Our Take
Regulation-as-enabler, not blocker: the FCA sandbox works because it grants access to cross-institution data and infrastructure that compliance teams cannot assemble alone.
Why it matters
Financial crime detection breaks down at institutional borders, yet most compliance teams operate within a single organization's data silo. The FCA model shows how regulators can architect access that lets vendors solve the harder problem.
Do this week
Compliance teams: audit whether your current financial crime detection works on single-institution data only; if so, flag this limitation to your vendor and ask what cross-network capabilities they have or are building.
Napier AI's Sandbox Work Uncovered Network-Based Crime Detection
Napier AI participated in the FCA's Supercharged Sandbox, a competitive innovation programme that awarded the company access to curated datasets, APIs, and scalable compute infrastructure alongside regulatory oversight and industry mentorship. Entry is selective: over 200 applications competed for limited cohort places.
Within the sandbox, the company developed two distinct approaches to financial crime detection. The first applied information theory to identify high-risk transaction patterns with reduced noise compared to traditional subgraph analysis. The second borrowed methodology from environmental science, modeling financial flows as contamination tracking. This approach allowed detection of criminal fragments even when network visibility was incomplete, without needing to identify the source of the activity.
Both advances emerged from a core constraint that the sandbox directly solved: financial crime moves across accounts, geographies, and entity boundaries, but individual institutions lack both the data access and processing power to track it. The sandbox provided both.
The Regulator-as-Infrastructure Model Unlocks Problems Vendors Cannot Solve Alone
Financial crime detection has long operated at institutional boundaries. Banks and payment processors maintain their own compliance systems, processing their own transaction streams, blind to patterns that emerge only in cross-institution networks. Compliance vendors have had no mechanism to access that broader data legally or at scale.
The FCA's approach is not permissive. Participants operate under regulatory oversight and defined terms. But it is structural: by positioning the regulator as data curator and infrastructure provider, the FCA removes the primary barrier that kept compliance innovation within single-organization silos. This is the opposite of regulatory friction; it is regulatory design that enables what the market alone cannot deliver.
The implications ripple across financial crime compliance more broadly. If detection improves by seeing across institution boundaries, the baseline for effective compliance changes. Vendors and institutions relying on institution-only detection will lag.
How to Assess Your Compliance Stack Against This New Capability
Compliance teams should audit their current financial crime detection by asking: what data does it see? If the answer is "our institution's transactions only," the detection ceiling is inherently lower than what cross-network approaches can achieve. Ask your vendors whether they have cross-institution visibility, even in limited form (e.g., through consortium data or regulated access). If not, understand that you are solving a constrained problem.
Expect that regulatory sandboxes in other jurisdictions will run similar programmes. The FCA's model is portable. Teams that anticipate cross-network detection capabilities will shape vendor selection before the capability becomes standard.