Something shifted in finance and now everything costs more

The bill for a quieter, safer financial system is arriving, and it is bigger than most institutions expected.

There is a cost building inside the global financial system that rarely makes headlines on its own but shows up everywhere: in compliance budgets, in licensing timelines, in the engineering hours spent integrating with new regulatory requirements. The cost of operating in finance is rising, and market forces are only part of the story.

What has changed is the nature of trust itself. For decades, financial institutions could earn regulatory credibility through policies and procedures. Today, regulators want to see the logs, the screening records, the real-time monitoring output. Trust is no longer assumed. It has to be engineered, and that engineering is expensive.

The numbers behind the shift

A new report from blockchain security firm CertiK puts numbers to what many in finance have been sensing. Its Skynet State of Digital Asset Regulations Report, released in April 2026, found that anti-money laundering fines and settlements exceeded $900 million in the first half of 2025 alone, a figure that reflects not just a bad run of enforcement cases, but a structural shift in how regulators operate.

More Wall Street

• JPMorgan resets S&P 500 price target for the rest of 2026

• Vanguard challenges the S&P 500 as a one-stop strategy
• Goldman Sachs resets Broadcom stock forecast

The report documents active regulatory enforcement across the United States, European Union, Hong Kong, Singapore, the UAE, Japan, Turkey, and Brazil. What had been a patchwork of proposals and consultation periods is now a live enforcement environment. High-profile penalties, including a $504 million resolution involving OKX and a $297.4 million penalty for KuCoin, signal that authorities are no longer signaling intent. They are acting on it.

CertiK also notes that independent security audits have shifted from optional best practice to a near-statutory requirement across several of those markets. Institutions are now expected to demonstrate capital adequacy, asset segregation, liquidity management, and contingency planning, standards that closely mirror what traditional banks have faced for years.

Why costs are compounding, not just rising

The pressure is not coming from one direction. It is converging from three at once.

• Regulatory intensity: Authorities have moved from principles-based guidance to prescriptive, enforcement-heavy regimes. Compliance is no longer a policy document. It is a live operational function with real-time output. AML compliance has replaced securities classification as the dominant regulatory risk for 2026.
• Jurisdictional multiplication: Operating across borders once meant entering a few key markets. Today, customers expect cross-border capability from launch, and every new jurisdiction adds its own licensing, reporting, and capital requirements. There is no single passport that travels cleanly across regions.
• Banking relationships under strain: Access to banking infrastructure has become less reliable for a wide range of financial operators. When a banking partner exits a relationship, the cost goes beyond the relationship itself. It is the reintegration work, the frozen capital, and the operational disruption that follows. Source: CertiK Skynet State of Digital Asset Regulations Report

Bernardo Bilotta, CEO and Co-founder of payments infrastructure firm Stables, says the shift is unmistakable. "The days of 'show us your policy' are over; now it's 'show us your logs, your screening records, your real-time monitoring output.' That shift alone has doubled the compliance overhead for most financial operators," he said.

The acceleration is not happening because one of these forces got worse. It is happening because all three intensified at the same time, and institutions that had planned for sequential pressure are now facing simultaneous pressure.

Infrastructure as the new risk frontier

One of the subtler findings in the CertiK report concerns where risk actually lives. In 2025, 76% of on-chain losses by value came not from flawed financial products but from infrastructure compromises: private key theft, access control failures, system-level exploits. The February 2025 Bybit breach, which resulted in $1.46 billion in losses attributed to North Korean operatives by the FBI, was not a product failure. It was an infrastructure failure.

This pattern extends well beyond digital asset markets. Across global finance, institutions are grappling with the recognition that risk management now means understanding every layer of the stack, not just the assets being managed, but the systems that process, clear, and settle them.

A decade ago, risk management meant understanding exposure to an asset class. Today, it means auditing every layer between an institution and that asset: who processes the transactions, how compliance screening works in real time, whether a settlement partner can deliver funds into a local bank account at the other end.

For institutions, compliance is no longer a back-office function managed by a legal team. It is an engineering problem, one that requires continuous maintenance and real-time performance, not a one-time implementation.

How institutions are responding

Some firms are making structural decisions that reflect the new cost reality. Real Finance recently announced a partnership with Wiener Privatbank, an Austrian bank, to build regulated infrastructure allowing institutional clients to access on-chain financial products within a European regulatory framework. The arrangement places EU-regulated custody, reserve management, and KYC/AML compliance at the center of the model, not as add-ons, but as the foundation the product is built on.

The partnership reflects a broader pattern. Institutions are increasingly unwilling to operate in environments where regulatory status is ambiguous. Building compliance into infrastructure from the start is becoming the standard approach, even when it raises the cost of entry.

The CertiK report also flags the Basel Committee's new cryptoasset framework, effective January 2026, which draws a clear line between tokenized traditional assets with standard risk weights and unbacked assets facing significantly higher capital charges. The practical effect is to raise the cost of holding certain assets on institutional balance sheets, another form of the same compliance premium that is reshaping operating budgets across the industry.

What this means for the future of financial expansion

The economics of building for a single market were already challenging. Building for five markets simultaneously, each with its own licensing regime, reporting cadence, and banking requirements, is a different order of problem entirely.

"The era of going it alone across borders is ending," Bilotta noted. "The economics of building and maintaining multi-jurisdictional compliance, local banking relationships, and real-time monitoring across every market you serve simply don't work if you're doing it solo."

What emerges from that constraint is a market that increasingly favors scale. Firms that have already built out multi-jurisdictional compliance infrastructure, whether through years of direct investment or through partnerships with established regulated entities, will carry lower marginal costs than those starting from scratch. The compliance premium, in other words, acts as a barrier to entry that compounds over time.

That may be exactly what regulators intend. The era of regulatory uncertainty is giving way to structured accountability. For financial institutions, the question is no longer whether compliance costs will rise. It is whether they have the infrastructure to absorb those costs without losing competitive ground.

Related: Visa CEO sends blunt message on AI and blockchain