Last month, we hosted a series of risk roundtables focused on the real-world challenges firms are dealing with day to day. Attendees spoke openly about cloud migration, AML readiness, and how their existing approaches are starting to fall short. Here’s what they told us.
Firms that moved to the cloud first are now advising firms that haven’t
One of our most insightful conversations wasn’t centered around a product feature or roadmap. It was a discussion among firms that had recently migrated to cloud-based compliance infrastructure and firms that were still on-prem. The picture that emerged wasn’t quite what people expected.
While one firm completed its migration in roughly nine months, another took only four. Neither redesigned their processes before moving. Both firms moved first, then refined incrementally once they were in the cloud. The reasoning was consistent: Redesigning on-prem before migrating means running two transformation workstreams simultaneously and absorbing disruption twice. Fee earners experienced minimal interruption, and the configuration work happened in the background afterward.
For firms still on premises, the question is no longer whether cloud migration is technically feasible — the firms that have already moved have effectively answered that. The roundtable surfaced some of the most overlooked costs of continued delay: configuration debt that compounds, a fee earner experience gap that widens, and AI capabilities that sit behind a migration gate. Firms that had moved weren’t describing a difficult project they survived. They were describing a decision they wished they’d made sooner.
A regulatory deadline is separating firms that are planning from firms that are preparing
Another session had a level of urgency that the others didn’t: A new AML regulatory framework takes effect in July 2027 in the Netherlands, and firms in the room were already working through what needs to be in place before that window closes — not in the abstract, but in terms of specific workflow gaps.
A consistent need across the group: corporate structure verification and sanctions list screening conducted systematically, not manually. Most firms described their current AML process as a combination of point solutions and manual effort that works for today’s volume and level of scrutiny — but that will be inadequate for a formal regulatory framework with documentation requirements. Attendees named automated AML risk scoring at intake as infrastructure they knew they would need, versus merely a feature they wanted to explore.
Engagement letters and the workflows around them were another recurring friction point. Firms managing those processes manually are already absorbing drag. Under AML documentation requirements, that drag becomes a compliance liability.
One pattern worth naming: When regulatory requirements hit larger markets first, smaller European markets can mistake that lag for lead time. It disappears quickly once the rule goes live. The firms treating July 2027 as a planning horizon are already behind the firms treating it as a deployment deadline.
Fee earner visibility into compliance workflows is both a risk gap and an efficiency one
Compliance workflows that exist only in back-office systems tend to stay there. Across all three roundtables, attendees experienced the same operational friction: risk teams and fee earners working from separate information environments, often relying on follow-up emails to coordinate.
A dashboard giving fee earners direct visibility into the status of their onboarding and conflicts checks came up in multiple sessions as one of the most practical changes a firm could make — not because it solves a technically complex problem, but because it removes a coordination layer that consumes time on both sides.
Another practical adoption shortcut: extending compliance onto the same mobile platform that fee earners already use for time capture. Firms that already have fee earner buy-in for mobile applications don’t have to re-earn it for compliance. The tool is already in hand.
By giving fee earners visibility into matter status, and by building that visibility into their existing tools, firms can easily improve efficiency as well as risk management. It stops being a risk argument alone and becomes an operational efficiency argument as well.
Firms are deploying AI faster than they’re governing it
AI governance came up in all three sessions. The underlying concern was the same one surfacing at firms globally: AI tools are being rolled out for fee earners without a reliable mechanism to ensure that they don’t violate the firm’s existing information barriers. Several attendees described this as a current gap.
In one session, a firm had already built and deployed its own AI agents for fee earners. The question wasn’t whether to govern that activity — they had already concluded they had to — but whether their current approach was adequate.
The European dimension that complicates AI governance discussions is data residency. Several firms raised GDPR compliance directly, particularly around where data goes once it enters an AI system and how firms can confirm it remains within the EU. EU-based data centres address the technical requirement, but the concern surfaces early in internal procurement conversations — well before firms have had time to define a clear response.
External Forms for KYC, lateral hire processing, and ESG documentation came up across multiple sessions as credible use cases. The challenge in each conversation was the same: The business case has to be specific. Generic capability doesn’t move internal stakeholders. They need concrete examples of what changes operationally, with clear time savings attached.
Where to go from here
Cloud migration readiness, AML compliance infrastructure, fee earner visibility, and AI governance all depend on the same underlying foundation. The firms furthest along aren’t solving each challenge in isolation — they’re building connected infrastructure and making faster progress because of it.
The Compliance Migration Acceleration Program is structured to help you build the internal case and develop a plan you can take to leadership.
If your firm is working through any of these challenges, explore our compliance migration resources — or to talk through what that looks like in practice.