By Stanley Foodman
2025 made one trend unmistakable. Financial activity now moves across borders as a matter of routine, and compliance has had to follow. With CARF, CRS 3.0, expanding transparency initiatives, and closer coordination between tax and law-enforcement agencies, institutions saw that jurisdiction-specific controls are no longer enough. Governance needs to hold together across all touchpoints. During the 42nd International Symposium on Economic Crime in Cambridge, UK, discussions with regulators, investigators, prosecutors, and compliance leaders reflected the same direction. Oversight is becoming fully borderless. Institutions that managed risk effectively in 2025 approached compliance as a connected system rather than a set of country rules. As the year closes, five lessons stand out for institutions preparing for 2026.
1. What 2025 Proved About Cross-Border Activity
Financial activity in 2025 moved faster than the regulatory perimeter. Funds, digital assets, beneficial ownership structures, and cross-border entities appeared in multiple jurisdictions at the same time. Institutions relying on controls designed around local activity struggled with transactions that originated, routed, and settled across borders within seconds.
Coordinated investigations increased, with authorities sharing intelligence more frequently. Family offices faced scrutiny traditionally applied only to global institutions. Going into 2026, institutions should assume that every jurisdiction matters, even in places where they do not operate directly.
2. How CARF and CRS 3.0 Changed Data Expectations
CARF and CRS 3.0 reshaped visibility across reporting frameworks. Supervisors are now focused on whether institutions can validate, reconcile, and trace data throughout the reporting chain, not only whether they possess it.
In 2025, shortcomings in data integrity created exposure equal to gaps in substantive due diligence. Regulators expected stronger alignment among legacy systems, digital asset platforms, onboarding portals, and reporting engines. Beneficial ownership data, tax residency information, and digital asset identifiers must now be consistent across all systems, not only within a single report.
In 2026, reliability and clarity of data flows will be a primary measure of readiness.
3. Why Governance Outweighs Geography
Supervisors no longer evaluate compliance programs based on where activity occurs. They look at whether institutions maintain consistent governance across jurisdictions.
The institutions that struggled in 2025 tended to rely on governance structures that varied by country. Regulators questioned inconsistent risk scoring, uneven policy interpretation, and controls tied to local offices rather than centralized oversight. Family offices and global advisors faced similar expectations.
In today’s environment, governance maturity is a better indicator of exposure than geography.
4. What Digital Assets Revealed This Year
Digital assets shifted from a niche category to a central test of oversight. Blockchain, tokenized instruments, and hybrid assets required institutions to link AML, tax, technology, and risk functions. Many existing governance structures were not designed for this level of integration.
Immutable audit trails provide transparency only when incorporated into reporting and oversight processes. Supervisors now expect institutions to understand token flows with the same clarity as traditional fiat activity. In many situations, digital-assets activity exposed governance weakness before other areas did.
5. Why Readiness Is Becoming the Defining Metric
Supervisors are now assessing capability rather than box-checking. Institutions that performed well in 2025 prepared early for regulatory convergence. They aligned frameworks around CRS, CARF, and FATCA. They strengthened data governance. They standardized documentation. They conducted scenario-based assurance review.
Cross-border enforcement is increasing, and family offices are experiencing levels of scrutiny similar to regulated institutions. Complex private-wealth structures cannot rely on opacity. In 2026, the key question will be whether an institution can demonstrate readiness under real scrutiny.
How 2026 Will Test Leaders
Institutions will need to reconcile obligations under CARF and CRS 3.0, validate beneficial ownership data across jurisdictions, and maintain consistent governance across global operations. Documentation must be able to withstand multi-jurisdiction inquiries. Technology has to support cross-border reporting and assurance.
Organizations that design controls around financial flows rather than geographic boundaries will be best positioned for ongoing regulatory convergence.
Preparing Governance for Compliance Without Borders
Institutions should review the foundation of their governance programs. Board-level oversight needs to apply across all jurisdictions and across asset classes, including digital assets. Data architecture should reconcile CARF, CRS 3.0, FATCA, and BOI requirements. Documentation standards should remain consistent across all functions. Institutions should routinely test readiness for multi-jurisdiction audits and coordinated reviews.
Fragmented or inconsistent programs have become material risks.
A Final Reflection for 2025
Borderless finance is now the norm. Borderless compliance is no longer optional. Institutions that plan ahead will reduce exposure, strengthen governance, and respond more effectively to increasing expectations in 2026.
If You Need Support
If you would like guidance tailored to your global compliance or reporting profile, you can contact our office at info@foodmanpa.com.
