Research · VC & Analyst Reports
Back to sweepResearch sweep · deep · 2023 – 2026
AI Regulation and the Regulated Enterprise — Trajectory to 2030
The trajectory of AI regulation across the EU AI Act, the UK's pro-innovation and contextual approach, and the financial-services regulatory regime (FCA, PRA, Bank of England) from January 2023 to May 2026, including the FCA Mills Review, GPAI obligations, model-risk and accountability rules, and what they demand of technology leadership in regulated firms
- Gemini 2.5 Pro
- financial
- frontier
- academic
- vc
- blogs
- tech
Synthesised 2026-05-19
Narrative
The trajectory of AI regulation in financial services from 2023 to 2026 reveals a growing divergence between the European Union's prescriptive approach and the United Kingdom's principles-based, contextual framework, alongside increasing industry adoption and regulatory scrutiny. The EU AI Act, which entered into force in August 2024, establishes a risk-based framework with high-risk obligations becoming enforceable in August 2026, particularly impacting financial services. This legislation, with its extraterritorial reach, mandates extensive compliance requirements such as risk management, data governance, transparency, and human oversight for high-risk AI systems, creating a layered compliance challenge for firms operating across jurisdictions.
In contrast, UK financial services regulators, including the FCA, PRA, and Bank of England, have consistently signalled a technology-neutral stance, preferring to oversee AI through existing regulatory frameworks rather than introducing new AI-specific rules. However, this approach has drawn criticism from the House of Commons Treasury Committee, which in January 2026 warned that a 'wait-and-see' attitude risks serious harm to consumers and financial stability. The Committee called for AI-specific stress testing, clearer guidance on consumer protection and Senior Managers and Certification Regime (SMCR) accountability, and the designation of major AI and cloud providers as critical third parties. The FCA's Mills Review, launched in January 2026, is specifically examining the long-term impact of AI on retail financial services, with recommendations expected by summer 2026.
Despite regulatory complexities, financial institutions are rapidly increasing their investment in AI, with 83% of CFOs planning to boost enterprise-wide AI spending by over 15% in the next two years, according to Bain & Company. The Cambridge Centre for Alternative Finance's 2026 report indicates that 81% of financial services firms are adopting AI, though only 14% are considered mature in their implementation, with fintechs leading incumbents in advanced adoption. McKinsey & Company highlights the need for Chief Risk Officers to spearhead AI risk management, emphasising clear governance frameworks and ethical guidelines, and viewing compliance as an enabler for scaling AI rather than merely a cost.
Analyst firms like Gartner predict an 'AI-First Finance Function' by 2026, underscoring the importance of transaction integrity for scaling AI, while CB Insights notes a shift where compliance is becoming a competitive differentiator. However, challenges remain, including ensuring AI system accuracy, managing vendor landscape risks, protecting data security and privacy, and retaining human accountability for outcomes, particularly as agentic AI systems gain greater autonomy. Firms are urged to proactively map AI systems against risk categories and extend model risk management frameworks to cover bias and data governance, building governance infrastructure before further guidance arrives.
Sources
| ID | Title | Outlet | Date | Significance |
|---|---|---|---|---|
| v1 | The future of risk: How global trends are reshaping risk management | McKinsey & Company | 2025-12 | This report highlights the need for Chief Risk Officers to design and deploy AI risk management mechanisms, including governance frameworks and ethical guidelines, to navigate a fragmented global regulatory landscape. |
| v2 | Ushering in a new era of trusted AI | McKinsey & Company | 2026-03 | McKinsey argues that compliance should be viewed as an enabler for AI scale, advocating for streamlined, scalable, and digital approaches to regulatory adherence to unlock faster AI deployment and reduce risk. |
| v3 | State of AI trust in 2026: Shifting to the agentic era | McKinsey & Company | 2026-03 | This survey reveals that while Responsible AI (RAI) maturity is improving, strategy, governance, and agentic AI controls lag, with financial services outperforming other sectors in RAI maturity. |
| v4 | The Gap Between AI Strategy and Reality Is Execution | Bain & Company | 2025-12 | Bain's report from its Global AI in Financial Services Summit highlights that while AI's reshaping of financial services is clear, the primary challenge lies in execution, particularly in managing vendor risks and retaining human accountability. |
| v5 | 42% of CFOs plan to increase AI investment by over 30% within two years | Bain & Company | 2026-04 | This survey indicates a significant acceleration in AI capital commitment by CFOs globally, with 83% planning to increase enterprise-wide AI spending by over 15% and a large share allocated to finance functions. |
| v6 | Why You Should Treat The EU AI Act As A Foundation, Not An Aspiration | Forrester | 2024-09 | Forrester advises firms to proactively engage with the EU AI Act's risk categorisation and governance recommendations, highlighting its extraterritorial reach and phased enforcement schedule with hefty fines. |
| v7 | Gartner® Research: Predicts 2026 - Toward an AI-First Finance Function | Gartner | 2025-12 | Gartner's report predicts the emergence of an 'AI-First Finance Function' by 2026, emphasising the foundational role of transaction integrity for scaling AI in finance amidst increasing regulatory complexity. |
| v8 | CB Insights Tech Trends 2026 | CB Insights | 2026 | This report identifies compliance shifting from a cost centre to a competitive differentiator in the enterprise, with early adoption of AI agents in financial services signalling broader back-office automation. |
| v9 | The 2026 Global AI in Financial Services Report: Adoption, impact and risks | Cambridge Centre for Alternative Finance (CCAF) | 2026-04 | This comprehensive report highlights that 81% of financial services firms are adopting AI, but only 14% are mature, with fintechs leading incumbents in advanced AI adoption and regulators lagging in their own AI adoption. |
| v10 | AI regulation in financial services: navigating the EU AI Act in a layered regulatory landscape | Hogan Lovells | 2026-05 | This legal analysis details the EU AI Act's risk-based framework, its extraterritorial reach, and the layered compliance challenge for financial institutions in reconciling it with existing sector-specific regimes. |
| v11 | AI Governance in UK Financial Services: The Accountability Framework | Aveni | 2026-04 | This practitioner report outlines the UK's regulatory landscape, including the FCA Mills Review, the Treasury Committee's scrutiny, and the application of Consumer Duty and SMCR to AI, highlighting governance gaps in firms. |
| v12 | IRSG report on AI in financial services: emerging global norms | International Regulatory Strategy Group (IRSG) | 2026-01 | The IRSG report identifies global alignment on high-level AI principles but significant divergence in implementation, contrasting the UK's outcomes-focused supervision with the EU's prescriptive rulebooks. |
| v13 | Artificial intelligence in financial services | United Kingdom Parliament | 2026-01 | This report from the House of Commons Treasury Committee critically assesses the UK regulators' 'wait-and-see' approach to AI, warning of risks to consumers and financial stability and calling for AI-specific stress testing and clearer guidance. |