Instructions I used to make my own regulatory.bin are
HEREThere are a few broken links but you can find the packages easily enough.
I used an ubuntu server box to create a signed regulatory.bin - I used the one present on my Almond+ as a starting point which I SCP'd off to ubuntu, then used regdbdump to dump into a text file which I edited the parameters for UK, then used the files in the crda package to compile it back into a regulatory.bin and resign it.
I then replaced the original regulatory.bin with my own followed by a full reboot. I'm assuming (but don't know enough really to say for sure) that if I'd created an invalid regulatory.bin and Almond+ was really using that file to set the reg info, that it would have broken wireless (or somehow otherwise impacted things) rather than continued working exactly the same way. If my changes were correct, and the regulatory.bin was correct, presumably it would then have listened to my changes.
Nothing happened at all, so my conclusion is that the reg info is being set elsewhere, possibly as you highlighted, within the compiled driver itself. This would be unfortunate as there is NO way to fix that ourselves - we are completely reliant on Securifi to have the inclination to build and test new drivers.
Given the rate of updates over the last few months I'd be surprised if we saw this update any time soon unfortunately