AI is Already Subject to Regulatory Scrutiny. But Most Firms Are Not Ready.
Across financial services, 88% of firms using AI have no formal AI risk management framework in place. With the enforcement of the EU AI Act arriving in August 2026, the window to act is narrowing.
ACA Group & National Society of Compliance Professionals (NSCP) Publication: 2024 AI Benchmarking Survey (Oct 29, 2024)
Aegis Compass | AI Governance™ · Launching May 2026
AI Governance is Lagging Behind AI Adoption
Seventy-five per cent of UK financial services firms now use AI. And regulators in the EU, UK, US, Singapore, and beyond have responded with binding obligations, sector-specific expectations, and, in some cases, enforcement. So the question is no longer whether regulations apply to AI. It is whether your firm can demonstrate that it governs its AI systems effectively, not just in policy but in practice.
Aegis Compass | AI Governance™ is Argus Pro's forthcoming assessment framework for AI governance and regulatory compliance. Built on ISO/IEC 42001:2023 and aligned with the EU AI Act, FCA expectations, MAS FEAT Principles, and other AI governance obligations across jurisdictions, it provides compliance leaders with a structured, independent view of where they stand in AI governance and what it will take to close the gap.
75%
of UK financial services firms now use AI in some form
From Principles to Obligations: The AI Regulatory Shift
For several years, AI governance in financial services relied on voluntary frameworks and principles-based guidance. However, that era is now ending. Regulators are enforcing binding obligations and supervisory expectations across the jurisdictions where Argus Pro’s clients operate.
In the European Union, the AI Act (Regulation (EU) 2024/1689) took effect on 1 August 2024. Following this, regulators imposed prohibitions on unacceptable-risk AI practices in February 2025. Additionally, rules for general-purpose AI models will be enforceable starting August 2026.
Authorities categorise credit scoring, fraud detection, and automated customer decision-making as high-risk AI systems. These systems now require mandatory risk assessments, data governance controls, human oversight, and conformity assessments before deployment.
Meanwhile, the United Kingdom's FCA has stated it will not introduce AI-specific rules anytime soon. Instead, firms should apply existing frameworks, like Consumer Duty, the Senior Managers and Certification Regime, and model governance obligations, to AI systems with the same diligence they would for any regulated activity.
In Singapore, the MAS FEAT Principles and the Veritas Toolkit set substantive expectations for AI in banking and insurance. Conversely, in Hong Kong, the HKMA has outlined principles for the responsible use of AI. Japan’s AI Promotion Act came into effect in June 2025.
In the United States, federal regulation remains fragmented. However, state-level legislation in Colorado, California, and New York is shaping a complex compliance landscape. Additionally, sector-specific guidance from the SEC, FDIC, and OCC is also significant.
Globally, frameworks and risk assessments published by the Financial Stability Board, IOSCO, and the OECD are influencing supervisory expectations. This is true even where binding rules have not yet been implemented.
Compliance Gaps That Regulators Are Already Examining
Governance and explainability are crucial components outlined in the EU AI Act, FCA Consumer Duty, and MAS FEAT Principles. Regulators are actively posing specific questions about AI-driven decision-making. They want to know how bias is tested and mitigated. Moreover, they seek clarity on how senior managers oversee AI systems that can be complex.
These concerns are not just theoretical; they have real implications. For example, the FCA's January 2025 research uncovered systematic risks in credit scoring models used across the industry. Consequently, firms must pay attention to these findings.
The EU AI Act also classifies credit scoring and fraud detection as high-risk areas. Thus, firms with existing AI deployments in these sectors may already face compliance issues. With obligations taking effect in 2026, the time for action is now.
A Structured View of Where Your AI Governance Stands, and What It Will Take To Close The Gap
Aegis Compass | AI Governance™ targets compliance leaders and boards overseeing AI governance in regulated firms. It focuses on governance rather than auditing technical aspects of AI systems. By providing a structured and cross-jurisdictional view, it helps assess how well a firm's AI practices align with compliance obligations.
The framework is based on ISO/IEC 42001:2023, the global standard for AI management systems. Additionally, it is adjusted to meet binding regulatory guidelines across various jurisdictions. This ensures relevance and adherence to diverse requirements.
Moreover, Aegis Compass | AI Governance™ addresses fourteen key domains. These include risk classification and governance, algorithmic accountability, and explainability. It also emphasises transparency, model risk management, and third-party AI oversight. Human oversight mechanisms and bias controls are crucial as well. Furthermore, it includes data governance for AI, incident reporting and response, and cross-border compliance management. Overall, Aegis Compass | AI Governance™ offers a comprehensive approach to AI governance.
Unlike ISO/IEC 42001:2023 certification, which confirms that an AI management system is in place, Aegis Compass | AI Governance™ measures whether that system is working effectively in practice. It assesses both maturity and effectiveness against a common baseline, enabling comparison and benchmarking.
Built for the Accountable, Not the Model Builders.
The Argus Pro Ecosystem
Argus Pro's platforms form a connected ecosystem for continuous compliance management:
- Aegis Compass | AFC™ – Anti-Financial Crime compliance assessment
- Aegis Compass | CDOR™ – Cybersecurity and Digital Operational Resilience assessment
- Aegis Compass | AI Governance™ – AI governance and regulatory compliance assessment
- Aegis Compass | ESG™ – ESG compliance at the intersection of financial crime and operational resilience
- NexEdge™ – Regulatory change management platform
- Argus Pro Assess, powered by Traverse™ – Scenario-based capability assessment
Register your interest in Aegis Compass | AI Governance™
Launching May 2026
While 48% of firms have formal AI governance committees, only 28% test or validate AI outputs, and just 24% have policies governing third-party AI use. Business Wire.
Progress is visible, but structural governance gaps remain. Don't get caught out. Act now.
ACA Group & National Society of Compliance Professionals (NSCP) Publication: 2025 AI Benchmarking Survey.
Related
Aegis Compass | AFC™
Measure the effectiveness of your Anti-Financial Crime programme across 30 jurisdictions.
Learn more
Aegis Compass | CDOR™
Assess your Cybersecurity and Digital Operational Resilience position across 30 jurisdictions, including DORA, NIS 2, and the UK CBEST framework.
Learn more
NexEdge™
Regulatory intelligence that tracks, checks, and alerts, so that your compliance position keeps pace with a regulatory landscape that does not stand still.
Learn more
Disclaimer: Argus Pro is not an auditor and does not provide audit opinions; our frameworks are not audits. Our frameworks support readiness, prioritisation and improvement planning.