Financial institutions spend roughly $206 billion a year on financial crime compliance alone, and the burden keeps climbing. A 2024 LexisNexis study found 98% of institutions saw compliance costs rise in the prior year. Bank Policy Institute survey data shows executives at major US banks now spend 42% of their time on regulatory compliance, up from 24% in 2016, and personnel costs absorb 79% of total compliance spending. Technology, despite a decade of digital transformation rhetoric, accounts for just 9% of average compliance budgets. The math is structural: when regulation expands faster than infrastructure, the cost falls on headcount.
Lokesh Prakash Manohar is a product and engineering leader with more than 15 years across financial services, security, and enterprise technology. Recognized as a Senior Member of IEEE for his professional contributions to the field, he has focused much of his work on systems operating under regulatory scrutiny, including compliance and risk-sensitive platforms where the operational stakes are regulatory, not commercial. His position is that the current model, where regulation grows on a fixed governmental timeline and compliance scales by hiring more reviewers, has already broken. The fix, he argues, is to treat compliance as the architectural foundation of the system itself, not a manual process layered on top of an existing product.
When Manual Compliance Becomes the Bottleneck
The volume of regulatory change has reached a level that manual workflows cannot absorb. Global firms now process more than 250 regulatory alerts per day across jurisdictions, and the count of changes per institution has climbed roughly 15% year over year. Between 2016 and 2023, employee hours dedicated to financial compliance rose 61%, and compliance-related IT spending at banks grew from 9.6% to 13.4% of total IT budgets over the same period. The visible cost is the headcount needed to track all of it. The hidden cost is that fragmented, spreadsheet-driven workflows produce fragmented oversight, which regulators have started to call out directly.
Manohar has spent much of his career on the unglamorous side of that problem. Across product and engineering roles at global payments, lending, and ad-technology platforms, he has watched the same pattern repeat: an institution stands up a manual complaint or risk workflow that works fine at low volume, then doubles its scope when a new regulation lands, then triples it again the next time. The economics work in the short term and fail catastrophically the moment a regulator asks for case-level audit trails on the entire history. The audit is not the failure. The architecture that made the audit impossible is the failure.
“Manual compliance scales linearly with headcount and exponentially with regulation,” says Lokesh Prakash Manohar. “The first few years you can hire your way out. By year five, you are running a customer service organization whose primary job is documenting why it did what it did, and you still cannot prove it cleanly when the regulator asks.”
When a Regulatory Shock Exposes the Architecture
The UK’s financial complaint regime is one of the largest in the world and the most rigorously measured. FCA data show that financial services firms received 1.87 million complaints in the second half of 2025, with the share upheld by firms at roughly 56%. Total redress paid in the first half of 2025 alone reached £283 million, a 20% jump over the prior half. When the UK separated from the European Union, the framework for how those complaints were categorized, reported, and audited changed, and it changed on a fixed governmental timeline. Institutions had months, not years, to reconcile new FCA expectations, GDPR-aligned data controls, and revised reporting cadences with whatever infrastructure they already had in place.
In 2020, Manohar led the design and rollout of a unified compliance automation and reporting platform for the UK market at a major global payments provider, built specifically to satisfy the post-Brexit regulatory regime. The platform replaced fragmented manual workflows with end-to-end automation across complaint intake, regulatory categorization, audit trail generation, and executive reporting, all anchored on a machine-learning model that identified regulated complaints from raw, unstructured customer contacts. He owned product strategy, system design, the precision and recall thresholds for the model, and stakeholder alignment across legal, risk, compliance, customer service, and engineering, all under a six-month delivery window tied to the Brexit transition deadline.
“A regulatory deadline is not a stretch goal. You ship by the date or you stop operating in the market,” Manohar observes. “What that does to your engineering decisions is clarifying. You stop arguing about whether to automate, and you start arguing about which manual steps you can responsibly remove first.”
Designing ML-Native Compliance From the Ground Up
Adoption of machine learning in regulated workflows has finally caught up with the urgency. Reported use of advanced AI tools in KYC and AML jumped from 42% of surveyed firms in 2024 to 82% in 2025. More than 40% of banks initiated pilots of AI-driven compliance automation in customer onboarding during 2024 alone, and early adopters of agentic compliance platforms are reporting compliance breach reductions of 30% or more, with operational cost savings of 40% to 60% on automated manual workflows. The trend is no longer experimental.
Manohar’s UK platform was an early version of the architecture the broader industry is now converging on. He treated the model as the front door of the workflow, not a feature pasted onto an existing process. The model ingested raw customer contacts across channels, scored them against FCA-aligned complaint definitions, and routed the regulated subset into a guided agent flow that consolidated dozens of manual steps into a single auditable interface. The platform ran at production scale, processing millions of customer complaints per month, and reduced manual reporting effort by approximately 80%. Manohar, a judge for the BIG Awards at the Business Intelligence Group, has since reviewed dozens of submissions from financial services and enterprise software companies, which has reinforced his view that the deciding factor between platforms that hold up and platforms that do not is whether compliance was an architectural choice from day one.
“If you bolt compliance onto a product, the seams are where you fail,” Manohar reflects. “If compliance is the load-bearing structure, the product gets harder to design and enormously easier to operate. Every audit becomes a query, not a project.”
The Hard Part Is Translating Guidance Into Code
The hardest engineering work in compliance is not the obvious technical work. It is the translation between regulatory language and machine-executable definitions. Roughly 88.5% of global firms have automated regulatory reporting to push accuracy toward 99.8%, but 30.6% report that legacy systems delay full deployment of modern compliance software by an average of 14.5 months. Global AML penalties totaled $4.6 billion in 2024, with North America accounting for 94% of that total, and the largest single fine of 2025 exceeded $985 million. The penalties land on institutions whose internal definitions could not keep pace with the external rules.
For Manohar’s UK platform, the translation problem ran in both directions. Post-Brexit FCA guidance arrived in stages, often incomplete, and his team had to convert it into precision and recall thresholds for the model that would decide which customer contacts counted as regulated complaints in the first place. Too aggressive a model produced false positives that drowned agents in non-regulated work. Too conservative a model let regulated cases slip past the audit perimeter, which is the failure mode regulators care about. His team worked directly with legal, risk, and compliance to write labeling guidelines that were not just product specs but evidence artifacts, designed to hold up if a regulator ever asked how a particular case was classified.
“You cannot ship a regulated system without writing down what you decided and why,” Manohar explains. “Labels are not just training data. In a compliance context, labels are evidence. The labeling guidelines we wrote for the model were also the legal team’s audit trail for how the institution defined a complaint under the new rules.”
What the Next Regulatory Shock Will Look Like
The RegTech market is on a trajectory that suggests institutions have stopped asking whether to automate compliance and started asking how fast. The global market was valued at roughly $17 billion in 2025 and is projected to reach $99 billion by 2034, a compound annual growth rate above 21%. Gartner expects legal and compliance functions to lift spending on governance, risk, and compliance platforms by 50% by 2026, and 42% of platform development effort is now going into AI-native systems that interpret regulatory text directly. The next regulatory shock, whether it comes from EU AI Act enforcement, the SEC’s climate disclosure rules, or a jurisdiction-specific event nobody has on a roadmap yet, will arrive at institutions that already know whether their compliance stack can absorb it.
The institutions Manohar argues will absorb the next shock cleanly look architecturally consistent regardless of the regulation in question. They have a single governed surface across intake, categorization, reporting, and audit, and that surface is instrumented at every seam. The models inside the surface are documented, versioned, and tied to labeling guidelines that can be defended on their own terms. The reporting cadence is a system property, not a quarterly project. Manohar’s reviewer record at the Web of Science, covering peer-reviewed IEEE papers, gives him a steady read on which of these patterns are being formalized in academic work and which are still moving faster in industry than in the literature. His view is that the industry is roughly a year ahead of the standards on architecture, and roughly a year behind on the governance documentation that auditors will eventually demand.
“The next regulatory shock is not a question of if. It is a question of which jurisdiction, and on what timeline,” Manohar concludes. “The institutions that survive it well will be the ones whose compliance system was already designed to absorb the change. Manual is no longer a viable choice. It is a liability the regulator already knows how to find.”
