Artificial intelligence is no longer an emerging capability sitting at the edges of financial services organizations. It is increasingly embedded in how work is performed, decisions are prioritized and risks are managed. As regulatory expectations evolve, such as the introduction of the EU AI Act, firms must align their operating models with the technologies they rely on.
Last month, we participated in a roundtable discussion in Luxembourg with asset managers, fund administrators and compliance leaders, where we explored how AI is reshaping operating models and regulation in financial services. The questions raised by the audience were telling. Those in attendance were less interested in algorithms and tooling, and primarily concerned about accountability, control and what “good” looks like under the EU AI Act.
A consistent theme from the Luxembourg discussion was that the EU AI Act represents a familiar regulatory shift. Much like earlier regulatory waves, the focus is moving away from intent and high-level policy statements, and toward how controls operate day to day. In other words, how decisions are made, how accountability is assigned and how outcomes can be traced and explained. AI governance, in this context, is less about managing a specific technology and more about strengthening the foundations of operational oversight.
AI is already shaping how work gets done at financial institutions. Automation, machine learning and intelligent exception handling are embedded across functions, from compliance and risk to operations and client servicing. The challenge is not whether AI is present, but whether its use is deliberate, well-governed and aligned with existing accountability structures. Firms that lack clarity on where AI influences outcomes may struggle to demonstrate control, even if their intentions are sound.
Data is often cited as the primary obstacle to responsible AI adoption, but most organizations already operate with fragmented, imperfect data. The firms making tangible progress are those that clearly define which data matters, assign ownership and improve quality iteratively. Attempting to cleanse and centralize all historical data before moving forward can stall momentum without meaningfully reducing risk. Governance, in this sense, is about direction and discipline rather than idealized end states.
Several questions from the audience also touched on AML, KYC and operational risk. A key takeaway from the panel was that effective AI control is achieved through workflows and accountability, not through standalone policies. While governance frameworks and ethical principles play an important role, they do not manage risk on their own. What matters most is not the presence of AI, but how AI-driven decisions are incorporated into established processes, including points of human oversight, escalation paths and post-decision review. When these elements are built directly into workflows, AI becomes more transparent and manageable, supporting better outcomes.
This operational lens also reframes the competitive implications of AI. Access to advanced tools is no longer a differentiator; most firms can procure similar technologies. The real advantage comes from the capability to improve speed, consistency and quality across core processes while maintaining strong governance and oversight.
Conversely, the most significant risk many organizations face is not missing the next breakthrough technology, but rather, falling behind operationally. Delays in modernizing workflows, clarifying ownership or integrating governance into day-to-day execution tend to surface later as higher costs, slower response times and increased strain on control functions. In a regulatory environment that emphasizes demonstrable oversight, these weaknesses become more difficult to mask and more expensive to correct.
As financial services firms navigate the implications of the EU AI Act and broader regulatory change, the path forward is becoming clearer. Responsible AI adoption is inseparable from strong operating models, disciplined data practices and embedded accountability. Governance is now a core capability that shapes how effectively organizations can scale, adapt and compete in an increasingly automated landscape.
Explore our event page and download our related materials to learn more.