Regtech company Kalipso, which uses AI to help financial institutions monitor and implement regulatory change, has raised $3.2 million to develop its platform and expand across the UK, France, Spain, Italy and Benelux.
Founded in 2025 by lawyers Pierre Ferran and Virginia Debernardi, Kalipso monitors more than 100 regulatory sources across over 40 jurisdictions and processes more than 3,000 updates a day. Its platform identifies which developments apply to each organisation and links proposed changes back to the underlying law.
Backed in a round led by Varsity and with participation from Lanai, Plug and Play, Kima Ventures and Vento, the round comes as Kalipso builds on work with organisations including Groupe Caisse des Dépôts and Alma.
Fintechly caught up with Ferran and Debernardi to discuss how the platform works, where AI can genuinely help compliance teams and why every recommendation needs to lead back to the original source.
What first made you realise companies needed a better way to manage regulatory change?
Pierre Ferran: There was one example involving the EU Digital Services Act that really crystallised it for me. I was working as an in-house lawyer when a colleague came to me because they were renewing our Apple developer licence. A new question had appeared on the renewal form asking: “Are you a trader under the DSA?” It was a yes-or-no question, it blocked the process, and the only supporting message said that Apple could not give legal advice and that you should assess this question yourself.
The DSA was outside my main area of work, although I had been following it. We eventually found that only two articles were relevant to us, but it still took several people a couple of hours to work out what the question meant and how we should answer it.
The stakes were real because, without the licence, we could not publish updates to the app. A small point buried in a much larger regulation was holding up a business process.
A tool should have been able to show us that those two articles applied, explain why and take us back to the original text. The lawyer could then concentrate on the judgement involved in answering the question.
Virginia Debernardi: It also showed how many people can become involved in one regulatory query. Legal, product and engineering all had an interest because the app could not move forward without an answer. It was a very clear example of compliance affecting the wider business rather than remaining within the compliance department.
How are legal and compliance teams handling that work at the moment?
Debernardi: A lot of it still happens through spreadsheets, shared drives and email. In some cases, an outside lawyer or consultant sends a list of regulatory updates, and somebody inside the company has to decide what applies and who needs to act.
The information can be scattered across different places and dependent on the person who receives the email or maintains the spreadsheet.
There are tools that monitor new regulation and send alerts. The difficulty is that an alert only tells you something has changed. It does not tell you whether the change affects your business, which product or policy is involved or what needs to happen next.
Other systems are better at managing tasks and approvals, but provide less help with the substance of the law. Compliance teams end up moving between the original regulation, a spreadsheet, emails and a workflow system.
We wanted to connect those parts, so the legal requirement can lead directly to the policy, control or product that needs attention.
Why can a small part of a much larger regulation create such a big problem for a business?
Ferran: The hardest part is often one or two small things that are relevant to you.
There may be a large amount of legislation to follow, but one definition, threshold or paragraph creates the real issue for the business. A policy can appear broadly correct while still containing an outdated threshold or missing a particular requirement, and that’s more than enough to get a large fine.
Teams can keep a broad eye on many regulations, but they do not have the human capacity to go deeply into every piece of legislation, guidance and regulatory interpretation.
The volume is one problem. Working out which detail applies to you, and which detail you may have missed, is another.
What happens inside Kalipso when a new rule or piece of guidance appears?
Ferran: We often pick up signs of a regulatory development before the final text appears, so customers have some warning that an issue is coming.
We are not trying to make compliance teams follow every stage of the political process. We give them the early signals that are useful, such as the likely direction and when a final text may appear.
Once the law is final, we assess its effect on the organisation. The platform might show that it has a high impact on a credit card or consumer lending product, while having little bearing on another part of the business. It can also identify the policies that may need reviewing.
We then map the obligations to those products and documents. A customer could be told that a rule changes how a fee can be charged or alters the information that must be disclosed to a customer.
The team decides when to run the fuller gap analysis. It may want to group several related changes rather than begin a separate review every time a new document appears.
When the review starts, the platform suggests amendments, explains what has changed and links each recommendation to the relevant source. The compliance team can accept, change or reject those suggestions before the normal approval process begins.
Where does AI help most, and where does a compliance professional still need to make the call?
Ferran: We have a principle that the engineers do not always like: we do not use AI where we do not have to.
We start by asking whether a task can be completed using structured data and fixed rules. If it can, that gives us a more predictable result. AI comes in where interpretation or subjective analysis is needed, such as applying an obligation to a company’s products or reviewing whether a policy reflects the law.
The compliance professional still makes the decision. We provide the source, the analysis and a proposed change, but the user decides how it should be applied within the business.
They understand their products and operations better than any external system. We put the information in front of them and reduce the searching and manual comparison involved.
Debernardi: Human judgement is part of the platform. The system can suggest something, but the user remains the decision-maker.
We also want feedback from people who have worked in compliance for years. At the same time, nobody can know every regulation, guidance document or interpretation across every jurisdiction. The technology can bring forward information that a very experienced person may still have missed.
What worries customers most about using AI for compliance?
Ferran: Hallucination is the concern we hear most often. People want to know how they can check whether an answer is accurate.
There are also questions about data privacy, but we generally do not need customer transaction data. We need policies, procedures and written documentation to understand how the organisation handles a regulatory obligation, which is less sensitive / does not contain personal data at all.
The bigger question is: how do I know this answer is true?
The user can move from a recommendation down to the articles and guidance behind it. They can read the source inside the platform and see how it supports the proposed change.
We also have controls that look for invented or unsupported references. When the system cannot support an answer with enough confidence, we block the output. We would rather say we cannot produce a reliable response than give somebody material they may act on incorrectly.
Debernardi: Customers also want the output to be useful. A response can sound plausible but still be too vague, based on the wrong assumptions or presented in a format that does not help the team complete the work.
If you ask a general-purpose AI tool a compliance question, it may produce a long answer that still leaves you to work out what to do. Compliance teams need something they can review and use.
How do you make sure each recommendation can be checked against the original law?
Ferran: The platform works from regulatory material that we have already brought into the platform. It does not rely on its general knowledge or search the open internet for an answer.
Citations sit alongside the recommendation and point back to the particular article or section being used. The user can open that source inside the platform and check the wording directly.
We also verify that the cited text exists. If the system tries to invent a source, we can detect that and prevent the output from being shown.
Every AI-generated sentence needs a source. That comes partly from our legal education. At university, you were expected to support every statement with a citation and a footnote. We apply the same principle here.
Without that link, a compliance team has no sensible way to check the recommendation or explain the decision later.
Why would a bank or fintech use Kalipso rather than build its own system?
Ferran: Some individual tools can be built internally quite quickly. A complete regulatory system is more difficult because it combines software engineering, legal and compliance knowledge and a large amount of external data that changes all the time.
Engineers and lawyers tend to approach problems differently. To build a good tool, you need people who understand both how the technology works and how compliance teams think.
That also means taking experienced people away from their normal compliance roles to work with engineers. Those teams are already stretched.
Then there is the maintenance. Regulators change their websites, document formats and publication methods. New guidance has to be collected, cleaned, linked to existing rules and mapped to the organisation.
I’ve heard of attempts at other companies in the past where the lawyers received an email asking them to complete a spreadsheet listing all the laws relevant to the company.
There are tens of thousands of EU legal acts in force. The request itself showed that the project had not been framed with enough legal input.
A financial institution could build an auditable internal system. It then has to decide whether it makes sense to keep funding and maintaining that capability itself, and the math adds up quickly, a single full time engineer is going to cost you EUR100,000 a year, let alone a full time compliance expert on top, making the economics unrealistic
How do you decide which jurisdictions and regulatory sources to cover?
Ferran: Some regulatory technology companies promote coverage of 180 countries and thousands of sources. We decided to concentrate first on what we call the prime 50 markets and go more deeply into those.
Few organisations need detailed regulatory coverage of every country in the world. They need reliable information in the markets where they operate or plan to expand.
A hundred sources already require a lot of daily work. A regulator changes its website, a parliament publishes a document in a different format or an unrelated article appears in a formal regulatory feed.
We once picked up an interview with Christine Lagarde in a magazine because it had been published through the European Central Bank website. The source was one we wanted to monitor, but the item was not a regulatory update.
Those things have to be spotted and dealt with. If you try to cover every country and every source, the quality of the data can suffer.
We want strong coverage of the legislation, regulators and guidance that customers actually rely on. We add a market when there is a clear reason to do so.
Why are the UK, France, Spain, Italy and Benelux your priority markets?
Ferran: Those markets have large financial institutions, active fintech sectors and organisations dealing with complex regulation across several countries.
There are practical reasons as well. I am French and have worked in the UK. Virginia is Italian and speaks Spanish, and other members of the team have experience in these markets.
Debernardi: Language and legal knowledge are important because we work with original regulatory texts and need to understand how different sources fit together. We began in countries where we could assess the material ourselves and where we already understood the legal systems. Human review remains important when establishing coverage in a new jurisdiction, particularly at the beginning.
Do smaller fintechs and large institutions want different things from the platform?
Ferran: Smaller companies place more pressure on speed and price, as they should. Their compliance teams may only contain a few people, and they may still be working towards profitability.
They need something that can be implemented quickly, does not take up a lot of their time and helps increase the capacity of the team.
Alma, the French buy now, pay later provider, was our first design partner. Its priorities included helping the compliance team move faster and supporting expansion into new markets.
Large institutions have more complicated ownership, approval and audit structures. They may also have experience of compliance systems that they have disliked using for years, so they need convincing that a newer platform will be different.
The relationship takes longer because we need to understand how those organisations work. At the same time, smaller customers will leave quickly if the product is slow or does not meet their needs.
Working with both helps us. Smaller firms put pressure on us to keep the product fast and straightforward. Large organisations expose us to more complicated workflows and governance requirements.
What will the funding allow you to do over the next 12 months?
Ferran: The main investment is in people and product development, with a focus on our core European markets.
Our original hiring plan was to grow the team very quickly. Developments in AI-assisted software engineering have allowed us to revise some of those assumptions while maintaining the pace of development.
We still plan to grow, but through targeted hires. We want people with relevant legal, technical and financial-services experience who can add something specific.
The funding also gives us room to explore additional markets and use cases. We can look beyond our initial Western European focus, consider other regulated sectors and develop more operational capabilities for financial institutions.
The priority is to keep developing the product, improve the depth of our coverage and learn from how customers use it every day.
