Employee and Firm Compliance in 2026 

Proving Controls in a Faster, More Accountable Market 

There are few things I enjoy more than bringing together thoughtful, experienced voices from across our industry to have an honest conversation about where compliance is headed. Recently, I had the pleasure of hosting a StarCompliance webinar, From Acceleration to Accountability: The Compliance Outlook for 2026, that did exactly that.  

Joining me were Eric Williamson, Director of Compliance and Risk at the Digital Commonwealth, and Steve Gannon, Partner at Davis Wright Tremaine. With perspectives spanning regulatory supervision, banking, digital assets, and legal advisory, the discussion offered a balanced view from both sides of the Atlantic on what 2026 will demand from compliance teams. 

One theme dominating the conversation: regulators are no longer satisfied with policies on paper. As Eric put it, “We’re moving from rulemaking to enforcement,” with the focus shifting “from policy existence to control effectiveness.” Across jurisdictions, regulators increasingly want proof that controls work under stress, not just in theory. This broader regulatory shift is also reflected in recent SEC enforcement priorities, which underscore the expectation that firms demonstrate how controls operate in practice.

Steve reinforced that we have entered a new phase. “We’re not in the stage of theory anymore. It’s the stage of practice,” he said. In the US in particular, the conversation is evolving beyond price speculation and toward infrastructure, operational resilience, and governance. He also highlighted the growing sophistication of threats, including AI powered scams, which are forcing firms to rethink surveillance and oversight models. 

We also explored how market abuse concepts are evolving across traditional and digital asset markets. The consensus was that many familiar frameworks still apply, but not all. As Steve noted, “About 70% of what firms do in terms of managing risk is going to be fully applicable… and 30% of it is new.” That remaining 30% includes monitoring smart contracts, decentralized activity, and the speed of blockchain based trading, all of which introduce new challenges. 

Another central point was data. Regulators want to know not only that a control exists, but how quickly a firm would detect a failure. Eric framed it well: “If a control fails, how would you know, and how fast would you know?” As settlement cycles compress and tokenization accelerates, system generated evidence, audit trails, and integrated dashboards are becoming essential to defensible oversight. 

Key takeaways from the session

• The regulatory focus is shifting from drafting rules to enforcing accountability and control effectiveness 
• Digital asset growth is driving new expectations around infrastructure, operational risk, and surveillance 
• Market abuse frameworks are converging across asset classes, but new technologies introduce additional complexity 
• Real time visibility, quality data, and documented escalation processes are critical 
• Education and investment in technology and governance frameworks must start now 

As we closed the session, Steve offered practical advice: “Educate yourselves, educate your company,” and ensure you have the governance and escalation playbooks ready for when you need to break the glass. 

The message for 2026 is clear. Compliance is no longer a reactive function. It is a front-line discipline that must prove its effectiveness with evidence, speed, and accountability.  Integrated employee and firm compliance solutions are increasingly essential to providing the visibility, documentation, and governance frameworks regulators now expect.

I encourage you to share it with your teams and continue the conversation inside your organization.