In most banks, regulation still begins life as text. Laws, ordinances, circulars and supervisory guidance arrive as words on paper, or as PDFs in inboxes, and then begin a long journey through the institution.

Legal teams interpret the wording. Compliance turns interpretation into internal policy. Risk adds thresholds and appetite statements. Business units receive guidance on what can and cannot be offered. Operations and technology teams then try to hardwire all of this into workflows, forms and approval chains. Somewhere along that chain, abstract regulatory expectations are converted into the practical reality of onboarding a client.

This is how banks govern themselves today. The regulator stays at a high level. The bank does the heavy lifting underneath.

From high Level Rules to operational Reality

The regulator generally does not define every operational step. It sets principles, expectations and boundaries. The bank must translate those into something usable. First come policies, which define the how: how the institution intends to comply, how it interprets obligations, how risk appetite is reflected in controls. Then come guidelines, which define the what: what front office teams must ask, what documents are required, what evidence is acceptable, what escalations are mandatory.

By the time a relationship manager sits across from a new client, a high level rule has already been rewritten several times. It has travelled from regulation into policy, from policy into guidelines, and from guidelines into processes and systems. At every stage, there is room for interpretation, simplification, or inconsistency.

That is why onboarding often feels heavier than regulation looks on paper. A short legal principle can become a dense operational burden once it is translated into real decisions, real documentation and real accountability.

How Banks Codify the Rulebook Today: The Policy-to-Process Gap

Banks have not ignored this problem. For years they have been trying to reduce ambiguity by codifying more of their regulatory interpretation. Policy libraries have grown larger and more structured. Cross border rules are stored in central repositories. Onboarding systems include increasingly detailed decision trees. Product eligibility checks, sanctions filters and routing rules are embedded into platforms that try to catch obvious issues before they become breaches.

But the core artefact is still prose. Policies remain written language. Guidelines are still human documents. The systems usually automate only the most standardised parts. The difficult cases still depend on experienced people who know where the grey zones lie and how the institution has historically chosen to handle them.

In other words, banks are already codifying regulation, but mostly indirectly. They are coding their own interpretation of written rules.

Machine-Readable Regulatory Guidance: What If Regulators Shipped Logic?

Now imagine a subtle but important shift.

Not a regulator replacing law with software. Not a regulator dictating every operational control. But a regulator, still operating at a high level, beginning to express selected parts of its guidance in a more structured, machine readable form.

This is not an implemented standard. It is an idea. A possible direction.

In such a model, the regulator would still remain primarily a source of principles and high level expectations. It would not suddenly design the bank’s internal processes. But in some narrow areas it might eventually go beyond narrative text and provide reference logic, structured decision tables, or more formal guidance that is easier to translate into systems.

Even then, the bank’s role would remain central. High level supervisory intent would still need to be turned into more granular internal requirements. Policies would still define the how. Guidelines would still define the what. The bank would still decide how to operationalise controls, how to allocate responsibility and how to reflect its own risk appetite.

What changes is that the line between regulatory expectation and bank implementation may begin to blur over time. If regulatory guidance becomes more structured, the translation layer inside the bank becomes shorter, tighter and potentially less open to local improvisation.

Onboarding as the first proving Ground

This becomes easiest to imagine in onboarding.

Today, onboarding sits at the intersection of multiple obligations:

  • client identification,
  • beneficial ownership,
  • sanctions,
  • financial crime prevention,
  • tax transparency,
  • product suitability,
  • cross border restrictions and
  • data handling.

Much of this is still managed through a mixture of policy interpretation, system prompts and human escalation.

Now imagine a future in which a regulator publishes high level guidance on onboarding in a form that is not just readable by lawyers, but also easier for machines to consume. Not a fully prescriptive rulebook, but a structured expression of supervisory expectations around areas such as client categorisation, required evidence, trigger points for enhanced due diligence, or escalation indicators for complex structures.

The bank would still need to interpret that guidance through its own policies and guidelines. But the path from supervisory principle to system behaviour would become more direct.

That is the moment when many institutions would ask a practical question:

If the front end is becoming more digital and conversational, what sits behind it to make sure all of this still holds together?

Agentic AI and the Shape of Algorithmic Banking Compliance

The answer, increasingly, may be agentic AI at the front and a neuro symbolic control layer behind it.

On the client side, banks are already moving away from static forms towards more conversational interfaces. Instead of forcing clients through a rigid sequence of fields, an intelligent assistant can ask for information dynamically, explain why a document is needed, adapt to what has already been provided and guide the interaction in plain language.

For the relationship manager, a similar assistant can prepare the case, identify likely friction points and suggest what needs attention before the file ever reaches compliance.

This makes onboarding feel simpler. But it only works if the simplicity at the front is backed by discipline in the middle.

A conversational agent cannot be allowed to improvise compliance. It needs a control structure that can interpret messy real world information while staying anchored to explicit rules. That is where neuro symbolic AI becomes relevant. The neural side helps process documents, free text, ownership structures and patterns that do not fit neatly into boxes. The symbolic side holds the rules, policy logic and control constraints in a form that can be applied consistently and explained afterwards.

The result is not a freewheeling AI banker. It is an assistant operating within a carefully governed decision architecture.

The Appeal of a single Regulator World

In a simple world, this looks highly attractive.

One regulator issues high level guidance. The bank translates that guidance into policies and guidelines. The structured parts of that guidance feed more directly into a control architecture. Agentic AI simplifies the front end. Neuro symbolic systems help ensure that what the client experiences as a smooth conversation remains aligned with what the bank must defend to auditors and supervisors.

The benefits are obvious. Onboarding becomes faster. Decisions become more consistent. The gap between policy and practice narrows. A decision can be reconstructed more clearly because the system can show which information mattered, which internal rules were applied and why the outcome was acceptance, escalation or refusal.

For leadership teams, this is a compelling story because it promises simplification without appearing to weaken control.

Cross-Border Supervisory Conflict When Multiple Regulators Codify

The neatness disappears when more than one regulator begins moving in this direction.

Global banking does not live under a single logic. A client may be connected to several jurisdictions at once. One supervisor may emphasise data minimisation. Another may focus on transparency and broad information sharing for financial crime detection. A third may impose its own approach to product access, client categorisation or AI governance.

If each regulator remains high level but starts expressing elements of its guidance in more structured or machine readable ways, banks may find themselves translating several forms of structured supervisory intent into one onboarding process.

That is where contradictions become more visible.

The problem is no longer just that rules are complex. The problem is that multiple valid supervisory logics may pull in different directions at the same time. One set of expectations may support a certain onboarding path under conditions. Another may restrict the products that can follow. A third may limit how data can be gathered or used to support the first two.

The more clearly those expectations are expressed, the harder it becomes to hide the tension behind process workarounds.

Why the Bank still needs its own Meta Rulebook

This is why structured regulatory guidance, even if it becomes more common, would not remove the bank’s responsibility. In some ways it would increase it.

The bank would still need a meta rulebook of its own: a clear internal logic for determining which jurisdictions matter, how conflicting expectations are prioritised, when the strictest approach wins and when the only defensible decision is not to proceed.

This meta layer would not replace regulation. It would sit between different high level regulatory expectations and the operational reality of a cross border institution. It would make explicit what today is often managed implicitly through experience, local custom or institutional memory.

And that is the deeper strategic shift. A bank that adopts agentic front ends and more formal control logic is not merely digitising onboarding. It is making its own choices more visible. It is putting into code and governance the trade offs that used to live in human judgment and organisational habit.

A Future where Algorithmic Regulation and Compliance Converge

The most plausible future is not one in which regulators suddenly dictate every operational detail in code. The more realistic scenario is slower and more uneven.

Regulators remain, in principle, high level. Banks continue to translate regulatory intent into policies and guidelines. But over time, in selected areas, supervisory guidance may become more structured, more machine readable and more directly consumable by systems. As that happens, the line between external guidance and internal implementation begins to blur.

The bank still defines the how through policy. It still defines the what through guidelines and process design. But the room between principle and execution may narrow, especially where supervisors want greater consistency, traceability or speed of response.

That is why this is not just a technology story. It is a story about control, interpretation and institutional identity.

Verwandter Artikel
AI-Powered Compliance in Banking: Turning Complexity into Competitive Advantage
AI-powered compliance is reshaping the role of client advisors in banking, turning a relentless regulatory tsunami into a potential competitive advantage. Every onboarding and advisory conversation now threads a maze of rules, documentation demands and risk flags that no single advisor can fully internalize. This article shows how, paired with AI, compliance shifts from a necessary hurdle into a strong virtual partner that stays at the advisor's side.
Verwandter Artikel
Agentic AI in Banking: 5 Proven Compliance & Risk Wins
Agentic AI in Banking extends the agent-based principles behind agentic testing into the tightly regulated world of finance, where security, efficiency, and compliance meet every day. Here the technology can offload routine work and speed up critical processes while keeping final responsibility with human experts. This post explores five proven wins, from policy navigation to sophisticated risk assessment, that position agentic AI as a trusted co-worker for banking staff.
Verwandter Artikel
AI in Banking Compliance: Smarter Reviews, Better Decisions
AI in Banking Compliance is not about replacing human judgement but about freeing experts from the tedious task of manually reconstructing answers from scattered data. In Switzerland, where AML rules demand rigorous client identification and risk assessment, banks waste valuable time stitching together information from silos—time that could be spent on critical analysis. The result: highly qualified staff are bogged down in administrative work instead of leveraging their expertise. [1][2][3][4]

Quellen

  1. Convergence in the prudential regulation of banks – what is missing
  2. Global financial and regulatory fragmentation
  3. Rules as Code RaC – Interoperable Europe
  4. How Rules as Code can transform government