proprietary algorithmic models and public accountability is emerging as a central governance issue in digital compliance. The situation is made more difficult by the high computational demands of advanced models such as deep learning, which increase operational costs and restrict scalability (Guerra et al., 2022; J. Li et al., 2023). The findings show that these burdens fall especially on Risk and Audit and Technology units, as they must both deploy advanced models and ensure their compliance with regulatory expectations. Balancing innovation with oversight thus becomes a central paradox—one that institutions must resolve not just technically, but also ethically and procedurally (Olaiya et al., 2024).
Organizational barriers also restrict adoption, with cultural resistance and workforce gaps emerging as particularly influential. Many traditional institutions remain cautious about transformation, prioritizing established processes and stability over technological innovation (Prakash & Santhi, 2025). This cultural resistance is most visible in Compliance and Governance functions, where conservative approaches and fear of regulatory failure discourage experimentation (Michaels & Homer, 2018). Workforce gaps compound these difficulties. The shortage of qualified IT and data science professionals limits the capacity of firms to design, deploy, and maintain RegTech systems (Bakhos Douaihy & Rowe, 2023). At the same time, regulators and compliance officers require substantial retraining to use digital tools effectively, yet many institutions lack structured programmes for this upskilling (Loiacono & Rulli, 2022). According to Jung (2021), failure to invest in workforce capabilities has become one of the most persistent blockers of RegTech impact. The evidence highlights Human Resources as a central area of concern, showing that adoption depends not only on technological investment but also on organizational readiness. Without strong leadership, cultural adaptation, and a commitment to workforce development, digital transformation will struggle to achieve its intended impact.
Financial and vendor-related barriers reinforce these organizational constraints, particularly for smaller institutions. Developing and maintaining RegTech tools requires substantial upfront and ongoing investment, creating unequal conditions where larger firms can innovate quicker while smaller players fall behind (Singh et al., 2022; Wang & Chen, 2024). This imbalance risks widening the competitive gap between institutions of different sizes, reducing inclusivity in the financial system. Vendor dependency introduces further risks. Institutions that rely heavily on third-party providers face the danger of lock-in, limiting their flexibility and creating systemic vulnerabilities when many firms depend on the same small pool of providers (Salampasis & Samakovitis, 2024). Procurement processes add another complication, with lengthy internal approval cycles and fragmented vendor markets slowing adoption (Jung, 2021; Uddin et al., 2025). These cost and dependency challenges affect multiple departments, particularly Finance, Technology, and Human Resources, underscoring their cross-functional nature. Addressing them will require both industry-wide strategies to reduce dependency and institution-level efforts to make procurement and vendor management more efficient.
Regulatory and legal fragmentation creates further obstacles, limiting cooperation and increasing accountability risks. In an era of cross-border finance, regulatory divergence acts as a structural brake on the scalability of RegTech and SupTech innovations (Chirulli, 2021). Financial institutions often face overlapping or contradictory requirements across jurisdictions, which undermines efficiency and increases the complexity of compliance (Arner et al., 2016; Saifullah et al., 2023). Supervisory fragmentation, where multiple agencies operate with limited coordination, weakens oversight and makes it harder to realize the full potential of SupTech solutions (Arner et al., 2018). According to El Khoury et al. (2025), this fragmentation not only burdens regulated firms but also stifles innovation within supervisory agencies themselves, which struggle to harmonize machine-executable regulations across borders. Legal risks also arise when regulations are transformed into machine-executable code, raising concerns about fairness, due process, and democratic legitimacy (Colaert, 2021; Micheler & Whaley, 2020). The absence of clear rules on liability adds to the uncertainty, as it is not always clear whether responsibility for errors lies with the institution, the vendor, or the regulator (Battanta et al., 2020; Loiacono & Rulli, 2022). These challenges are particularly pronounced in Compliance and Legal functions, which carry much of the responsibility for resolving them. The growing use of AI-based compliance mechanisms has outpaced existing legal frameworks, demanding urgent regulatory coordination and jurisprudential clarity (Grassi & Lanfranchi, 2022). Without stronger coordination frameworks and clearer accountability structures, regulatory fragmentation will continue to undermine both efficiency and trust in digital regulatory systems.
Strategic and market-related issues illustrate the systemic risks associated with RegTech and SupTech. Systematic errors embedded in widely adopted models may scale across institutions, creating risks that extend beyond individual firms to the entire financial system (Al-Harbi, 2025). Excessive standardization can also stifle innovation, as rigid frameworks discourage the development of tailored solutions that reflect local contexts or specific organizational needs (Micheler & Whaley, 2020). Geopolitical factors further complicate adoption, as institutions operating across multiple jurisdictions face the additional burden of navigating political instability and sanctions that directly affect technology procurement and compliance practices (Saifullah et al., 2023). These tensions are reflected in the challenges faced by Customer and Strategy functions, where the balance between innovation and governance structures must be carefully managed. Without clear alignment between technological adoption and broader market strategies, there is a risk that RegTech and SupTech could amplify vulnerabilities rather than mitigate them.
Finally, data and infrastructure limitations form a persistent bottleneck that cuts across all other categories of challenge. Many institutions still rely on poor-quality, incomplete, or biased datasets, which undermines the reliability of compliance tools and weakens the effectiveness of fraud detection and risk management (Chishti, 2019; Singh, 2024). Outdated or manual reporting systems remain common, further reducing accuracy and slowing the timeliness of data collection (Aziz et al., 2025). Fragmentation across jurisdictions compounds the problem, as institutions and regulators struggle to integrate information from diverse and incompatible sources (Biondi & Del Barrio, 2018). These data challenges are made worse by infrastructural constraints, particularly in developing markets where digital capacity remains limited (Michaels & Homer, 2018). Even in advanced markets, the computational intensity of modern machine learning tools strains existing infrastructures, slowing adoption and creating bottlenecks (J. Li et al., 2023). The findings demonstrate that Technology, Finance, and Risk functions bear the greatest responsibility for addressing these issues, reinforcing the need for integrated investment in both data quality and digital infrastructure. Without progress in these areas, the promise of RegTech and SupTech will remain unrealized.

3.3.4. Transformation of Data Reporting and Supervision Through RegTech and SupTech

The synthesis of reviewed studies shows that RegTech is widely recognized as an information technology-driven solution that automates compliance reporting, risk identification, and monitoring, enabling financial institutions to handle increasingly complex regulatory requirements more effectively (Chirulli, 2021). At the same time, SupTech is consistently described as the application of technology by supervisory authorities to strengthen oversight, with emerging technologies such as AI, machine learning, and big data playing a central role in reshaping supervisory tasks (P. Armstrong, 2018; Dongxing & Tao, 2020). Evidence across the literature indicates that SupTech tools are increasingly applied to enhance data collection, automate reporting channels, and support real-time monitoring, moving supervisors beyond template-based, manual methods. Although definitions of SupTech vary and no universal taxonomy exists, there is a strong consensus that it functions as a technological enabler of regulatory authorities’ decision-making processes and is gaining traction across different jurisdictions (G. Boeddu et al., 2018).
Figure 9 shows the conceptual framework for the transformation of data reporting through RegTech and the transformation of data supervision through SupTech. The framework illustrates how diverse data inputs (structured, semi-structured, and unstructured) flow into a set of activities that represent both the operational tasks of compliance within financial institutions and the supervisory tasks of regulators. These activities are reshaped by three sequential transformation mechanisms—automation, standardization, and real-time processing. In the RegTech domain, these mechanisms replace manual work inside firms, harmonize outputs into machine-readable formats, and shift reporting from periodic submissions to continuous flows. In the SupTech domain, the same mechanisms enable supervisors to automate validation and anomaly checks, align firm-level submissions to shared taxonomies, and monitor risks in real time through dashboards and alerts. The process ultimately generates supervisory outputs such as regulator-ready dashboards, continuous compliance feeds, and integrated oversight systems, thereby improving both the efficiency of compliance and the effectiveness of supervision.
In this study, effectiveness of regulatory compliance refers to the degree to which RegTech solutions enhance the accuracy, timeliness, and transparency of compliance processes within financial institutions, ensuring that regulatory requirements are fulfilled efficiently and reliably. Likewise, effectiveness of supervision denotes the capacity of supervisory authorities to utilize SupTech tools for more proactive, data-driven, and risk-sensitive oversight, enabling earlier detection of irregularities and strengthening market stability.

3.4. Transformation of Data Reporting Through RegTech

3.4.1. Data Inputs

Figure 10 shows the breadth of structured data used across the reviewed studies. Several works draw on global macroeconomic and competitiveness indices such as World Bank statistics (Jović & Nikolić, 2022), the IMD Digital Competitiveness Ranking and the Global Competitiveness Report (Jagrič et al., 2023), which provide cross-country benchmarks for financial inclusion, digitalization and supervisory readiness. Market-level and firm-level datasets dominate the empirical studies, with CSMAR and CNRDS databases (Muganyi et al., 2022; Shi et al., 2025), and the Wind and China Statistical Yearbook repeatedly used to capture Chinese banking and market activity (Kanojia et al., 2024), while the PKU-DFII Index provides digital financial inclusion indicators (Y. Li et al., 2025). At the institutional level, the EPS database (Becker et al., 2020), and A.M. Best insurer statements supply performance and solvency information for banks and insurers (Butler & O’Brien, 2019). Firm-specific reporting is evident in the use of annual reports of 141 banks and administrative penalty records from the NFRC, which allow studies to link RegTech adoption to compliance outcomes (Kanojia et al., 2024). Region-specific supervisory reporting is represented by the BFIU and Bangladesh Bank reports on suspicious and currency transactions (Pan et al., 2024), while the Banco de Portugal’s CRR/CRD IV supervisory datasets show how structured submissions including financial reporting, common reporting and funding plans form the backbone of EU-level prudential oversight (Loiacono & Rulli, 2022). These structured sources are highly machine-readable, often numeric, and serve as the primary input for automation and anomaly detection in RegTech applications.
Semi-structured data plays a crucial bridging role in harmonizing regulatory reporting. Several studies rely on spreadsheets in Excel and CSV formats often extracted from supervisory systems or survey forms (Guerra et al., 2022; Wang & Chen, 2024). These files reflect a transitional stage where data retains a tabular structure but lacks the consistency of fully relational databases. More advanced semi-structured inputs are seen in supervisory CSV datasets validated by the ECB and Banco de Portugal (Loiacono & Rulli, 2022), which provide a harmonized but flexible structure suitable for automated ingestion. At the industry level, Deloitte RegTech company listings offer a semi-structured dataset of technology vendors, enabling researchers to map market trends and adoption dynamics (Saifullah et al., 2023). Similarly, Dimensions.ai metadata is used to capture scientific publication outputs, linking RegTech research trends with technological change (Jagrič et al., 2023). Finally, compliance-focused studies employ GDPR self-assessment checklists which use structured dashboards and templated questions to monitor organizational adherence to data protection regulation (Ryan et al., 2020). These semi-structured inputs stand out because they are designed for standardization; they use schemas, templates or metadata fields to harmonies reporting across institutions, providing a middle ground between the rigidity of structured databases and the complexity of unstructured text.
Unstructured data represents the most diverse and challenging set of inputs identified in the literature. A large body of qualitative research relies on interview transcripts with regulators, banks, vendors and managers and observation notes from field studies and case analysis (Clarke, 2020; El Khoury et al., 2025; Muganyi et al., 2022), which capture institutional perspectives and supervisory practices. Regulatory studies frequently draw on legislative texts and regulatory guidelines including EU and national laws, State Council documents and reports from Basel, FSB, IMF and EBA (Chirulli, 2021; Colaert, 2021; Khalatur et al., 2022), as well as white papers and consultation outputs from the FCA and Bank of England (Zeranski & Sancak, 2021). Many papers also integrate public datasets such as Skywatch, the National Bureau of Statistics, transparency indices and marketization indices alongside firm-level annual reports of banks and insurers mined for RegTech keywords and compliance narratives (Jung, 2021; Shi et al., 2025). Industry analysis often relies on reports from KPMG, Deloitte RegTech100, Accenture, Fenergo and FATF (Miglionico, 2020; Saifullah et al., 2023), which provide external perspectives on technological diffusion and compliance standards. Finally, media accounts, speeches, supervisory communications and public information such as advertisements, opinions and third-party data highlight how unstructured sources extend beyond official documents into the broader ecosystem of public and institutional discourse (Du & Wei, 2020).

3.4.2. Reporting Activities and Automation

The review of the literature shows that twelve key reporting activities have been significantly transformed at the early stage of the reporting pipeline, as shown in Table 8. Instead of reports being compiled at the end of a quarter, they are now built from continuously prepared data. In data collection and integration, ad hoc extracts have been replaced with automated ingestion and event reconstruction systems. Here, sequence models and clustering algorithms are used to connect records from different databases and detect missing or inconsistent entries before they cause errors. Data standardization and validation have also advanced, moving away from manual spreadsheet fixes to automated controls. For example, SVM and ontology-based classifiers are applied to ensure that data fields match supervisory templates which allows errors to be corrected early in the process (Firiza et al., 2024; Kavassalis et al., 2018). In obligation extraction, natural language processing methods such as NER, dependency parsing and transformer-based models like BERT are used to convert legal and policy text into structured machine-readable obligations. This reduces uncertainty in interpreting rules and ensures that deadlines and templates are followed consistently (Zhang & Luo, 2022). As a result, regulatory report compilation and submission becomes an automated generation task rather than manual document assembly. Tools such as text mining and decision-tree models help to populate narrative sections and address missing values, reducing the time and effort required to prepare reports (Chirulli, 2021; Khalatur et al., 2022; Konina, 2021). In transaction reporting, advanced models such as RNN, autoencoders and time-series forecasting are used to pre-validate the order and format of records which prevents errors before data is uploaded to regulatory repositories (Jung, 2021; Uddin et al., 2025). From a technical point of view, these methods reduce error rates and improve data quality, while from a business perspective, they shorten reporting cycles and ensure consistency with supervisory requirements (Ssetimba et al., 2024).
A similar shift has taken place in activities related to compliance monitoring and control. Fraud detection and anomaly monitoring now rely on continuous screening rather than retrospective checks. Machine learning ensembles such as Random Forest and Gradient Boosting together with deep neural networks and Bayesian anomaly detectors are applied to large streams of transactions to identify unusual patterns (Xu et al., 2023). In AML and PSD2 compliance checks decision trees deep learning models and autoencoders are used to improve the precision of alerts and reduce the number of false positives. This is particularly important in situations where suspicious cases are rare and class imbalance is high (El Khoury et al., 2025; Khalatur et al., 2022). While deep learning models are often more effective at detecting rare events, they are less transparent, so institutions must balance the need for accuracy with the need for interpretability. From a managerial perspective, these tools reduce the burden of duplicate reviews and allow compliance teams to focus on genuinely risky cases. In addition, transaction surveillance is strengthened by sequence-based models that not only flag anomalies but also provide explanations such as feature importance or rule matches. This improves case management and helps regulators to base their discussions on clear evidence (Khan et al., 2025).
Customer-facing processes are also redesigned so that compliance evidence is captured at the source rather than reconstructed later. In identity verification and e-KYC, biometric and document checks are automated at the onboarding stage. CNNs are used for face recognition; fingerprint verification models ensure authenticity and SVM-style classifiers detect forged documents. These systems create customer records that are already compliant, reducing duplication in later reporting (Ketcham et al., 2025). Risk assessment and profiling is no longer based on static scorecards but uses models that are regularly updated. Logistic regression, Random Forest and boosting algorithms such as XGBoost and LightGBM allow institutions to adjust quickly to portfolio changes and market shocks which strengthens both internal risk management and regulatory credibility (Zhu et al., 2023). Complaint handling and consumer reporting have also been digitalized. Natural language processing methods such as sentiment analysis, topic modelling and speech-to-text convert unstructured customer feedback into structured signals that feed directly into conduct dashboards and supervisory reports (Chirulli, 2021).
The final area of transformation concerns transparency and accountability in the outputs visible to supervisors. ESG and disclosure reporting is increasingly supported by text-mining tools and document classifiers that map narrative reports onto established regulatory frameworks. This produces consistent and auditable outputs rather than reports created manually in each cycle. Audit trails and supervisory dashboards are also reshaped through AI methods. Isolation Forest and One-Class SVM algorithms detect anomalies, while time-series forecasting and network analytics track changes in data lineage, ensuring supervisors know when and how data was altered (Avramović, 2023; Khalatur et al., 2022; Kristanto & Arman, 2022). The literature highlights two persistent challenges. First there is a trade-off between detection power and explainability. Deep learning and autoencoder models improve rare-event detection but are harder to interpret. Second business users demand that systems be reproducible, transparent and defensible in front of supervisors (Abubakar et al., 2024). Strategically, studies show that activities with high potential for standardization such as report submission and transaction reporting are automated using structured pipelines and sequence models, while judgement-heavy tasks such as obligation extraction and conduct supervision rely more on NLP and sentiment analysis. This reflects the balance between technical feasibility, business risk and regulatory expectations across the twelve activities (Jung, 2021).

3.4.3. Standardization

In the second stage of the framework, the literature shows that automation alone is insufficient without systematic standardization. Once reporting activities are automated, the outputs must be aligned with supervisory formats so that regulators can aggregate and compare submissions. As shown in Table 9, the strongest evidence in the corpus relates to schemas, such as CRR and XBRL structures, which appear across more than forty studies (Clarke, 2020; Michaels & Homer, 2018). These works emphasize that harmonized schemas reduce the need for reconciliation and enable regulators to work with machine-readable and auditable data rather than fragmented spreadsheets. For example, ESG reporting has been explicitly tied to EU schema-driven frameworks (Y. Xia et al., 2024; Zetzsche & Anker-Sørensen, 2022), while transaction reporting is increasingly aligned to XBRL or CRR templates (Jung, 2021; Uddin et al., 2025). These approaches embed consistency into the data model itself and reduce compliance costs by ensuring institutions report into structures that supervisors directly consume.
A second cluster of studies highlights templates and machine-readable formats as the mechanisms through which reporting becomes comparable across institutions. More than thirty papers explicitly describe the use of structured templates, machine-readable reporting forms, or API-based submissions. These templates replace ad hoc reporting documents with predefined supervisory formats that can be auto-populated from curated data stores. Several papers describe how APIs extend this by enabling structured submissions to be transmitted continuously rather than periodically (Anagnostopoulos, 2018; Grassi & Lanfranchi, 2022; Shi et al., 2025). At the same time, some evidence points to supervisory taxonomies and ontologies/dictionaries as supporting elements, ensuring that fields and terms have consistent meanings across firms and regulators (Colaert, 2021; Zetzsche & Anker-Sørensen, 2022). Although fewer in number, these contributions underscore the semantic layer of standardization, they show that shared vocabularies and ontologies are critical for aligning interpretations of obligations and risk categories.
Overall, the role of standardization in the framework is to bridge automation and real-time reporting. Automation ensures that tasks are executed efficiently, but without standardization, the outputs would remain fragmented, inconsistent, and difficult to compare. Schemas, templates, taxonomies, and ontologies therefore form the lingua franca of RegTech-enabled supervision, embedding supervisory expectations directly into reporting pipelines. This stage transforms automated outputs into machine-readable, harmonized artefacts that regulators can trust, audit, and analyze. It also explains why most studies in the corpus converge on schema- and template-driven approaches, they deliver the highest payoffs in both technical reliability and compliance efficiency, while more specialized tools such as taxonomies and ontologies strengthen interpretability in emerging domains like ESG and conduct reporting.

3.4.4. Real-Time Reporting

Table 10 shows the key technological and procedural elements that enable real-time reporting in regulatory contexts. The evidence from the corpus suggests that these elements collectively transform regulatory reporting from a periodic, retrospective exercise into a continuous, event-driven process. This change is supported by six broad categories: streaming and continuous data flows, supervisory dashboards and portals, real-time anomaly detection, trigger-based/event-driven reporting, continuous risk and conduct monitoring, and regulatory data integration. Each category reflects both a technological innovation and an organizational shift, moving reporting closer to the point of transaction and supervision.
One of the most widely discussed innovations is the use of streaming and continuous data flows. Rather than waiting for quarterly or annual submissions, regulators can now access live feeds of data transmitted via APIs, streaming platforms, and event-driven pipelines. This allows supervisors to reduce the lag between when a transaction occurs and when it becomes visible to them. Several studies show how event-driven data pipelines make compliance reporting a continuous process, integrating directly with institutions’ operational systems and pushing validated records in real time (Anagnostopoulos, 2018). The practical value here is twofold. On the technical side, APIs and streaming architectures reduce data latency and create more consistent pipelines for ingestion and transformation. On the supervisory side, this enables a more responsive and proactive form of oversight, since regulators can identify potential risks as they unfold rather than after they are embedded in periodic summaries. In addition, continuous data flows support scalability across multiple firms, allowing regulators to build centralized systems that aggregate reporting data without the inefficiencies of periodic extraction and submission (Dinçkol et al., 2023).
Alongside streaming pipelines, supervisory dashboards and monitoring portals play a crucial role in enabling regulators to make sense of this continuous data. Rather than receiving static documents or spreadsheets, supervisors now interact with visual and interactive dashboards that present live oversight of firm-level risks, consumer complaints, and compliance metrics (Marrazzo, 2018). These tools change the supervisory workflow, allowing regulators to drill down into specific institutions, compare them across peer groups, and trace compliance issues as they develop. Conduct dashboards, for example, turn narrative complaints into structured indicators that can be monitored continuously, while prudential dashboards track liquidity, leverage, and capital positions in near real time. Dashboards thus provide regulators with the capacity to filter noise, focus on key indicators, and act quickly on emerging risks (O’Sullivan & Kennedy, 2008).
A third category of innovation is real-time anomaly detection, which integrates advanced algorithms directly into reporting streams. Instead of reviewing batches of transactions after the fact, anomaly detection models continuously screen transaction-level data as it is generated. Techniques such as Isolation Forest, One-Class SVM, autoencoders, and time-series models are deployed to identify unusual or suspicious patterns, particularly in the areas of fraud detection, anti-money laundering (AML), and transaction monitoring (Kumar et al., 2025). These models reduce false positives by learning the normal distribution of transaction behaviour and only flagging significant deviations. This shift provides clear benefits for both regulators and firms, fewer unnecessary alerts reduce operational burden, while earlier identification of true risks allows for faster escalation and response. Importantly, these tools also feed into supervisory dashboards, enriching them with real-time risk signals that can be traced back to underlying data (di Castri et al., 2018).
Closely linked to anomaly detection is the rise of trigger-based or event-driven reporting. Here, smart contracts, automated triggers, and e-notification systems automatically generate reports when predefined risk thresholds are breached. This means that instead of regularly sending large volumes of routine data, firms and supervisors focus only on material events that exceed certain limits (Deng et al., 2024). For example, an automated alert may be sent when a bank’s liquidity coverage ratio falls below regulatory thresholds, or when a suspicious transaction is detected in an AML system (Koo et al., 2024). Event-driven reporting makes regulatory oversight more dynamic, reducing noise and ensuring that supervisors are alerted immediately when it matters most. Another emerging area is continuous risk and conduct monitoring, which relies heavily on NLP and sentiment analysis to turn unstructured consumer and market data into real-time supervisory signals. Several papers describe how consumer complaints, call transcripts, and other narrative data are processed through sentiment analysis, topic modelling, and conduct dashboards to provide supervisors with live indicators of consumer risk and institutional behaviour (Chirulli, 2021; Saifullah et al., 2023). This expands the scope of supervision beyond financial ratios, incorporating behavioural and conduct dimensions that were previously difficult to capture in real time. By automating the structuring of narrative data, regulators can detect early signals of misconduct or systemic issues, such as rising complaints about unfair lending practices or poor service quality. This strengthens market conduct supervision and builds trust in the financial system, as supervisors can intervene more quickly in response to consumer harm.
Finally, regulatory data integration plays a crucial role in consolidating firm-level submissions into supervisory databases or cloud-based platforms in near real time. Several studies highlight how APIs and streaming submissions enable regulators to build centralized data lakes, which aggregate information across multiple firms for benchmarking and peer comparisons (Anagnostopoulos, 2018; Grassi & Lanfranchi, 2022). This form of integration allows supervisors not only to monitor individual firms but also to identify systemic risks that emerge across the market. By maintaining centralized platforms, regulators can run cross-sectional analyses, detect outliers, and benchmark performance without relying on slow, manual reconciliation of submissions. In some advanced cases, regulators are even able to query firm systems directly through APIs, retrieving the specific data needed at the time without requiring static submissions. This represents a major shift in the supervisory relationship, moving from a push-based model of reporting to a pull-based, interactive model.

3.5. Transformation of Data Supervision Through SupTech

3.5.1. Data Inputs

Figure 11 shows the breadth of structured data sources used across the SupTech literature. A recurrent theme is the reliance on market-level and institutional datasets that allow supervisors to assess prudential soundness and compliance performance. Bank annual reports remain one of the most common structured sources, providing supervisors with balance-sheet, income, and governance disclosures that can be digitized for comparative analysis (Shi et al., 2025). Similarly, large-scale datasets such as the CSMAR and Wind platforms supply granular information on transactions, market activity and institutional indicators, often used in supervisory pilot projects in China and other jurisdictions (Y. Li et al., 2025; Muganyi et al., 2022). The PKU-DFII Index adds a digital financial inclusion dimension, allowing supervisors to benchmark how inclusive and technology-enabled financial systems are across regions (Muganyi et al., 2022). Macro-level inputs such as World Bank statistics and the IMD competitiveness rankings extend the supervisory scope by providing cross-country indicators of economic performance, innovation, and competitiveness, which help regulators situate local risks in a broader international context (Khalatur et al., 2022). Administrative penalties and supervisory data collections reflect regulator-driven datasets that link firm behaviour to compliance breaches, offering direct evidence for enforcement and prudential oversight (Voigt & Von Dem Bussche, 2024). These structured datasets are highly machine-readable and support SupTech applications that rely on numerical modelling, anomaly detection, and early warning systems (Alonso-Robisco et al., 2025).
Semi-structured data complements these sources by bridging formal reporting with supervisory judgement. Several studies employ surveys as tools to gather supervisory insights on emerging risks or institutional capacity. These include standard survey data, Likert-scale instruments (Zabat et al., 2024), and multiple-choice questionnaires (Kurum, 2023), which transform subjective views into quantifiable indicators of regulatory readiness and technological adoption. Delphi questionnaire’s further structure expert opinion by aggregating rounds of responses from regulators and compliance specialists, producing consensus-based measures of AML oversight and SupTech maturity (Grant et al., 2021). Beyond surveys, GDPR self-assessment forms and checklists stand out as semi-structured inputs specifically designed to harmonize compliance across institutions (Ryan et al., 2020). These tools are templated, segmenting obligations into discrete questions or indicators that can be processed digitally and compared across firms. Semi-structured data is valuable precisely because it offers a middle ground, it has more flexibility than rigid databases yet still follow predefined schemas, which makes it suitable for integration into SupTech platforms where comparability and aggregation are key (Kholkar et al., 2017).
Unstructured data provides the richest but most complex inputs for SupTech applications. A large proportion of studies rely on qualitative sources such as interview transcripts with supervisors, regulators, and financial institutions (Jung, 2021), which capture perspectives on supervisory challenges, institutional constraints, and opportunities for technology use. Policy and legislative texts are equally central, as they represent the primary obligations that must be translated into machine-readable rules for supervisory monitoring (Miglionico, 2020; Zeranski & Sancak, 2021). Official supervisory reports and industry analyses (Anagnostopoulos, 2018), add empirical grounding by documenting enforcement trends, sectoral risks, and regulatory innovation. Case study notes (Battanta et al., 2020), and white papers highlight experimental initiatives, pilots, and consultation exercises that inform the design of new SupTech tools (Butler & O’Brien, 2019). Unlike structured or semi-structured sources, unstructured data is often textual, narrative, and context dependent. Yet, these inputs are essential for areas like conduct supervision, consumer protection, and systemic risk monitoring, where regulatory decisions depend on understanding qualitative nuances, institutional behaviour, and public sentiment.

3.5.2. Supervision Activities and Automation

Table 11 shows supervisory activities that have been changed in the literature. Instead of supervisors depending on delayed or manual audits, many studies describe how continuous and standardized data streams are now used with AI tools to improve oversight. In prudential supervision, methods such as logistic regression, Random Forest, Gradient Boosting, and time-series forecasting are applied to watch solvency, liquidity, and capital risks in real time. This replaces static reports with updated and frequent insights into risk. Obligation extraction also changes how supervision works by turning legal and policy texts into machine-readable templates through natural language processing tools such as NER, dependency parsing, and transformer models. This reduces mistakes in interpretation and makes sure rules are applied in line with the latest requirements (Khalatur et al., 2022; Kristanto & Arman, 2022). Transaction surveillance uses sequence models such as RNN and LSTM together with autoencoders and time-series anomaly detection to check the order and accuracy of transactions as they happen. Errors are identified at the source rather than after long reconciliation processes, which allows supervisors to react more quickly and with better-quality information (Gasparri, 2019; Uddin et al., 2025).
Activities focused on detection benefit strongly from AI methods. Fraud and anomaly detection now works on full datasets instead of small samples. Studies report the use of Random Forest, Gradient Boosting, deep neural networks, Bayesian anomaly models, and graph-based analysis to identify unusual activity across transactions and entities (Ojo & Tomy, 2025). AML and CTF supervision apply decision trees, Random Forest, deep networks, autoencoders, and clustering methods such as K-means and DBSCAN to reduce false positives and improve the accuracy of alerts, even in highly imbalanced cases (El Khoury et al., 2025; Konina, 2021). Market surveillance adds another layer by applying clustering, neural networks, graph analytics, and one-class models to trading and disclosure data. These tools help spot risks across firms and at the system level, which would not be possible with firm-level monitoring alone (Cerqueti et al., 2021; Cevik et al., 2025). Together, these pipelines provide earlier warnings and make discussions between supervisors and firms more evidence based.
Supervision of consumers and identity checks has also changed. Conduct supervision now uses natural language processing techniques such as sentiment analysis, topic modelling, and text categorization, supported by speech-to-text for call data. These approaches turn complaints and narratives into structured signals that can be monitored live through conduct dashboards. This allows regulators to track complaint levels, shifts in sentiment, and main topics in real time, which makes intervention faster and more targeted (Saifullah et al., 2023). Identity verification and e-KYC oversight also benefit from AI. Supervisors now validate compliance using CNN-based facial recognition, fingerprint models, and SVM-style document checks. These tools make identity checks more reliable and reduce the need for later corrections during inspections (Grassi & Lanfranchi, 2022; Konina, 2021). These advances broaden supervision to include not only financial metrics but also behaviour and consumer outcomes, while keeping audit trails intact and machine-readable.
The final set of changes concerns transparency and governance in supervisory outputs. ESG and disclosure supervision is supported by text mining, transformer-based classification, SVM, and logistic regression, which link narrative disclosures to regulatory taxonomies (Singhania & Saini, 2023). This produces assessments that are reproducible and can be updated as new reports or policies appear. Audit trails and dashboards are kept accurate with the help of Isolation Forest, One-Class SVM, time-series forecasting, and network analysis. These methods allow supervisors to track data lineage and detect irregularities, showing clearly who made changes and when (Rawat et al., 2024). The literature notes that there are trade-offs between detection strength and interpretability. Deep learning and autoencoders are strong at spotting rare events but are harder to explain. Supervisors therefore require clear documentation and governance to accept such models. Despite these challenges, the overall evidence in Table 11 shows that AI-based SupTech shifts supervision from manual, document-based audits to real-time oversight supported by continuous data, automated detection, and live dashboards. This improves timeliness, consistency, and accountability in supervisory actions (Jung, 2021).

3.5.3. Standardization

Table 12 shows the main standardization mechanisms discussed in the SubTech literature. The studies reviewed highlight that automation of supervisory activities only becomes effective when outputs are harmonized into schemas, templates, and shared dictionaries that supervisors can directly consume. Supervisory data schemas and reporting frameworks are especially important in prudential, conduct, and AML oversight, as they structure the flow of firm-level submissions into consistent formats. Evidence from Becker et al. (2020); Kanojia et al. (2024); Y. Li et al. (2025); Loiacono and Rulli (2022) shows that these schemas allow capital adequacy, liquidity positions, and suspicious activity reports to be integrated into supervisory databases without extensive reconciliation. This shift transforms fragmented firm reports into machine-readable data streams that supervisors can aggregate and benchmark, significantly improving the comparability of oversight across different institutions.
Taxonomies, ontologies, and dictionaries form the semantic layer of SubTech standardization. Supervisory taxonomies, conduct risk taxonomies, and ESG classification frameworks ensure that categories such as “market conduct,” “climate risk,” or “suspicious transaction” are defined in a uniform way across jurisdictions (Grassi & Lanfranchi, 2022; Kanojia et al., 2024). Ontology-based classification and supervisory dictionaries extend this consistency by turning ambiguous or narrative obligations into structured definitions that are machine-interpretable (Colaert, 2021). These mechanisms reduce the interpretive drift that often arises when rules are transposed into practice, creating a stable foundation for automated monitoring and cross-border supervision.
Templates and machine-readable formats form the most visible tools in this stage. Structured supervisory forms, XML/XBRL-based submissions, and API-enabled data flows allow supervisory data to be captured in consistent formats that can be ingested automatically (Lukicheva, 2022). Unlike ad hoc reports, these templates embed supervisory requirements into the reporting pipeline itself, which reduces compliance costs for firms and improves efficiency for regulators. Importantly, in SubTech these formats are directly linked to supervisory dashboards and portals. As shown in Chirulli (2021), interactive dashboards now consume machine-readable alerts and conduct monitoring outputs in near real time, closing the loop between firm submissions and supervisory decision-making.

3.5.4. Real-Time Supervision

Table 13 shows the key elements that enable real-time supervision through SubTech. The evidence demonstrates how supervisory practices are moving away from retrospective audits and periodic submissions toward continuous, event-driven oversight. This transformation is supported by six categories, streaming and continuous data flows, supervisory dashboards and portals, real-time anomaly detection, trigger-based or event-driven reporting, continuous risk and conduct monitoring, and supervisory data integration. Together, these mechanisms allow supervisors to observe financial activities as they happen, shorten response times, and strengthen the reliability of oversight.
One of the most widely discussed areas is the use of streaming data flows and supervisory dashboards. APIs and event-driven platforms provide supervisors with access to continuously refreshed data rather than delayed submissions (Shi et al., 2025). Dashboards and portals then translate this information into interactive, real-time indicators of firm-level risks, consumer complaints, and conduct issues. This enables supervisors to track prudential metrics and consumer sentiment in near real time, making it easier to detect early signs of misconduct or financial stress. At the same time, anomaly detection and trigger-based mechanisms ensure that suspicious activity, such as fraud or AML risks, is flagged immediately using tools like Isolation Forests, autoencoders, and automated thresholds (Chirulli, 2021; Jung, 2021). These innovations reduce false positives, improve efficiency, and allow supervisory attention to focus on high-risk events as they occur.
Finally, SubTech studies also highlight the importance of integrating firm-level and market-wide data into centralized supervisory systems. Cloud platforms and data lakes supported by API submissions allow regulators to consolidate inputs across multiple firms for benchmarking and systemic risk analysis (Anagnostopoulos, 2018; Shi et al., 2025). Continuous conduct monitoring through sentiment analysis and NLP adds another dimension by converting unstructured narratives, such as complaints or call transcripts, into structured indicators that feed directly into real-time dashboards (Chirulli, 2021; Saifullah et al., 2023). Taken together, these elements demonstrate that real-time SubTech does not only accelerate the speed of supervision but also broadens its scope, embedding both financial and behavioural oversight into ongoing monitoring processes.

4. Future Research Opportunities and Identified Gaps

This section identifies where current knowledge about RegTech and SupTech is incomplete and outlines concrete directions for future research that follow directly from the findings of this review.

4.1. Foundations, Methods, and Architectures

Much of the literature calls for clearer foundations for building and governing RegTech/SupTech systems. Several papers ask for step-by-step development methods, reference architectures, and adoption frameworks that can be reused across cases rather than invented project by project (Firmansyah & Arman, 2023). Others highlight architectural questions specific to regulated deployments—access-policy design, performance at scale, and the economics of distributed ledgers or shared data stores—which remain under-specified and untested (Arner et al., 2018; Kavassalis et al., 2018). On the supervisory side, authors stress the need to translate legal and reporting rules into machine-readable forms and to run long, parallel trials before switching production processes, which implies design science work that links law, data models, and software engineering (Jung, 2021).
Future studies should therefore: develop reusable IT architectures (application/data/integration layers), publish engineering patterns for rule-as-code and data lineage, and test governance arrangements that balance vendor innovation with auditability (Kristanto & Arman, 2022; Miglionico, 2020). Comparative design cases—showing how choices about APIs, streaming, rule engines, and model management affect cost, latency, and assurance—would move the field from conceptual proposals to practical guidance.

4.2. Evidence on Effectiveness and Outcomes

Across the corpus, there is a shortage of robust empirical evaluations. Many contributions are conceptual, single-case, or limited to one jurisdiction, making it hard to judge impact on compliance costs, detection quality, resilience, or consumer outcomes (Laguna de Paz, 2023). Banking studies increasingly measure internal benefits but often stop short of firm-level real-effects (e.g., investment efficiency) or macroprudential outcomes; where measured, the scope is narrow or country-specific (Shi et al., 2025). Supervisory innovations—dashboards, anomaly screens, prudential disclosure—are proposed more often than they are tested in operational settings (Bansal & Taneja, 2025).
Priorities include multi-site, multi-year evaluations with clear baselines and counterfactuals; cost–benefit studies that include data quality, model maintenance, and rework avoided; and crisis-period analyses to link digital tools with operational resilience (Zeranski & Sancak, 2021). Cross-country comparisons and sectoral extensions beyond banks (capital-market intermediaries, insurance, NBFCs) are needed to generalize findings and detect context effects.

4.3. Standardization, Interoperability, and Data Governance

The review shows strong reliance on schemas, templates, taxonomies, and ontologies, yet many gaps remain. Authors point to missing common definitions, uneven maturity across authorities, and limited cross-border interoperability, all of which hinder benchmarking and peer analysis (Avramović, 2023; Firiza et al., 2024). Papers also flag a lack of international coordination on reporting templates and interpretive repositories, slowing automation and increasing reconciliation effort (Arner et al., 2018). Data governance issues—sharing models, consent, security, and talent capacity inside supervisory bodies—are recurring pain points that limit scale and trust (Du & Wei, 2020). Future research should:
  • Test schema/taxonomy alignment across jurisdictions through live pilots;
  • Design governance for shared utilities and data-pull architectures; and
  • Evaluate how standards choices affect model drift, auditability, and portability across vendors and agencies (Jung, 2021; Miglionico, 2020). Work on ESG and sustainability reporting is a special case where sustained, taxonomy-based evidence will only emerge after several cycles of consistent use (Zetzsche & Anker-Sørensen, 2022).

4.4. Legal, Ethical, and Accountability Safeguards

As AI and automation move into core regulatory processes, questions about due process, explainability, liability, and systemic accountability remain open. Several studies underline the lack of formal frameworks for SupTech, uneven legal bases for algorithm-assisted decisions, and limited safeguards for transparency and redress (Chirulli, 2021). Others call for international taxonomies and standards to manage black-box opacity, cyber risk, and the role of private vendors in public decision chains (Sharma et al., 2023). There is also concern about fragmented strategies across authorities and the need for convergent approaches that embed oversight of models themselves (Chirulli, 2021).
Promising lines of work include model documentation and audit standards tailored to supervisory use; procedures for parallel-run periods and appealable decisions; and governance designs (oversight boards, expert commissions, ex ante technical standards) that balance speed with legitimacy (Jung, 2021; Micheler & Whaley, 2020). Comparative legal studies could map how different regimes handle AI transparency and data sovereignty in supervision and what that implies for cross-border operations (Loiacono & Rulli, 2022).

4.5. Scope, Technologies, and Contexts Still Under-Studied

Multiple papers note misalignment between what academia studies and what practitioners deploy. NLP and robotic process automation appear under-researched relative to their operational importance, while deep dives often cluster around DLT or generic “AI” without comparing concrete algorithms for specific compliance tasks (Becker et al., 2020). New domains—including ESG/climate risk, crisis resolution (ResTech), DeFi, and post-quantum security—are proposed but not yet evidenced at scale (Grassi & Lanfranchi, 2022). Important contexts beyond core banking (insurance, NBFCs, charities, and emerging markets) remain thinly covered, and several studies call for sector-specific algorithms and local adoption research (Saifullah et al., 2023). A practical agenda would:
  • Benchmark algorithm families for defined tasks (e.g., AML triage, obligation extraction, conduct sentiment) with shared datasets;
  • Extend evaluations to insurance/insurtech and non-profit compliance; and
  • Study organizational change—skills, incentives, human-in-the-loop design—needed to integrate these tools sustainably. Cross-disciplinary teams linking computer science, law, and public administration are especially important where political mandates and institutional resistance shape adoption.

4.6. Cross-Border and Consumer Challenges

A notable gap identified in the reviewed literature concerns the limited coverage of functional and organizational dimensions such as customer and strategy, human resource management, identity management, and fraud prevention. These areas represent critical operational layers where digital transformation intersects directly with regulatory compliance and institutional resilience. Despite rapid technological adoption, few studies examine how RegTech and SupTech solutions influence the management of customer data, staff capabilities, or fraud detection processes within complex financial ecosystems. Similarly, while technological innovation has accelerated reporting and supervision, there is insufficient discussion on how these innovations reshape strategic alignment, organizational culture, and human capital structures in regulated environments.
Future research should therefore extend beyond system-level analyses to address the institutional vulnerabilities that accompany digital transformation. Among the most pressing are the complexities of cross-border financial transactions, the challenges of global coordination among regulatory authorities, and the persistent issues surrounding consumer protection in data-driven financial services. These themes warrant deeper empirical and comparative investigation, particularly regarding how different jurisdictions align technological innovation with legal accountability and ethical safeguards. Studies exploring transnational interoperability frameworks, privacy-preserving compliance mechanisms, and inclusive consumer-protection models would make important contributions to both regulatory theory and practice, helping bridge the gap between digital innovation and sustainable financial governance.

5. Conclusions and Limitations

This systematic literature review has mapped the evolving landscape of RegTech and SupTech, highlighting their role as transformative forces in modern regulatory ecosystems. By synthesizing evidence across multiple domains, the study demonstrates that these technologies are no longer peripheral tools but central enablers of supervisory efficiency, transparency, and resilience. The findings reveal an emerging shift from conceptual exploration to applied innovation, where AI, blockchain, big data, and automation are redefining regulatory practices. At the same time, the review underscores that theoretical foundations remain fragmented, empirical validation is sparse, and critical issues such as governance, interoperability, and ethical oversight require more sustained academic attention.
Taken together, these insights advance the understanding of RegTech and SupTech as distinct yet complementary domains of research and practice. They also establish a clear agenda for scholars and policymakers, calling for deeper cross-disciplinary collaboration, rigorous empirical testing, and global comparative studies. Ultimately, the review demonstrates that effective digital regulation will depend not only on technological adoption but also on the development of harmonized standards, inclusive governance models, and adaptive regulatory frameworks that balance innovation with accountability. By identifying both achievements and shortcomings in the existing literature, this study provides a foundation for future work that can guide the strategic integration of RegTech and SupTech into the broader architecture of digital-era financial regulation.
However, several limitations of this review should be acknowledged. First, the study relied on a limited set of databases for identifying relevant literature, which may have excluded studies available in other repositories. Second, only papers published in English were considered, which means potentially valuable contributions in other languages were not captured. Third, the search was restricted to peer-reviewed academic works, excluding industry reports or practitioner papers that might contain practical insights but lack academic framing. Finally, the rapidly evolving nature of RegTech and SupTech means that new studies are continuously emerging, and some recent contributions may not have been included at the time of analysis. These limitations suggest that future systematic reviews could broaden the scope of databases, incorporate multilingual sources, and include grey literature to provide a more holistic understanding of the field.

Author Contributions

Conceptualization, N.B. and M.B.S.; methodology, N.B.; software, N.B. and M.B.S.; validation, S.N., V.A. and A.F.; formal analysis, S.N.; investigation, N.B. and M.B.S.; resources, N.B.; data curation, N.B.; writing—original draft preparation, N.B. and M.B.S.; writing—review and editing, S.N. and V.A.; visualization, N.B. and M.B.S.; supervision, S.N. and V.A.; project administration, S.N.; funding acquisition, M.B.S. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

The original contributions presented in this study are included in the article. Further inquiries can be directed to the corresponding author.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
RegTechRegulatory Technology
SupTechSupervisory Technology
FinTechFinancial Technology
FSBFinancial Stability Board
IMFInternational Monetary Fund
FCAFinancial Conduct Authority
MASMonetary Authority of Singapore
NFRCNational Financial Regulatory Commission
AMLAnti-Money Laundering
KYCKnow Your Customer
e-KYCElectronic Know Your Customer
CFTCountering the Financing of Terrorism
SASentiment Analysis
ROIReturn on Investment
CRRCapital Requirements Regulation
CRDCapital Requirements Directive
AIArtificial Intelligence
MLMachine Learning
NLPNatural Language Processing
DLTDistributed Ledger Technology
ITInformation Technology
APIApplication Programming Interface
UXUser Experience
SVMSupport Vector Machine
RNNRecurrent Neural Network
CNNsConvolutional Neural Networks
XBRLeXtensible Business Reporting Language
DBSCANDensity-Based Spatial Clustering of Applications with Noise
LSTMLong Short-Term Memory
DNNDeep Neural Networks
SLRSystematic Literature Review
PRISMAPreferred Reporting Items for Systematic Reviews and Meta-Analyses
LEILegal Entity Identifier
CRUCommon Reporting Utilities
RACIResponsible, Accountable, Consulted, Informed
IMDInternational Institute for Management Development
CSMARChina Stock Market & Accounting Research Database
CNRDSChina Research Data Services
GDPRGeneral Data Protection Regulation
CCPACalifornia Consumer Privacy Act
GFCGlobal Financial Crisis
CBDSCentral Bank Digital Currencies (sometimes written as CBDCs)
SEMStructural Equation Modelling
ESGEnvironmental, Social, and Governance

References

  1. Abubakar, Y. I., Othmani, A., Siarry, P., & Sabri, A. Q. M. (2024). A systematic review of rare events detection across modalities using machine learning and deep learning. IEEE Access, 12, 47091–47109. [Google Scholar] [CrossRef]
  2. Adeosun, O. A., Bello, A. D., Serifat, O. A., & Amomo, C. G. (2025). Enhancing financial cybersecurity in cloud engineering: A systematic review of threats, mitigation strategies and regulatory compliance. Asian Journal of Research in Computer Science, 18(5), 244–256. [Google Scholar] [CrossRef]
  3. Al-Harbi, A. (2025). Impact of AI on market efficiency and stability. International Journal of Science and Research Archive, 14(01), 552–560. [Google Scholar] [CrossRef]
  4. Alka, M., Bancong, H., & Muzaini, M. (2023). Bibliometric analysis of Pedagogical Content Knowledge (PCK) publication trends in Scopus database from 2018 to 2022. Studies in Learning and Teaching, 4(2), 306–318. [Google Scholar] [CrossRef]
  5. Alonso-Robisco, A., Azqueta-Gavaldón, A., Carbó, J. M., González, J. L., Hernáez, A. I., Herrera, J. L., Quintana, J., & Tarancón, J. (2025). Empowering financial supervision: A SupTech experiment using machine learning in an early warning system. Banco de España. [Google Scholar]
  6. Anagnostopoulos, I. (2018). Fintech and regtech: Impact on regulators and banks. Journal of Economics and Business, 100, 7–25. [Google Scholar] [CrossRef]
  7. Antunes, J. A. P. (2021). To supervise or to self-supervise: A machine learning based comparison on credit supervision. Financial innovation, 7(1), 26. [Google Scholar] [CrossRef]
  8. Armstrong, B., Barnes, T. D., Chiba, D., & O’brien, D. Z. (2024). Financial crises and the selection and survival of women finance ministers. American Political Science Review, 118(3), 1305–1323. [Google Scholar] [CrossRef]
  9. Armstrong, P. (2018). Developments in RegTech and SupTech. Paris Dauphine University. Available online: https://www.esma.europa.eu/sites/default/files/library/esma71-99-1070_speech_on_regtech.pdf (accessed on 10 September 2025).
  10. Arner, D. W., Barberis, J., & Buckey, R. P. (2016). FinTech, RegTech, and the reconceptualization of financial regulation. Northwestern Journal of International Law and Business, 37, 371. [Google Scholar]
  11. Arner, D. W., Barberis, J., & Buckley, R. P. (2018). RegTech: Building a better financial system. In Handbook of blockchain, digital finance, and inclusion (Vol. 1, pp. 359–373). Elsevier. [Google Scholar]
  12. Avramović, P. (2023). Digital transformation of financial regulators and the emergence of supervisory technologies (SupTech): A case study of the UK Financial conduct authority. Harvard Data Science Review, 5(2). [Google Scholar] [CrossRef]
  13. Aziz, A., Syafii, M., & Jayanti, F. D. (2025). Analysis of the implementation of cloud accounting technology in increasing the efficiency and accuracy of financial reporting. The Journal of Academic Science, 2(4), 1239–1246. [Google Scholar] [CrossRef]
  14. Baghalzadeh Shishehgarkhaneh, M., Keivani, A., Moehler, R. C., Jelodari, N., & Roshdi Laleh, S. (2022). Internet of Things (IoT), Building Information Modeling (BIM), and Digital Twin (DT) in construction industry: A review, bibliometric, and network analysis. Buildings, 12(10), 1503. [Google Scholar] [CrossRef]
  15. Baghalzadeh Shishehgarkhaneh, M., Moehler, R. C., Fang, Y., Hijazi, A. A., & Aboutorab, H. (2025). A comprehensive taxonomy of supply chain risks in construction project management: A systematic literature review. Journal of Legal Affairs and Dispute Resolution in Engineering and Construction, 17(4), 03125002. [Google Scholar] [CrossRef]
  16. Bakhos Douaihy, H., & Rowe, F. (2023). Institutional pressures and RegTech challenges for banking: The case of money laundering and terrorist financing in Lebanon. Journal of Information Technology, 38(3), 304–318. [Google Scholar] [CrossRef]
  17. Bamberger, K. A. (2009). Technologies of compliance: Risk and regulation in a digital age. Texas Law Review, 88, 669. [Google Scholar]
  18. Bancong, H. (2024). The past and present of thought experiments’ research at Glancy: Bibliometric review and analysis. Discover Education, 3(1), 142. [Google Scholar] [CrossRef]
  19. Bansal, N., & Taneja, S. (2025). RegTech: The new regulatory technology. In Financial landscape transformation: Technological disruptions (pp. 235–251). Emerald Publishing Limited. [Google Scholar]
  20. Battanta, L., Giorgino, M., Grassi, L., & Lanfranchi, D. (2020, September 17–18). Regtech: Case studies of cooperation with banks in italy. European Conference on Innovation and Entrepreneurship, Rome, Italy. [Google Scholar]
  21. Becker, M., Merz, K., & Buchkremer, R. (2020). RegTech—The application of modern information technology in regulatory affairs: Areas of interest in research and practice. Intelligent Systems in Accounting, Finance and Management, 27(4), 161–167. [Google Scholar] [CrossRef]
  22. Biondi, Y., & Del Barrio, C. (2018, November 1). The single market’s catch-22: Supervisory centralisation in a fragmented banking landscape. Financial Stability Conference—FSC Research Workshop 2018, Financial Risk and Stability Network, Berlin, Germany. [Google Scholar] [CrossRef]
  23. Boeddu, G., Brix, L., Kachingwe, N., Lopes, L., & Randall, D. (2018). From spreadsheets to suptech; technology solutions for market conduct supervision (Vol. 1, p. 127577). World Bank Group. [Google Scholar]
  24. Boeddu, G. L., Newbury, L. B., Kachingwe, N. L., De Souza Neves Lopes, L., & Randall, D. (2018). From spreadsheets to suptech: Technology solutions for market conduct supervision. World Bank. Available online: https://documents1.worldbank.org/curated/en/612021529953613035/pdf/127577-REVISED-Suptech-Technology-Solutions-for-Market-Conduct-Supervision.pdf (accessed on 15 September 2025).
  25. Bolton, M., & Mintrom, M. (2023). RegTech and creating public value: Opportunities and challenges. Policy Design and Practice, 6(3), 266–282. [Google Scholar] [CrossRef]
  26. Borio, C. E., Farag, M., & Tarashev, N. A. (2020). Post-crisis international financial regulatory reforms: A primer (BIS Working Papers). Available online: https://www.bis.org/publ/work859.htm (accessed on 15 September 2025).
  27. Broeders, D., & Prenio, J. (2018). FSI Insights Innovative technology in financial supervision. FSI Insights on Policy Implementation, 2, 018. [Google Scholar]
  28. Butler, T. (2017). Towards a standards-based technology architecture for RegTech. Journal of Financial Transformation, 45, 49–59. [Google Scholar]
  29. Butler, T., & O’Brien, L. (2019). Understanding RegTech for digital regulatory compliance. Disrupting Finance, 85–102. [Google Scholar] [CrossRef]
  30. Campbell-Verduyn, M., & Lenglet, M. (2023). Imaginary failure: RegTech in finance. New Political Economy, 28(3), 468–482. [Google Scholar] [CrossRef]
  31. Cave, J. (2017). Get with the program: Fintech meets Regtech in the light-touch sandbox. Available at SSRN 2944249. Available online: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2944249 (accessed on 9 September 2025).
  32. Cerqueti, R., Clemente, G. P., & Grassi, R. (2021). Systemic risk assessment through high order clustering coefficient. Annals of Operations Research, 299(1), 1165–1187. [Google Scholar] [CrossRef]
  33. Cevik, E. I., Kenc, T., Goodell, J. W., & Gunay, S. (2025). Enhancing banking systemic risk indicators by incorporating volatility clustering, variance risk premiums, and considering distance-to-capital. International Review of Economics & Finance, 97, 103779. [Google Scholar]
  34. Chakraborty, C., & Joseph, A. (2017). Machine learning at central banks (Bank of England Working Paper No. 674). Available online: https://ssrn.com/abstract=3031796 (accessed on 20 September 2025).
  35. Chirulli, P. (2021). FinTech, RegTech and SupTech: Institutional challenges to the supervisory architecture of the financial markets. In Routledge handbook of financial technology and law (pp. 447–464). Routledge. [Google Scholar]
  36. Chishti, B. S. (2019). The power of regtech to drive cultural change and enhance conduct risk management across banking. The RegTech Book. [Google Scholar]
  37. Clarke, R. (2020). RegTech opportunities in the platform-based business sector. Available online: https://aisel.aisnet.org/bled2020/37/ (accessed on 20 September 2025).
  38. Climent, F., Momparler, A., & Carmona, P. (2019). Anticipating bank distress in the Eurozone: An Extreme Gradient Boosting approach. Journal of Business Research, 101, 885–896. [Google Scholar] [CrossRef]
  39. Colaert, V. (2021). ‘Computer says no’–benefits and challenges of RegTech. In Routledge handbook of financial technology and law (pp. 431–446). Routledge. [Google Scholar]
  40. Currie, W. L., Gozman, D. P., & Seddon, J. J. M. (2018). Dialectic tensions in the financial markets: A longitudinal study of pre- and post-crisis regulatory technology. Journal of Information Technology, 33(4), 304–325. [Google Scholar] [CrossRef]
  41. Das, S. R., Kim, S., & Kothari, B. (2017). Zero-revelation RegTech: Detecting risk through linguistic analysis of corporate emails and news. Available at SSRN 2960350. Available online: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2960350 (accessed on 12 September 2025).
  42. Deng, J., Liu, L., Lv, C., Yang, Z., & Han, G. (2024, August 9–10). Application of smart contracts in blockchain in financial risk control. 2024 Second International Conference on Networks, Multimedia and Information Technology (NMITCON), Bengaluru, India. [Google Scholar]
  43. di Castri, S., Grasser, M., & Kulenkampff, A. (2018). An AML SupTech solution for the Mexican national banking and securities commission (CNBV)-R2A project retrospective and lessons learned. Available at SSRN 3592564. Available online: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3592564 (accessed on 10 September 2025).
  44. Dinçkol, D., Ozcan, P., & Zachariadis, M. (2023). Regulatory standards and consequences for industry architecture: The case of UK Open Banking. Research Policy, 52(6), 104760. [Google Scholar] [CrossRef]
  45. Dongxing, J., & Tao, Z. (2020). Approach to SupTech development. China Economic Transition (CET), 3(2). [Google Scholar] [CrossRef]
  46. Donthu, N., Kumar, S., Mukherjee, D., Pandey, N., & Lim, W. M. (2021). How to conduct a bibliometric analysis: An overview and guidelines. Journal of Business Research, 133, 285–296. [Google Scholar] [CrossRef]
  47. Du, J., & Wei, L. (2020, November 20–22). An analysis of regulatory technology in the Internet financial sector in conjunction with the logit model. 2020 2nd International Conference on Economic Management and Model Engineering (ICEMME), Chongqing, China. [Google Scholar]
  48. El Khoury, R., Alshater, M. M., & Joshipura, M. (2025). RegTech advancements-a comprehensive review of its evolution, challenges, and implications for financial regulation and compliance. Journal of Financial Reporting and Accounting, 23(4), 1450–1485. [Google Scholar] [CrossRef]
  49. Ellegaard, O., & Wallin, J. A. (2015). The bibliometric analysis of scholarly production: How great is the impact? Scientometrics, 105(3), 1809–1831. [Google Scholar] [CrossRef]
  50. Fachsandy, F. (2025). Regulatory and supervisory technology research: A bibliometric analysis. Journal of Central Banking Law and Institutions, 4(1), 181–202. [Google Scholar] [CrossRef]
  51. Finance, I. o. I. (2015). Regtech: Exploring solutions for regulatory challenges. Institute of International Finance. Available online: https://www.iif.com/Publications/ID/4229/Regtech-Exploring-Solutions-for-Regulatory-Challenges (accessed on 18 September 2025).
  52. Firiza, M. D., Lutfiani, N., Zahra, A. R. A., & Rahardja, U. (2024, October 3–4). The role of regtech in automating compliance and risk management. 2024 12th International Conference on Cyber and IT Service Management (CITSM), Batam, Indonesia. [Google Scholar]
  53. Firmansyah, B., & Arman, A. A. (2022, November 8–9). A systematic literature review of RegTech: Technologies, characteristics, and architectures. 2022 International Conference on Information Technology Systems and Innovation (ICITSI), Bandung, Indonesia. [Google Scholar]
  54. Firmansyah, B., & Arman, A. A. (2023). Generic solution architecture design of regulatory technology (RegTech). Indonesian Journal of Electrical Engineering and Informatics (IJEEI), 11(2), 453–468. [Google Scholar] [CrossRef]
  55. Gasparri, G. (2019). Risks and opportunities of RegTech and SupTech developments. Frontiers in Artificial Intelligence, 2, 14. [Google Scholar] [CrossRef]
  56. Ghosh, K. (2021). RegTech: Bits and bytes of financial regulation. Journal of Business Strategy Finance and Management, 3(1–2), 103. [Google Scholar] [CrossRef]
  57. Grant, S., Armstrong, C., & Khodyakov, D. (2021). Online modified-Delphi: A potential method for continuous patient engagement across stages of clinical practice guideline development. Journal of General Internal Medicine, 36(6), 1746–1750. [Google Scholar] [CrossRef]
  58. Grassi, L., & Lanfranchi, D. (2022). RegTech in public and private sectors: The nexus between data, technology and regulation. Journal of Industrial and Business Economics, 49(3), 441–479. [Google Scholar] [CrossRef]
  59. Guerra, P., Castelli, M., & Côrte-Real, N. (2022). Approaching european supervisory risk assessment with SupTech: A proposal of an early warning system. Risks, 10(4), 71. [Google Scholar] [CrossRef]
  60. Işgın, E., & Sopher, B. (2015). Information transparency, fairness and labor market efficiency. Journal of Behavioral and Experimental Economics, 58, 33–39. [Google Scholar] [CrossRef]
  61. Jagrič, T., Zdolšek, D., Horvat, R., Kolar, I., Erker, N., Merhar, J., & Jagrič, V. (2023). New suptech tool of the predictive generation for insurance companies—The case of the european market. Information, 14(10), 565. [Google Scholar] [CrossRef]
  62. Jagtiani, J., Vermilyea, T., & Wall, L. D. (2018). The roles of big data and machine learning in bank supervision. Forthcoming, Banking Perspectives. Available online: https://ssrn.com/abstract=3221309 (accessed on 10 September 2025).
  63. Jović, Ž., & Nikolić, I. (2022). The darker side of FinTech: The emergence of new risks. Zagreb International Review of Economics & Business, 25(SCI), 46–63. [Google Scholar]
  64. Jung, J. H. H. (2021). RegTech and SupTech: The future of compliance. In FinTech (pp. 291–316). Edward Elgar Publishing. [Google Scholar]
  65. Kanojia, S., Kaur, S., & Bhavya. (2024). Business sustainability in the era of Fintech and Regtech: A systematic literature review. Discover Sustainability, 5(1), 525. [Google Scholar] [CrossRef]
  66. Kavassalis, P., Stieber, H., Breymann, W., Saxton, K., & Gross, F. J. (2018). An innovative RegTech approach to financial risk monitoring and supervisory reporting. The Journal of Risk Finance, 19(1), 39–55. [Google Scholar] [CrossRef]
  67. Ketcham, M., Boonyopakorn, P., & Ganokratanaa, T. (2025). Resolution-aware deep learning with feature space optimization for reliable identity verification in electronic know your customer processes. Mathematics, 13(11), 1726. [Google Scholar] [CrossRef]
  68. Khalatur, S., Pavlova, H., Vasilieva, L., Karamushka, D., & Danileviča, A. (2022). Innovation management as basis of digitalization trends and security of financial sector. Entrepreneurship and Sustainability Issues, 9(4), 56–76. [Google Scholar] [CrossRef]
  69. Khan, F. S., Mazhar, S. S., Mazhar, K., A. AlSaleh, D., & Mazhar, A. (2025). Model-agnostic explainable artificial intelligence methods in finance: A systematic review, recent developments, limitations, challenges and future directions. Artificial Intelligence Review, 58(8), 232. [Google Scholar] [CrossRef]
  70. Kholkar, D., Sunkle, S., & Kulkarni, V. (2017, June 16). Semi-automated creation of regulation rule bases using generic template-driven rule extraction. Second Workshop on Automated Semantic Analysis of Information in Legal Text (ASAIL@ ICAIL), London, UK. [Google Scholar]
  71. Kolari, J. W., López-Iturriaga, F. J., & Sanz, I. P. (2019). Predicting European bank stress tests: Survival of the fittest. Global Finance Journal, 39, 44–57. [Google Scholar] [CrossRef]
  72. Konina, A. (2021). Banks as delegated regulators of technology. Alberta Law Review, 59, 753. [Google Scholar]
  73. Koo, K., Park, M., & Yoon, B. (2024). A suspicious financial transaction detection model using autoencoder and risk-based approach. IEEE Access, 12, 68926–68939. [Google Scholar] [CrossRef]
  74. Kristanto, A. D., & Arman, A. A. (2022, November 8–9). Towards a smart regulatory compliance, the capabilities of RegTech and SupTech. 2022 International Conference on Information Technology Systems and Innovation (ICITSI), Bandung, Indonesia. [Google Scholar]
  75. Kumar, A., Kumar, A., Raja, R., Dewangan, A. K., Kumar, M., Soni, A., Agarwal, D., & Saudagar, A. K. J. (2025). Revolutionising anomaly detection: A hybrid framework for anomaly detection integrating isolation forest, autoencoder, and Conv. LSTM. Knowledge and Information Systems, 1–51. [Google Scholar] [CrossRef]
  76. Kurum, E. (2023). RegTech solutions and AML compliance: What future for financial crime? Journal of Financial Crime, 30(3), 776–794. [Google Scholar] [CrossRef]
  77. Laguna de Paz, J. C. (2023). Some implications of the new global digital economy for financial regulation and supervision. Journal of Banking Regulation, 24(2), 146–155. [Google Scholar] [CrossRef]
  78. Li, J., Maiti, A., & Fei, J. (2023). Features and scope of regulatory technologies: Challenges and opportunities with industrial internet of things. Future Internet, 15(8), 256. [Google Scholar] [CrossRef]
  79. Li, W. (2024). Application of financial regulatory technology (RegTech) and its impact on financial stability. Journal of Economics and Public Finance, 10, 65. [Google Scholar] [CrossRef]
  80. Li, Y., Xia, Y., Shi, H., Li, N., & Shi, Z. (2025). Can bank regulatory technology (RegTech) boost corporate investment efficiency? Evidence from matched bank–firm loan data. Managerial and Decision Economics, 46(6), 3683–3710. [Google Scholar] [CrossRef]
  81. Loiacono, G., & Rulli, E. (2022). ResTech: Innovative technologies for crisis resolution. Journal of Banking Regulation, 23(3), 227–243. [Google Scholar] [CrossRef]
  82. Lukicheva, E. (2022). Features of supervisory reporting of professional securities market participants. Accounting Analysis Auditing, 8(5), 83–91. [Google Scholar] [CrossRef]
  83. Marrazzo, R. (2018). Effective reporting can support improved decision-making by directors and executives. Journal of Financial Compliance, 2(1), 13–21. [Google Scholar] [CrossRef]
  84. McCarthy, J. (2023). The regulation of RegTech and SupTech in finance: Ensuring consistency in principle and in practice. Journal of Financial Regulation and Compliance, 31(2), 186–199. [Google Scholar] [CrossRef]
  85. McNulty, L. (2017). Top regulator: City firms must bear responsibility for RegTech risks. Financial News. Available online: https://www.fnlondon.com/amp/articles/city-firms-must-bear-responsibility-for-regtech-risk-20170516 (accessed on 10 September 2025).
  86. Memminger, M., Baxter, M., & Lin, E. (2016). Banking regtechs to the rescue? Available online: https://www.bain.com/insights/banking-regtechs-to-the-rescue/ (accessed on 15 September 2025).
  87. Michaels, L., & Homer, M. (2018). Regulation and supervision in a digital and inclusive world. In Handbook of blockchain, digital finance, and inclusion (Vol. 1, pp. 329–346). Elsevier. [Google Scholar]
  88. Michailidou, F. (2020). RegTech and SupTech: Opportunities and challenges in the financial sector. Available online: https://unitesi.unive.it/handle/20.500.14247/15734 (accessed on 10 September 2025).
  89. Micheler, E., & Whaley, A. (2020). Regulatory technology: Replacing law with computer code. European Business Organization Law Review, 21(2), 349–377. [Google Scholar] [CrossRef]
  90. Miglionico, A. (2020). Automated regulation and supervision: The impact of RegTech on banking compliance. European Business Law Review, 31(4), 641–662. [Google Scholar] [CrossRef]
  91. Muganyi, T., Yan, L., Yin, Y., Sun, H., Gong, X., & Taghizadeh-Hesary, F. (2022). Fintech, regtech, and financial development: Evidence from China. Financial Innovation, 8(1), 29. [Google Scholar] [CrossRef]
  92. Muzammil, M., & Vihari, N. S. (2020). Determinants for the adoption of regulatory technology (RegTech) services by the companies in United Arab Emirates: An MCDM approach. CERC. [Google Scholar]
  93. Neuwirth, R. J., & Tan, Y. (2024). Regulating fintech in the Greater Bay area: Regtech and the role of regulatory sandboxes. The Chinese Journal of Comparative Law, 12, cxae014. [Google Scholar] [CrossRef]
  94. Ojo, I. P., & Tomy, A. (2025). Explainable AI for credit card fraud detection: Bridging the gap between accuracy and interpretability. Volume, 25, 1246–1256. [Google Scholar]
  95. Olaiya, O. P., Adesoga, T. O., Pieterson, K., & Qazeem, O. (2024). RegTech Solutions: Enhancing compliance and risk management in the financial industry. GSC Advanced Research and Reviews, 20(2), 8–15. [Google Scholar] [CrossRef]
  96. O’Sullivan, K., & Kennedy, T. (2008). Supervision of the Irish banking system: A critical perspective. CESifo DICE Report, 6(3), 20–26. [Google Scholar]
  97. Packin, N. G. (2018). RegTech, compliance and technology judgment rule. Chicago-Kent Law Review, 93, 193. [Google Scholar]
  98. Pan, M., Li, D., Wu, H., & Lei, P. (2024). Technological revolution and regulatory innovation: How governmental artificial intelligence adoption matters for financial regulation intensity. International Review of Financial Analysis, 96, 103535. [Google Scholar] [CrossRef]
  99. Papantoniou, A. A. (2022). Regtech: Steering the regulatory spaceship in the right direction? Journal of Banking and Financial Technology, 6(1), 1–16. [Google Scholar] [CrossRef]
  100. Prakash, A., & Santhi, M. (2025). AI in the enterprise: Overcoming adoption barriers and maximizing business value. Journal of Information Systems Engineering and Management, 10, 603–613. [Google Scholar] [CrossRef]
  101. Press release. (2020). FSB report highlights increased use of RegTech and SupTech. Available online: https://www.fsb.org/uploads/R091020-1.pdf (accessed on 15 September 2025).
  102. Rawat, R., Kassem, A.-A., Dixit, K. K., Deepak, A., Pushkarna, G., & Harikrishna, M. (2024, May 9–11). Real-time anomaly detection in large-scale sensor networks using isolation forests. 2024 International Conference on Communication, Computer Sciences and Engineering (IC3SE), Gautam Buddha Nagar, India. [Google Scholar]
  103. Ryan, P., Crane, M., & Brennan, R. (2020). Design challenges for GDPR RegTech. arXiv, arXiv:2005.12138. [Google Scholar] [CrossRef]
  104. Saifullah, S., Supriyadi, A. P., Bahagiati, K., & Al Munawar, F. A. (2023). The evaluation of the Indonesian fintech law from the perspective of regulatory technology paradigms to mitigate illegal fintech. Jurisdictie: Jurnal Hukum dan Syariah, 14(2), 233–264. [Google Scholar] [CrossRef]
  105. Salampasis, D., & Samakovitis, G. (2024). Regtech frontiers: Innovations, trends, and insights redefining compliance. In The emerald handbook of fintech (pp. 65–87). Emerald Publishing Limited. [Google Scholar]
  106. Sarkis-Onofre, R., Catalá-López, F., Aromataris, E., & Lockwood, C. (2021). How to properly use the PRISMA Statement. Systematic Reviews, 10(1), 117. [Google Scholar] [CrossRef]
  107. Sharma, M., Vaish, K., Kathuria, S., Singh, R., Chythanya, K. R., & Awasthi, S. (2023, September 14–16). Artificial intelligence in RegTech to predict financial market trends. 2023 6th International Conference on Contemporary Computing and Informatics (IC3I), Gautam Buddha Nagar, India. [Google Scholar]
  108. Shi, Z., Xia, Y., He, L., Sun, N., & Zheng, Q. (2025). Can internal regulatory technology (RegTech) mitigate bank credit risk? Evidence from the banking sector in China. Research in International Business and Finance, 75, 102780. [Google Scholar] [CrossRef]
  109. Shishehgarkhaneh, M. B., Moehler, R. C., & Moradinia, S. F. (2023). Blockchain in the Construction Industry between 2016 and 2022: A Review, Bibliometric, and Network Analysis. Smart Cities, 6(2), 819–845. [Google Scholar] [CrossRef]
  110. Singh, C. (2024). Artificial intelligence and deep learning: Considerations for financial institutions for compliance with the regulatory burden in the United Kingdom. Journal of Financial Crime, 31(2), 259–266. [Google Scholar] [CrossRef]
  111. Singh, C., & Lin, W. (2021). Can artificial intelligence, RegTech and CharityTech provide effective solutions for anti-money laundering and counter-terror financing initiatives in charitable fundraising. Journal of Money Laundering Control, 24(3), 464–482. [Google Scholar] [CrossRef]
  112. Singh, C., Zhao, L., Lin, W., & Ye, Z. (2022). Can machine learning, as a RegTech compliance tool, lighten the regulatory burden for charitable organisations in the United Kingdom? Journal of Financial Crime, 29(1), 45–61. [Google Scholar] [CrossRef]
  113. Singhania, M., & Saini, N. (2023). Institutional framework of ESG disclosures: Comparative analysis of developed and developing countries. Journal of Sustainable Finance & Investment, 13(1), 516–559. [Google Scholar]
  114. Ssetimba, I. D., Kato, J., Pinyi, E. O., Twineamatsiko, E., Nakayenga, H. N., & Muhangi, E. (2024). Advancing electronic communication compliance and fraud detection through machine learning, NLP and generative AI: A pathway to enhanced cybersecurity and regulatory adherence. World Journal of Advanced Research and Reviews, 23(2), 697–707. [Google Scholar] [CrossRef]
  115. Takeda, A., & Ito, Y. (2021). A review of FinTech research. International Journal of Technology Management, 86(1), 67–88. [Google Scholar] [CrossRef]
  116. Teichmann, F., Boticiu, S., & Sergi, B. S. (2023). RegTech–Potential benefits and challenges for businesses. Technology in Society, 72, 102150. [Google Scholar] [CrossRef]
  117. Tsai, C.-h., & Peng, K.-J. (2017). The FinTech revolution and financial regulation: The case of online supply-chain financing. Asian Journal of Law and Society, 4(1), 109–132. [Google Scholar] [CrossRef]
  118. Uddin, S. M. S., Goni, M. O., & Hossen, T. A. (2025). Regulatory technology (RegTech) landscape of Bangladesh: Policies and practices. In M. Kour, S. Taneja, E. Özen, K. Sood, & S. Grima (Eds.), Financial Landscape Transformation: Technological Disruptions (pp. 269–285). Emerald Publishing Limited. [Google Scholar] [CrossRef]
  119. Vats, R., Agrawal, S., & Chippada, S. S. (2025). Bias detection and fairness in large language models for financial services. International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 11(2), 1329–1345. [Google Scholar] [CrossRef]
  120. Visser, M., Van Eck, N. J., & Waltman, L. (2021). Large-scale comparison of bibliographic data sources: Scopus, Web of Science, Dimensions, Crossref, and Microsoft Academic. Quantitative Science Studies, 2(1), 20–41. [Google Scholar] [CrossRef]
  121. Voigt, P., & Von Dem Bussche, A. (2024). Enforcement and fines under the GDPR. In The EU general data protection regulation (GDPR) a practical guide (pp. 275–299). Springer. [Google Scholar]
  122. Von Solms, J. (2021). Integrating regulatory technology (RegTech) into the digital transformation of a bank Treasury. Journal of Banking Regulation, 22(2), 152–168. [Google Scholar] [CrossRef]
  123. Walker, O. (2018). M&A in asset management sector climbs to 8-year high. The Financial Times. Available online: https://www.ft.com/content/2f1e77f2-f80c-11e7-88f7-5465a6ce1a00 (accessed on 15 September 2025).
  124. Wang, J.-S., & Chen, Y.-T. (2024). Configuring the RegTech business model to explore implications of FinTech. Egyptian Informatics Journal, 26, 100483. [Google Scholar] [CrossRef]
  125. White, E. (2023). What does finance democracy look like?: Thinking beyond fintech and regtech. Transnational Legal Theory, 14(3), 245–269. [Google Scholar] [CrossRef]
  126. Xia, C., Ye, Y., & Yu, H. (2025). RegTech and regulators’ error detection activities: Evidence from China. Finance Research Letters, 78, 107198. [Google Scholar] [CrossRef]
  127. Xia, Y., Lu, X., Hao, Z., & Shi, H. (2024). Internal regulatory technology (RegTech) and bank liquidity risk: Evidence from Chinese listed banks. Applied Economics Letters, 1–6. [Google Scholar] [CrossRef]
  128. Xu, B., Wang, Y., Liao, X., & Wang, K. (2023). Efficient fraud detection using deep boosting decision trees. Decision Support Systems, 175, 114037. [Google Scholar] [CrossRef]
  129. Yang, Y.-P., & Tsang, C.-Y. (2018). Regtech and the new era of financial regulators: Envisaging more public-private-partnership models of financial regulators. University of Pennsylvania Journal of Business Law, 21, 354. [Google Scholar]
  130. Zabat, L., Sadaoui, N., Benlaria, H., Ahmed, S. A. K., Hussien, B. S. A., & Abdulrahman, B. M. A. (2024). The impact of RegTech on compliance costs and risk management from the perspective of Saudi Banks’ employees. WSEAS Transactions on Business and Economics, 21, 1200–1216. [Google Scholar] [CrossRef]
  131. Zeranski, S., & Sancak, I. E. (2021). Prudential supervisory disclosure (PSD) with supervisory technology (SupTech): Lessons from a FinTech crisis. International Journal of Disclosure and Governance, 18(4), 315–335. [Google Scholar] [CrossRef]
  132. Zetzsche, D. A., & Anker-Sørensen, L. (2022). Regulating sustainable finance in the dark. European Business Organization Law Review, 23(1), 47–85. [Google Scholar] [CrossRef]
  133. Zetzsche, D. A., Arner, D. W., Buckley, R. P., & Weber, R. H. (2019). The future of data-driven finance and RegTech: Lessons from EU big bang II. European Banking Institute. [Google Scholar]
  134. Zhang, X., & Luo, X. (2022). A machine-reading-comprehension method for named entity recognition in legal documents. In International conference on neural information processing (pp. 224–236). Springer Nature Singapore. [Google Scholar] [CrossRef]
  135. Zhu, Y., Hu, Y., Liu, Q., Liu, H., Ma, C., & Yin, J. (2023). A hybrid approach for predicting corporate financial risk: Integrating SMOTE-ENN and NGBoost. IEEE Access, 11, 111106–111125. [Google Scholar] [CrossRef]
Ijfs 13 00217 g001
Figure 1. PRISMA framework of current study.
Figure 1. PRISMA framework of current study.
Ijfs 13 00217 g001
Ijfs 13 00217 g002
Figure 2. Distribution of documents from 2017 to 2025.
Figure 2. Distribution of documents from 2017 to 2025.
Ijfs 13 00217 g002
Ijfs 13 00217 g003
Figure 3. Distribution of research methodologies across the reviewed studies.
Figure 3. Distribution of research methodologies across the reviewed studies.
Ijfs 13 00217 g003
Ijfs 13 00217 g004
Figure 4. Percentage distribution of research methodologies across the reviewed studies.
Figure 4. Percentage distribution of research methodologies across the reviewed studies.
Ijfs 13 00217 g004
Ijfs 13 00217 g005
Figure 5. International collaboration network of countries.
Figure 5. International collaboration network of countries.
Ijfs 13 00217 g005
Ijfs 13 00217 g006
Figure 6. Keyword co-occurrence network.
Figure 6. Keyword co-occurrence network.
Ijfs 13 00217 g006
Ijfs 13 00217 g007
Figure 7. Distribution of RegTech and SupTech opportunities across departments.
Figure 7. Distribution of RegTech and SupTech opportunities across departments.
Ijfs 13 00217 g007
Ijfs 13 00217 g008
Figure 8. Distribution of RegTech and SupTech implementation challenges across departments.
Figure 8. Distribution of RegTech and SupTech implementation challenges across departments.
Ijfs 13 00217 g008
Ijfs 13 00217 g009
Figure 9. Framework for RegTech-enabled data reporting transformation.
Figure 9. Framework for RegTech-enabled data reporting transformation.
Ijfs 13 00217 g009
Ijfs 13 00217 g010
Figure 10. Categorization of data inputs in RegTech studies.
Figure 10. Categorization of data inputs in RegTech studies.
Ijfs 13 00217 g010
Ijfs 13 00217 g011
Figure 11. Categorization of data inputs in SubTech studies.
Figure 11. Categorization of data inputs in SubTech studies.
Ijfs 13 00217 g011
Table 1. Comparison of RegTech and SupTech.
Table 1. Comparison of RegTech and SupTech.
DimensionRegTechSupTechSource
Time PeriodCoined in 2015, following the post-GFC regulatory surge, and rapidly expanded sinceIntroduced around 2017, gaining momentum in supervisory authorities worldwide(Arner et al., 2016; Broeders & Prenio, 2018; Jović & Nikolić, 2022)
Primary FocusHelps firms address regulatory compliance obligations more efficiently, accurately, and cost-effectivelySupports supervisory authorities in monitoring, assessing, and enforcing compliance across institutions(G. L. Boeddu et al., 2018; Cave, 2017; Finance, 2015; Press release, 2020)
Aim/PurposeStreamline regulatory reporting, risk monitoring, AML/KYC checks, and adapt to regulatory changesEnhance prudential supervision, enable proactive oversight, and strengthen market integrity(Currie et al., 2018; Das et al., 2017; Kolari et al., 2019)
Institutional ScopeApplied by financial institutions, banks, insurers, and other regulated entitiesAdopted by supervisory authorities, central banks, and regulators to evaluate compliance(Kristanto & Arman, 2022; McNulty, 2017)
Key TechnologiesAI, ML, NLP, blockchain, big data analytics, cloud computing, RegData tagging, smart contractsSimilar toolset (AI/ML, DLT, cloud, NLP), but applied for supervisory use cases such as stress testing and real-time monitoring(Broeders & Prenio, 2018; Climent et al., 2019; Kavassalis et al., 2018)
Core ExamplesAutomated regulatory reporting systems, AML transaction monitoring, e-KYC platformsDigital complaint management, continuous prudential reporting, systemic risk analytics(G. L. Boeddu et al., 2018; Takeda & Ito, 2021)
RelationshipRegTech focuses on compliance within regulated firms and produces the data required for supervisory functions.SupTech represents the supervisor-side application that consumes and validates the data produced through RegTech.(Butler & O’Brien, 2019; Currie et al., 2018; Zetzsche et al., 2019)
Table 2. Inclusion and Exclusion criteria in SLR.
Table 2. Inclusion and Exclusion criteria in SLR.
CategoryCriteria
InclusionJournal articles, conference proceedings, and book chapters (peer-reviewed)
Written in English
Full-text accessible
Explicit focus on RegTech and/or SupTech in financial regulation or supervision
Addresses at least one research theme: opportunities, challenges, benefits, risks, barriers, implications, or applications in financial institutions, regulators, or supervisory bodies
ExclusionNo direct focus on RegTech or SupTech (e.g., studies mention only FinTech or general digitalization without regulatory/supervisory link)
Lack of alignment with research aims (did not address opportunities, challenges, benefits, risks, or implications in regulatory/supervisory context)
Technologies discussed in isolation (e.g., only AI, blockchain, or big data without regulatory/supervisory application)
Application outside financial regulation/supervision (e.g., healthcare, agriculture, manufacturing)
Too generic or conceptual (discusses digital transformation broadly without technical, institutional, or practical details relevant to RegTech/SupTech adoption)
Table 3. Leading authors in RegTech–SupTech research ranked by number of publications, citations, and total link strength.
Table 3. Leading authors in RegTech–SupTech research ranked by number of publications, citations, and total link strength.
AuthorDocumentsCitationsTotal Link Strengthh-Index
Singh, C.35644
Arman, A.A.312319
Arner, D.W.2341446
Barberis, J.234147
Buckley, R.P.2341447
Grassl, I.231410
Lanfranchi, D.23145
Lin, W.24244
Firmansyah, B.1722
Erker, N.1161
Horvat, R.1161
Jagrić, T.11612
Table 4. Top 10 country-wise distribution of publications, citations, and collaboration strength.
Table 4. Top 10 country-wise distribution of publications, citations, and collaboration strength.
RankCountryDocumentsCitationsTotal Link Strength
1United Kingdom1153153
2Indonesia61825
3Australia636917
4China615917
5Italy54724
6India4835
7Germany37235
8United States25613
9Luxembourg2829
10Hong Kong23416
Table 5. Evolution of RegTech and SupTech Definitions.
Table 5. Evolution of RegTech and SupTech Definitions.
YearRegTechSupTech
2017RegTech is IT for monitoring, reporting, and compliance, automating processes for efficiency and real-time use (Arner et al., 2016). -
RegTech is framed as the next stage of regulation beyond FinTech, enabling continuous, data-driven supervision (Arner et al., 2018).
2018RegTech is a subset of FinTech applying new technologies to compliance and supervision for efficiency and monitoring (Anagnostopoulos, 2018).
RegTech is a market segment offering tools like real-time fraud detection, also relevant for regulators (Michaels & Homer, 2018).
2019RegTech embeds technology into institutions’ core operations, integrating compliance, analytics, and reporting (Jung, 2021). SupTech is technology used by supervisory agencies to digitize reporting and regulatory processes, enabling more efficient and proactive monitoring (Jung, 2021).
2020RegTech digitizes monitoring and reporting to cut costs and improve accuracy (Miglionico, 2020).SupTech is supervisors’ data infrastructures, analytics, and automation for standardized submissions and continuous oversight (Miglionico, 2020).
RegTech applies broadly to regulators, firms, and regulated entities beyond finance (Clarke, 2020).
RegTech integrates AI, big data, blockchain, and cloud for adaptive, real-time supervision (Du & Wei, 2020).
2021RegTech includes compliance (firms), supervisory (supervisors), and regulatory (digital rules) (Colaert, 2021).SupTech is supervisory technology covering licencing, reporting, enforcement, and experimental tools like blockchain (Chirulli, 2021).
SupTech enables real-time market monitoring with automated data collection and big-data analytics, closing the gap with digital markets (Zeranski & Sancak, 2021).
SupTech applies big data, AI, ML, and NLP for predictive, real-time, partially automated supervision (Chirulli, 2021).
2022RegTech is the deployment of FinTech in regulation using AI and big data to boost effectiveness and stability (Muganyi et al., 2022).SupTech is supervisors’ use of technology to ensure compliance of regulated entities (Kristanto & Arman, 2022).
SupTech is digital tools for regulators to enhance monitoring, data gathering, and fraud detection, accelerated post-COVID (Khalatur et al., 2022)
SupTech uses advanced analytics to enable real-time supervision and reshape regulatory drafting and enforcement (Loiacono & Rulli, 2022).
SupTech is regulators’ adoption of RegTech solutions for authorization, monitoring, fraud prevention, and risk analysis (Grassi & Lanfranchi, 2022).
SupTech is machine learning and data-driven systems for predictive indicators, early warnings, and automated supervision (Guerra et al., 2022).
2023RegTech fuses law and digital technology to ensure accountability, transparency, and consumer protection (Saifullah et al., 2023). SupTech is technology enhancing supervisors’ efficiency, insight, and agility in overseeing complex markets (Avramović, 2023).
RegTech evolves from 1.0 (basic tools) to 3.0 (data-driven compliance strategies like “know your data”) (Kurum, 2023). SupTech enables proactive, data-driven supervision, verifying firms’ RegTech outputs through analytics (J. Li et al., 2023).
2024RegTech is AI/ML-driven, automating compliance tasks, monitoring rules, and enabling digital processing (Singh, 2024).SupTech is technology enabling data-driven oversight and proactive risk identification (Firiza et al., 2024).
RegTech fuses AI, cloud, big data, and blockchain to automate reporting and support supervision. 36
RegTech is the fusion of data, technology, and regulation, shifting from manual to smart digital compliance (Salampasis & Samakovitis, 2024).
2025RegTech is defined narrowly as compliance tech in banks and broadly as technology for regulators’ risk monitoring (Shi et al., 2025).SupTech is big-data and machine learning tools for supervisors, including API-based reporting, chatbots, and AML analytics (Fachsandy, 2025).
RegTech is an umbrella for evolving technologies improving outcomes and public value, including government use (Bansal & Taneja, 2025).
Table 6. Mapping RegTech and SupTech opportunities to organizational functions.
Table 6. Mapping RegTech and SupTech opportunities to organizational functions.
Opportunity TypeOpportunity NameCompliance & Regulatory AffairsRisk & AuditFinanceTechnology & DataLegal & GovernanceCustomer & StrategyHuman Resources (HR)Source
Compliance efficiency & cost reductionAutomate evidence collection and testing (Colaert, 2021; Firmansyah & Arman, 2023; Jung, 2021; Khalatur et al., 2022; Kristanto & Arman, 2022; J. Li et al., 2023)
Consolidate duplicate controls/processes (Becker et al., 2020; El Khoury et al., 2025; Jung, 2021; Khalatur et al., 2022; Uddin et al., 2025; Zabat et al., 2024)
Optimize headcount via “shift-left” compliance (Chishti, 2019; Firmansyah & Arman, 2023; Singh, 2024; Singh & Lin, 2021)
Reduce penalties through better control design (Battanta et al., 2020; Chirulli, 2021; Colaert, 2021; Uddin et al., 2025)
Benchmark unit cost of compliance across units (Becker et al., 2020; Gasparri, 2019; Jung, 2021; Khalatur et al., 2022; Zabat et al., 2024)
Automation of reporting & monitoring (real-time)T+0 regulatory submissions (Du & Wei, 2020; Firmansyah & Arman, 2023; Jung, 2021; Kavassalis et al., 2018; Miglionico, 2020)
Streaming control dashboards (Chirulli, 2021; Chishti, 2019; Jung, 2021; Khalatur et al., 2022)
Improved data quality, accuracy & standardizationGolden sources and data lineage (Du & Wei, 2020; El Khoury et al., 2025; Firmansyah & Arman, 2022; J. Li et al., 2023)
Standard taxonomies/ontologies (LEI, product) (Du & Wei, 2020; Fachsandy, 2025; Miglionico, 2020)
Data quality SLAs and scorecards (Firiza et al., 2024; Laguna de Paz, 2023; J. Li et al., 2023)
Enhanced risk management, early-warning & fraud/AML detectionML-driven anomaly detection & alert tuning (Colaert, 2021; Gasparri, 2019; Kurum, 2023; Sharma et al., 2023)
Network analytics for AML/KYC (Colaert, 2021; Kurum, 2023; Uddin et al., 2025)
Model-based capital/risk estimation (Guerra et al., 2022; Shi et al., 2025; Y. Xia et al., 2024)
Conduct/market-abuse surveillance (Anagnostopoulos, 2018; Avramović, 2023; Gasparri, 2019)
Proportionate, risk-based & continuous supervisionRisk-tiering to focus exams (Arner et al., 2018; Chirulli, 2021)
Continuous controls testing (Chirulli, 2021; Colaert, 2021; Jung, 2021)
Machine-assisted case triage (Du & Wei, 2020; Guerra et al., 2022; Jung, 2021)
Automated rule checks (Colaert, 2021; Miglionico, 2020; Ryan et al., 2020)
Better analytics & decision-makingPortfolio-level stress testing (El Khoury et al., 2025; Gasparri, 2019; Guerra et al., 2022)
Text/NLP for rule interpretation (Miglionico, 2020; Ryan et al., 2020)
Scenario and “what-if” policy analysis (Du & Wei, 2020; Guerra et al., 2022; Zeranski & Sancak, 2021)
Transparency, auditability, market integrity & trustImmutable audit trails (J. Li et al., 2023; Miglionico, 2020; Sharma et al., 2023)
Evidence repositories for regulators (Khalatur et al., 2022; J. Li et al., 2023; Ryan et al., 2020)
Complaint/whistleblowing analytics (Clarke, 2020; Michaels & Homer, 2018; Singh & Lin, 2021)
Explainability for AI decisions (Gasparri, 2019; Sharma et al., 2023; Singh, 2024)
Public transparency reports (Grassi & Lanfranchi, 2022; Michaels & Homer, 2018)
Faster regulatory change management & adaptabilityMachine-readable rulebooks (Colaert, 2021; Miglionico, 2020; Ryan et al., 2020)
Impact analysis and playbooks (Chishti, 2019; Jung, 2021; Zabat et al., 2024)
Automated control updates (Colaert, 2021; Firmansyah & Arman, 2023; Zabat et al., 2024)
Interoperability & data- infrastructureAPI gateways with regulator utilities (Chirulli, 2021; Du & Wei, 2020; Fachsandy, 2025)
Common reporting utilities (CRUs) (Arner et al., 2018; Jung, 2021; Miglionico, 2020)
Schema registries and contracts (Du & Wei, 2020; Firmansyah & Arman, 2022; Miglionico, 2020)
Governance, accountability & stronger internal controlsControl libraries with ownership/RACI (Chishti, 2019; Konina, 2021)
Board-level risk dashboards (Guerra et al., 2022; Y. Xia et al., 2024)
Consumer protection & customer-centric improvementsReal-time vulnerability/complaint signals (Clarke, 2020; Grassi & Lanfranchi, 2022; Michaels & Homer, 2018)
Fairness/bias testing in decisions (Grassi & Lanfranchi, 2022; Sharma et al., 2023; Singh, 2024)
Fee/terms transparency tools (Grassi & Lanfranchi, 2022; Michaels & Homer, 2018; Muzammil & Vihari, 2020)
Dispute resolution automation (Grassi & Lanfranchi, 2022; Muzammil & Vihari, 2020)
Financial inclusion, access expansion & growthe-KYC for remote onboarding (Michaels & Homer, 2018; Uddin et al., 2025)
Proportional KYC for low-risk users (Chirulli, 2021; Michaels & Homer, 2018; Uddin et al., 2025)
Alternative-data credit pathways (El Khoury et al., 2025; Muganyi et al., 2022; Sharma et al., 2023)
Cross-border cooperation, harmonization & legal predictabilityPassportable reporting packs (Arner et al., 2016; Grassi & Lanfranchi, 2022; Neuwirth & Tan, 2024)
Shared sanctions/KYC utilities (Colaert, 2021; Grassi & Lanfranchi, 2022)
Mutual recognition of supervisory data (Fachsandy, 2025; Grassi & Lanfranchi, 2022; Neuwirth & Tan, 2024)
Operational resilience & systemic stabilityReal-time incident/regulatory notification (Chirulli, 2021; Du & Wei, 2020; Khalatur et al., 2022)
Resilience metrics for critical services (Chirulli, 2021; Grassi & Lanfranchi, 2022)
Liquidity/treasury early-warning indicators (Y. Li et al., 2025; Shi et al., 2025; Y. Xia et al., 2024)
Sector-wide stress telemetry (Gasparri, 2019; Guerra et al., 2022; Jung, 2021)
Reduced human error & fewer false positives/negativesHuman-in-the-loop alert retraining (Bakhos Douaihy & Rowe, 2023; Kurum, 2023)
UX to prevent rule-entry mistakes (Firmansyah & Arman, 2022; Firmansyah & Arman, 2023)
Active learning on mislabeled alerts (Colaert, 2021; Gasparri, 2019; Sharma et al., 2023)
Faster onboarding/KYC & identity managementOrchestrated e-KYC with biometrics (Kurum, 2023; Michaels & Homer, 2018; Uddin et al., 2025)
Portable digital identity wallets (Micheler & Whaley, 2020; Miglionico, 2020; Muzammil & Vihari, 2020)
Cybersecurity, data privacy & secure data handlingDifferential privacy/pseudonymization (J. Li et al., 2023; Ryan et al., 2020)
Confidential computing for shared analytics (Du & Wei, 2020; Fachsandy, 2025)
Zero-trust access for reg data (Du & Wei, 2020; Grassi & Lanfranchi, 2022; J. Li et al., 2023)
Automated GDPR/CCPA evidence packs (Firmansyah & Arman, 2023; J. Li et al., 2023; Ryan et al., 2020)
Data retention/minimization policies (Ryan et al., 2020; Sharma et al., 2023)
Innovation enablement, competitiveness & collaborationSandboxes/TechSprints with regulators (Arner et al., 2018; Grassi & Lanfranchi, 2022; Jung, 2021)
Vendor co-builds and shared utilities (Arner et al., 2018; Miglionico, 2020)
Metrics for compliance ROI (Gasparri, 2019; Khalatur et al., 2022; Zabat et al., 2024)
Public-sector value creation & policy executionTelemetry for transport/environment enforcement (Bansal & Taneja, 2025)
Outcome-based funding tied to reg data (Bansal & Taneja, 2025; Grassi & Lanfranchi, 2022; Michaels & Homer, 2018)
Cross-agency risk registers (Chirulli, 2021; Fachsandy, 2025; Grassi & Lanfranchi, 2022)
Market confidence via timely supervisory disclosure & oversightCrisis-time dashboards and disclosures (Avramović, 2023; Grassi & Lanfranchi, 2022; Zeranski & Sancak, 2021)
Cross-market data consolidation for signals (Avramović, 2023; Fachsandy, 2025; Zeranski & Sancak, 2021)
✓ Represents the mentioned opportunity is related to assigned functions.
Table 7. Mapping RegTech and SupTech implementation challenges to organizational functions.
Table 7. Mapping RegTech and SupTech implementation challenges to organizational functions.
Challenge Challenge TypeChallenge NameCompliance & Regulatory AffairsRisk & AuditFinanceTechnology & DataLegal & GovernanceCustomer & StrategyHuman Resources (HR)Source
Technological ChallengesCybersecurity and Privacy RisksData breaches, hacking incidents, and vulnerabilities in cloud and outsourced infrastructures (Arner et al., 2018; Chirulli, 2021; Colaert, 2021; El Khoury et al., 2025; Grassi & Lanfranchi, 2022; Jung, 2021; Khalatur et al., 2022; Laguna de Paz, 2023; J. Li et al., 2023; Sharma et al., 2023)
Privacy risks in data mining, data retention, and GDPR/CCPA compliance (Colaert, 2021; J. Li et al., 2023; Ryan et al., 2020; Singh, 2024)
Increased exposure due to cross-border data flows and lack of unified international standards (Du & Wei, 2020; Kanojia et al., 2024)
Algorithmic Complexity and OpacityBias and unfair outcomes due to poor training data or design (Bakhos Douaihy & Rowe, 2023; Chirulli, 2021; Gasparri, 2019; Konina, 2021; Loiacono & Rulli, 2022; Sharma et al., 2023; Singh, 2024; Singh & Lin, 2021)
Trade-secret protections limiting supervisory validation of algorithms (Avramović, 2023; Chirulli, 2021; Gasparri, 2019; Konina, 2021; Loiacono & Rulli, 2022; Singh & Lin, 2021)
Explainability and transparency gaps creating accountability risks (Konina, 2021; Loiacono & Rulli, 2022)
Legacy and Immature Technology IssuesDifficulty integrating with outdated IT systems (Butler & O’Brien, 2019; Khalatur et al., 2022; Laguna de Paz, 2023; J. Li et al., 2023; Micheler & Whaley, 2020; Salampasis & Samakovitis, 2024; Y. Xia et al., 2024)
Low maturity or robustness of AI, NLP, RPA, and distributed ledgers (Becker et al., 2020; Fachsandy, 2025; Firiza et al., 2024; Jagrič et al., 2023; Laguna de Paz, 2023; Shi et al., 2025)
Heavy computational demands and storage requirements limiting scalability (Guerra et al., 2022; J. Li et al., 2023; Sharma et al., 2023)
Organizational ChallengesCultural and Institutional ResistanceTraditional institutions resisting transformation due to legacy processes and risk aversion (Anagnostopoulos, 2018; Avramović, 2023; Bansal & Taneja, 2025; Khalatur et al., 2022; Sharma et al., 2023)
Supervisory cultures privileging stability over innovation (Michaels & Homer, 2018)
Skills and Workforce GapsShortage of qualified IT and data science professionals (Bakhos Douaihy & Rowe, 2023; Chirulli, 2021; Chishti, 2019; Du & Wei, 2020; Khalatur et al., 2022; Loiacono & Rulli, 2022)
Training needs for regulators and compliance staff to adapt to digital tools (Bakhos Douaihy & Rowe, 2023; Chishti, 2019; Colaert, 2021; Loiacono & Rulli, 2022)
Cost and Vendor-DependenceHigh upfront and maintenance costs, especially for smaller firms (Bakhos Douaihy & Rowe, 2023; Colaert, 2021; Jung, 2021; Kanojia et al., 2024; Khalatur et al., 2022; Singh et al., 2022; Wang & Chen, 2024)
Reliance on third-party vendors leading to vendor lock-in and systemic dependency (Bakhos Douaihy & Rowe, 2023; Jung, 2021; Salampasis & Samakovitis, 2024)
Operational BarriersComplex procurement processes slowing adoption (Jung, 2021)
Inefficient reporting discipline and uneven adoption across institutions (Uddin et al., 2025)
Poor governance structures and lack of cross-agency collaboration (Saifullah et al., 2023; Zeranski & Sancak, 2021)
Regulatory & Legal ChallengesRegulatory & Legal ChallengesOverlapping or contradictory regulations across jurisdictions (Arner et al., 2016; Arner et al., 2018; Khalatur et al., 2022; Neuwirth & Tan, 2024; Saifullah et al., 2023)
Fragmented supervisory structures limiting oversight coordination (Zeranski & Sancak, 2021)
Outdated frameworks unable to accommodate digital compliance solutions (Du & Wei, 2020; Khalatur et al., 2022; Zabat et al., 2024)
Harmonization and Cross-Border IssuesInadequate cross-border cooperation and recognition of standards (Arner et al., 2018; Chirulli, 2021; Khalatur et al., 2022; Kurum, 2023; Neuwirth & Tan, 2024)
Regulatory arbitrage risks where inconsistent rules are exploited (Arner et al., 2018; Kanojia et al., 2024; Muganyi et al., 2022)
Accountability and Due Process RisksConcerns over fairness, rule of law, and democratic legitimacy when law is “coded” (Chirulli, 2021; Colaert, 2021; Gasparri, 2019; Loiacono & Rulli, 2022; Micheler & Whaley, 2020; Singh & Lin, 2021)
Liability issues for errors in automated decision-making or third-party code (Battanta et al., 2020; Jung, 2021; Loiacono & Rulli, 2022)
Transparency dilemmas where excessive disclosure undermines enforcement effectiveness (Pan et al., 2024)
Premature or Inconsistent RegulationRegulatory lag compared to rapid innovation (Muganyi et al., 2022; Pan et al., 2024; Zabat et al., 2024)
Premature mandates (e.g., in sustainability) creating unintended consequences (Zetzsche & Anker-Sørensen, 2022)
Lack of methodological standards in GDPR, DLT, and other areas (Kavassalis et al., 2018; Ryan et al., 2020)
Strategic & Market ChallengesSystemic and Market RisksRisk of systematic errors scaling across institutions (Anagnostopoulos, 2018; Chirulli, 2021; Colaert, 2021; Gasparri, 2019)
Excessive standardization reducing innovation and competitiveness (Chirulli, 2021; Colaert, 2021; Micheler & Whaley, 2020)
Operational concentration risks from reliance on few cloud providers (Jung, 2021)
Adoption and Innovation TensionsSlow, uneven, or partial adoption across banks and jurisdictions (Anagnostopoulos, 2018; Becker et al., 2020; Uddin et al., 2025)
Trade-offs between innovation and formal governance structures (Avramović, 2023; Pan et al., 2024; Zabat et al., 2024)
Political and geopolitical pressures affecting technology adoption (Bakhos Douaihy & Rowe, 2023; Saifullah et al., 2023)
Research and Knowledge GapsLimited academic coverage of critical technologies (NLP, RPA) (Becker et al., 2020)
Misperceptions and hype cycles leading to over-promising (Bansal & Taneja, 2025)
Lack of shared standards for SupTech across jurisdictions (Avramović, 2023)
Data & Infrastructure ChallengesData Quality and ReliabilityPoor-quality, incomplete, or biased data undermining reliability (Bakhos Douaihy & Rowe, 2023; Chishti, 2019; Guerra et al., 2022; Y. Li et al., 2025; Singh, 2024; Singh & Lin, 2021)
Over-reliance on outdated or manual data entry (Du & Wei, 2020; Shi et al., 2025)
Fragmented data sources limiting oversight capacity (Butler & O’Brien, 2019; Ryan et al., 2020; Singh & Lin, 2021)
Data Standardization and InteroperabilityLack of standardized data formats across jurisdictions and systems (Butler & O’Brien, 2019; Firiza et al., 2024; Ryan et al., 2020)
Semantic interoperability challenges in GDPR and supervisory reporting (Ryan et al., 2020)
Infrastructure and Capacity ConstraintsHigh computational intensity for advanced ML tools (Guerra et al., 2022; J. Li et al., 2023; Sharma et al., 2023)
Insufficient digital infrastructure in developing markets (Guerra et al., 2022; J. Li et al., 2023; Sharma et al., 2023)
Insufficient digital infrastructure in developing markets (Shi et al., 2025)
✓ Represents the mentioned opportunity is related to assigned functions.
Table 8. AI methods transforming reporting activities.
Table 8. AI methods transforming reporting activities.
Reporting ActivityAI Methods (Automation Stage)Source
Regulatory report compilation and submissionNLP (rule extraction, text parsing), Text mining, Decision-tree classifiers(Avramović, 2023; Chirulli, 2021; El Khoury et al., 2025)
Data collection and integrationProcess mining, Clustering (K-means, hierarchical), Regression models(Becker et al., 2020; Konina, 2021; Y. Li et al., 2025)
Data standardization and validationNLP rule interpretation, SVM, Ontology-based classification(Chirulli, 2021; Colaert, 2021; Kavassalis et al., 2018)
Fraud detection and anomaly monitoringRandom Forest, Gradient Boosting (XGBoost, LightGBM), ANN, DNN, Bayesian models, Network analysis(Becker et al., 2020; Butler & O’Brien, 2019; Kanojia et al., 2024; Y. Li et al., 2025)
Transaction reportingRecurrent Neural Networks (RNN), Autoencoders, Time-series prediction(Arner et al., 2018; Gasparri, 2019; Jung, 2021; Kavassalis et al., 2018; Uddin et al., 2025)
Identity verification (e-KYC)CNN for facial recognition, Fingerprint models, SVM pattern recognition(Grassi & Lanfranchi, 2022; Kanojia et al., 2024; Konina, 2021; Zabat et al., 2024)
Obligation extraction from regulationsNLP (NER, dependency parsing), NLG, Transformer models (BERT)(Avramović, 2023; El Khoury et al., 2025; Jović & Nikolić, 2022; Khalatur et al., 2022; Kristanto & Arman, 2022)
Risk assessment and profilingLogistic regression, Random Forest, Gradient Boosting, Credit scoring models(Avramović, 2023; Becker et al., 2020; Chirulli, 2021; Khalatur et al., 2022; Konina, 2021)
Complaint handling and consumer reportingNLP sentiment analysis, Chatbot dialogue, Speech-to-text, Topic modelling (LDA)(Chirulli, 2021; Pan et al., 2024; Singh et al., 2022; Y. Xia et al., 2024)
AML/PSD2 compliance checksDecision trees, Random Forest, DNN, Autoencoders(Becker et al., 2020; Chirulli, 2021; El Khoury et al., 2025; Khalatur et al., 2022; Konina, 2021)
ESG and disclosure reportingText mining, Transformer NLP sentiment analysis, SVM, Logistic regression(Grassi & Lanfranchi, 2022; Kanojia et al., 2024; Loiacono & Rulli, 2022; Shi et al., 2025; Y. Xia et al., 2024; Zetzsche & Anker-Sørensen, 2022)
Audit trails and supervisory dashboardsIsolation Forest, One-Class SVM, Time-series prediction, Network analysis(Avramović, 2023; El Khoury et al., 2025; Jović & Nikolić, 2022; Khalatur et al., 2022; Konina, 2021)
Table 9. Standardization mechanisms in RegTech reporting.
Table 9. Standardization mechanisms in RegTech reporting.
CategoryNamesSources
SchemasCRR templates, XBRL schemas, harmonized schemas, ESG schemas, structured frameworks(Anagnostopoulos, 2018; Arner et al., 2016; Arner et al., 2018; Avramović, 2023; Becker et al., 2020; Chirulli, 2021; Clarke, 2020; Colaert, 2021; Fachsandy, 2025; Jung, 2021; Kurum, 2023; Loiacono & Rulli, 2022; Michaels & Homer, 2018; Miglionico, 2020; Saifullah et al., 2023; Singh, 2024; Uddin et al., 2025; Zabat et al., 2024; Zeranski & Sancak, 2021)
TaxonomiesEU taxonomy, supervisory taxonomies(Zetzsche & Anker-Sørensen, 2022)
Ontologies and dictionariesSupervisory dictionaries, ontology-based classification(Chirulli, 2021; Colaert, 2021; Konina, 2021)
Templates and machine-readable formatsStructured reporting templates, machine-readable forms, API-based submissions(Anagnostopoulos, 2018; Arner et al., 2016; Arner et al., 2018; Chishti, 2019; Clarke, 2020; Colaert, 2021; Du & Wei, 2020; El Khoury et al., 2025; Firmansyah & Arman, 2023; Grassi & Lanfranchi, 2022; Jung, 2021; Khalatur et al., 2022; J. Li et al., 2023; Y. Li et al., 2025; Salampasis & Samakovitis, 2024; Shi et al., 2025; Singh, 2024; Zeranski & Sancak, 2021)
Table 10. Key elements enabling real-time regulatory reporting.
Table 10. Key elements enabling real-time regulatory reporting.
CategoryTools/TechnologiesPurpose/RoleSources
Streaming and Continuous Data FlowsAPIs, data streaming platforms, event-driven pipelinesEnable continuous rather than periodic reporting; reduce lag between transaction and supervisory visibility(Anagnostopoulos, 2018; Grassi & Lanfranchi, 2022; Jung, 2021; Kanojia et al., 2024; Shi et al., 2025)
Supervisory Dashboards and PortalsInteractive dashboards, real-time monitoring portals, conduct dashboardsProvide supervisors with live oversight of firm-level risks, consumer complaints, and compliance metrics(Chirulli, 2021; Pan et al., 2024; Singh et al., 2022; Y. Xia et al., 2024)
Real-time Anomaly DetectionIsolation Forest, One-Class SVM, Autoencoders, time-series modelsContinuous monitoring of fraud, AML alerts, transaction anomalies, reducing false positives and detection delays(Becker et al., 2020; Butler & O’Brien, 2019; Kanojia et al., 2024; Y. Li et al., 2025)
Trigger-based/Event-driven ReportingSmart contracts, automated triggers for risk thresholds, e-notificationsAutomatically generate reports when pre-defined risk events occur, ensuring immediate supervisory awareness(Becker et al., 2020; Butler & O’Brien, 2019; Chirulli, 2021; El Khoury et al., 2025; Khalatur et al., 2022; Konina, 2021)
Continuous Risk and Conduct MonitoringSentiment analysis, NLP-based consumer monitoring, conduct risk dashboardsStream unstructured data (complaints, narratives) into structured real-time oversight signals(Chirulli, 2021; Grassi & Lanfranchi, 2022; Pan et al., 2024; Saifullah et al., 2023; Singh et al., 2022; Y. Xia et al., 2024; Zabat et al., 2024)
Regulatory Data Integration in Real-TimeAPI-based submissions into central data lakes, cloud platformsConsolidate firm-level submissions into supervisory databases in near real-time for benchmarking and peer comparisons(Anagnostopoulos, 2018; Grassi & Lanfranchi, 2022; Jung, 2021; Kanojia et al., 2024; Loiacono & Rulli, 2022; Shi et al., 2025)
Table 11. AI methods transforming supervisory activities.
Table 11. AI methods transforming supervisory activities.
Supervision ActivitiesAI Methods (Automation Stage)Sources
Anomaly detection and fraud monitoringRandom Forest, Gradient Boosting (XGBoost, LightGBM), Autoencoders, DNN, Bayesian anomaly models, Graph/network analysis(Becker et al., 2020; Butler & O’Brien, 2019; Kanojia et al., 2024; Y. Li et al., 2025)
AML/CTF supervisionDecision trees, Random Forest, Autoencoders, Deep Neural Networks, Clustering (K-means, DBSCAN)(Becker et al., 2020; Butler & O’Brien, 2019; Chirulli, 2021; El Khoury et al., 2025; Khalatur et al., 2022; Konina, 2021)
Prudential supervision/risk monitoringLogistic regression, Random Forest, Gradient Boosting, Time-series forecasting (ARIMA, LSTM), Credit scoring models(Avramović, 2023; Becker et al., 2020; Chirulli, 2021; Kanojia et al., 2024; Khalatur et al., 2022; Konina, 2021; Y. Li et al., 2025)
Conduct supervision/consumer protectionNLP sentiment analysis, Topic modelling (LDA), Text categorization, Speech-to-text (ASR), Anomaly detection (Isolation Forest)(Chirulli, 2021; Grassi & Lanfranchi, 2022; Pan et al., 2024; Saifullah et al., 2023; Singh et al., 2022; Y. Xia et al., 2024; Zabat et al., 2024)
Identity verification and e-KYC oversightCNN for facial recognition, Fingerprint recognition models, SVM for artefact detection(Grassi & Lanfranchi, 2022; Kanojia et al., 2024; Konina, 2021; Saifullah et al., 2023; Zabat et al., 2024)
Obligation extraction from regulatory textsNLP (Named Entity Recognition, dependency parsing), Transformer models (BERT, RoBERTa), Ontology-based classification, Rule induction(Avramović, 2023; Becker et al., 2020; El Khoury et al., 2025; Jović & Nikolić, 2022; Khalatur et al., 2022; Konina, 2021; Kristanto & Arman, 2022)
Transaction surveillance in real-timeRNN, LSTM, Autoencoders, Time-series anomaly detection models(Arner et al., 2018; Gasparri, 2019; Jung, 2021; Kavassalis et al., 2018; Uddin et al., 2025)
Market surveillance/systemic risk oversightClustering (K-means, DBSCAN), Neural networks (ANN, DNN), Graph/network analytics, Anomaly detection (Isolation Forest, One-Class SVM)(Becker et al., 2020; Butler & O’Brien, 2019; Kanojia et al., 2024; Y. Li et al., 2025)
ESG and disclosure supervisionText mining, Transformer NLP models (BERT, RoBERTa), Sentiment analysis, SVM, Logistic regression(Grassi & Lanfranchi, 2022; Kanojia et al., 2024; Loiacono & Rulli, 2022; Shi et al., 2025; Y. Xia et al., 2024; Zetzsche & Anker-Sørensen, 2022)
Audit trails and supervisory dashboardsIsolation Forest, One-Class SVM, Time-series forecasting models, Network analysis, Anomaly detection pipelines(Avramović, 2023; El Khoury et al., 2025; Jović & Nikolić, 2022; Khalatur et al., 2022; Konina, 2021; Kristanto & Arman, 2022)
Table 12. Standardization mechanisms in SubTech supervision.
Table 12. Standardization mechanisms in SubTech supervision.
CategoryNamesSources
SchemasSupervisory data schemas, reporting frameworks (prudential, conduct, AML datasets)(Becker et al., 2020; Kanojia et al., 2024; Y. Li et al., 2025; Loiacono & Rulli, 2022)
TaxonomiesSupervisory taxonomies, conduct risk taxonomies, ESG classification frameworks(Grassi & Lanfranchi, 2022; Kanojia et al., 2024; Loiacono & Rulli, 2022; Zetzsche & Anker-Sørensen, 2022)
Ontologies and DictionariesSupervisory dictionaries for obligations and risks, ontology-based classification of rules(Chirulli, 2021; Colaert, 2021; Konina, 2021; Pan et al., 2024)
Templates and Machine-Readable FormatsStructured supervisory forms, XML/XBRL-based submissions, API-enabled supervisory data flows(Chirulli, 2021; El Khoury et al., 2025; Kanojia et al., 2024; Kavassalis et al., 2018; Khalatur et al., 2022; Y. Li et al., 2025; Loiacono & Rulli, 2022; Shi et al., 2025; Zetzsche & Anker-Sørensen, 2022)
Dashboards/Portals (extended for SubTech)Interactive supervisory dashboards, machine-readable alerts, conduct monitoring dashboards(Chirulli, 2021; Pan et al., 2024; Saifullah et al., 2023; Singh et al., 2022; Y. Xia et al., 2024; Zabat et al., 2024)
Table 13. Key elements enabling real-time regulatory supervision.
Table 13. Key elements enabling real-time regulatory supervision.
CategoryTools/TechnologiesPurpose/RoleSources
Streaming and Continuous Data FlowsAPIs, real-time data pipelines, event-driven platformsEnable supervisors to access data streams continuously rather than waiting for periodic submissions, reducing supervisory lag(Grassi & Lanfranchi, 2022; Kanojia et al., 2024; Loiacono & Rulli, 2022; Shi et al., 2025)
Supervisory Dashboards and PortalsInteractive dashboards, early warning systems, conduct monitoring portalsProvide supervisors with live views of prudential ratios, conduct risks, and consumer complaints(Chirulli, 2021; Pan et al., 2024; Saifullah et al., 2023; Singh et al., 2022; Zabat et al., 2024)
Real-time Anomaly DetectionIsolation Forest, One-Class SVM, Autoencoders, RNN, time-series anomaly detectionSupport continuous detection of suspicious transactions, AML alerts, and systemic market anomalies, reducing false positives(Arner et al., 2018; Becker et al., 2020; Butler & O’Brien, 2019; Gasparri, 2019; Jung, 2021; Kanojia et al., 2024; Y. Li et al., 2025; Uddin et al., 2025)
Trigger-based/Event-driven SupervisionSmart contracts, automated thresholds, e-notificationsGenerate alerts or supervisory interventions when predefined risk thresholds are breached(Becker et al., 2020; Butler & O’Brien, 2019; Chirulli, 2021; El Khoury et al., 2025; Konina, 2021; Y. Li et al., 2025)
Continuous Risk and Conduct MonitoringSentiment analysis, NLP-based complaint analysis, consumer protection dashboardsTransform unstructured consumer data into structured real-time oversight signals(Chirulli, 2021; Grassi & Lanfranchi, 2022; Pan et al., 2024; Saifullah et al., 2023; Singh et al., 2022; Y. Xia et al., 2024; Zabat et al., 2024)
Supervisory Data IntegrationCloud-based data lakes, API submissions, cross-market data poolingAggregate firm-level and market-level submissions into supervisory databases in near real-time for benchmarking(Anagnostopoulos, 2018; Grassi & Lanfranchi, 2022; Jung, 2021; Kanojia et al., 2024; Loiacono & Rulli, 2022; Shi et al., 2025)
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Bagherifam, N.; Naghdi, S.; Ahmadian, V.; Fazlzadeh, A.; Baghalzadeh Shishehgarkhaneh, M. Digital Regulatory Governance: The Role of RegTech and SupTech in Transforming Financial Oversight and Administrative Capacity. Int. J. Financial Stud. 2025, 13, 217. https://doi.org/10.3390/ijfs13040217

AMA Style

Bagherifam N, Naghdi S, Ahmadian V, Fazlzadeh A, Baghalzadeh Shishehgarkhaneh M. Digital Regulatory Governance: The Role of RegTech and SupTech in Transforming Financial Oversight and Administrative Capacity. International Journal of Financial Studies. 2025; 13(4):217. https://doi.org/10.3390/ijfs13040217

Chicago/Turabian Style

Bagherifam, Niloufar, Sajjad Naghdi, Vahid Ahmadian, Alireza Fazlzadeh, and Milad Baghalzadeh Shishehgarkhaneh. 2025. "Digital Regulatory Governance: The Role of RegTech and SupTech in Transforming Financial Oversight and Administrative Capacity" International Journal of Financial Studies 13, no. 4: 217. https://doi.org/10.3390/ijfs13040217

APA Style

Bagherifam, N., Naghdi, S., Ahmadian, V., Fazlzadeh, A., & Baghalzadeh Shishehgarkhaneh, M. (2025). Digital Regulatory Governance: The Role of RegTech and SupTech in Transforming Financial Oversight and Administrative Capacity. International Journal of Financial Studies, 13(4), 217. https://doi.org/10.3390/ijfs13040217

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop