AI in Financial Services: What You Should Know About Emerging US and UK Approaches

As financial institutions across insurance, banking and asset management increasingly embed artificial intelligence into underwriting, claims processing, investment analysis, fraud detection, compliance, and operational workflows, governance expectations are evolving just as quickly.

Boards are now faced with a practical challenge: how to ensure AI systems remain transparent, controllable, and resilient while regulatory expectations are still developing.

Across the financial services ecosystem, regulators are rapidly shifting their focus from supporting AI innovation toward strengthening governance and supervisory oversight.

In the United States, detailed implementation tooling for AI governance in financial services is increasingly emerging through industry-led frameworks such as the recent Financial Services AI Risk Management Framework (FS AI RMF), alongside supervisory oversight from multiple federal financial regulators.

In the United Kingdom, AI oversight is developing primarily through existing regulatory institutions such as the Financial Conduct Authority (FCA) and the Bank of England, which are integrating AI supervision into established financial regulatory regimes.

Two distinct governance philosophies are emerging:

• a structured, control-led framework developing in the United States

• a principles-based, regulator-led supervisory model in the United Kingdom

  
  

Both aim to enable responsible AI adoption while maintaining trust in financial systems. For insurance boards and operational leaders, understanding how these approaches differ can help shape governance strategies for the coming years.

The US Approach: Structured AI Risk Governance

The development of sector-specific governance tools in the United States is occurring within a broader national push to accelerate AI innovation. This policy direction was reinforced by the White House’s AI Action Plan, released in July 2025, which outlines national priorities for innovation, infrastructure, and global technology leadership.

In February 2026, the Financial Services AI Risk Management Framework (FS AI RMF) was introduced through a collaboration of financial institutions, industry groups, and public-sector stakeholders. The framework builds on the National Institute of Standards and Technology (NIST) AI Risk Management Framework, translating its principles into practical guidance tailored to financial services operations.

Rather than introducing entirely new regulatory concepts, the framework translates established risk management practices into structured implementation tools for AI systems.

The framework includes several operational resources:

• FS AI RMF Executive Summary

• AI Adoption Stage Questionnaire

• Risk and Control Matrix (RCM)

• Implementation Guidebook

• Control Objective Reference Guide

• Quick-start adoption guidance

  
  

At its core, the framework introduces 230 control objectives designed to help financial institutions embed governance across the AI lifecycle.

Organisations are encouraged to assess maturity across four stages: initial, developing, integrated, and embedded.

For technology and risk leaders, the value of this model lies in its operational clarity. It provides a structured roadmap for implementing AI governance across areas such as:

• model design

• training data integrity

• operational monitoring

• third-party dependencies

• incident response

  
  

This structured approach aims to ensure that trust and accountability are built into AI systems by design.

The UK Approach: Principles, Accountability, and Regulatory Integration

The United Kingdom has largely adopted a principles-based regulatory model for AI.

Rather than introducing AI-specific legislation for financial services, the UK government and regulators have chosen to apply existing regulatory frameworks to AI technologies.

Financial regulators such as the Financial Conduct Authority (FCA) and the Bank of England oversee AI adoption within their existing supervisory structures.

This reflects the UK's broader regulatory philosophy of principles-based oversight, where firms are expected to demonstrate that emerging technologies operate in line with established regulatory standards.

The FCA’s AI Update emphasises responsible and proportionate adoption of AI across financial services. Firms are expected to ensure their systems align with core regulatory principles including:

• safety and robustness

• fairness and transparency

• accountability

• operational resilience

  
  

Within this framework, the Senior Managers and Certification Regime (SMCR) plays an important role. It reinforces that senior leaders remain accountable for decisions made by AI systems deployed within their organisations.

However, the UK approach has also attracted scrutiny.

A recent Treasury Committee report (HC 684) raised questions about whether firms currently have sufficient operational clarity when implementing AI within existing regulatory frameworks.

At the same time, regulators are actively building supervisory insight.

The FCA has launched further initiatives, including its Call for Input on the long-term impact of AI in retail financial services (*the “Mills Review”)*, to better understand the systemic and competitive implications of AI adoption.

This suggests the UK model is continuing to evolve, with regulators gathering evidence and industry input before introducing additional supervisory expectations.

Where AI Risk Appears in Insurance Operations

For insurers, AI risk management rarely exists in isolation.

AI models often depend on complex operational ecosystems, including:

• bordereaux ingestion pipelines

• claims automation workflows

• fraud detection models

• third-party analytics providers

• cloud-based AI infrastructure

  
  

Governance frameworks, therefore, need to address more than model explainability.

They must also consider the traceability of data inputs, automated decision paths, and operational dependencies that underpin AI-enabled processes.

As a result, governance discussions around AI are increasingly moving beyond technical model design toward broader questions of organisational oversight, accountability, and operational control.

Key Governance Considerations for Insurance Boards

For insurance leaders, the more important question is not which regulatory approach is “better,” but how each framework shapes governance expectations.

We identify several themes emerging across both jurisdictions.

Structured Controls vs Principles-Based Oversight

The US FS AI RMF provides detailed implementation tools and maturity staging, offering organisations a structured governance architecture.

The UK approach relies on principles-based oversight, meaning firms must demonstrate that AI systems operate in line with existing regulatory principles rather than following a single prescriptive framework.

Control Design vs Accountability Design

The US model emphasises predefined control objectives embedded within operational processes.

The UK model places greater weight on individual accountability through regulatory regimes such as SMCR.

Supervisory Structure vs Regulatory Integration

The US framework introduces a dedicated governance structure for AI within financial services.

The UK approach integrates AI oversight into existing regulatory frameworks while regulators continue to evaluate whether additional guidance may be required.

Third-Party and Infrastructure Risk

Both jurisdictions recognise the growing concentration risk within AI and cloud ecosystems.

The UK is advancing its Critical Third Parties regime, while US frameworks emphasise shared-responsibility models across AI supply chains.

What This Means for Insurance Leaders

Across both regulatory approaches, one expectation is becoming increasingly clear: organisations must be able to demonstrate traceability, governance, and operational resilience in AI deployment.

For boards, this means ensuring that AI adoption is supported by:

• clear accountability structures

• observable decision processes

• reliable data pipelines

• effective monitoring and controls

  
  

In practice, AI governance is increasingly linked to the operational architecture that supports automated decisions.

Preparing for the Next Phase of AI Governance

Whether firms adopt the structured control frameworks emerging in the US or operate within the UK’s principles-based model, the direction of travel is similar.

AI adoption in financial services will increasingly require organisations to demonstrate that their systems are:

• explainable

• controllable

• auditable

• operationally resilient

  
  

For insurers, preparing for this shift involves understanding not only the regulatory frameworks themselves but also the data flows and operational processes that support AI-driven decisions.

Organisations that build this visibility early will be better positioned to scale AI adoption with confidence.

Supporting Responsible AI Adoption

As financial institutions assess how their operational processes and data pipelines support AI governance, it becomes increasingly important to ensure these systems remain transparent, traceable, and controllable.

Watertrace works with leading financial institutions, including insurers, MGAs, banks, and asset managers, to help make operational processes observable, structured, and scalable. This enables organisations to support automation and AI adoption while strengthening governance, resilience, and regulatory readiness.

If your organisation is assessing how operational processes, data flows, or automation pipelines support AI governance, **get in touch with Watertrace to explore how structured operational visibility can support safe and scalable AI adoption.**

The Future of AI Governance in Financial Services

As we look ahead, the landscape of AI governance will continue to evolve. Financial institutions must stay ahead of regulatory changes and technological advancements. This requires a proactive approach to governance.

Embracing Change

Change is inevitable. The financial services sector must embrace it. AI is not just a tool; it is a transformative force. By adopting robust governance frameworks, organisations can harness AI's potential while mitigating risks.

The Role of Technology

Technology will play a crucial role in shaping the future of AI governance. Advanced analytics and machine learning can enhance oversight capabilities. These technologies can provide insights into AI system performance, helping organisations maintain compliance and operational integrity.

Building a Culture of Compliance

A culture of compliance is essential. Financial institutions must foster an environment where governance is a shared responsibility. This involves training staff, promoting awareness, and ensuring that everyone understands their role in maintaining AI governance.

Conclusion

In conclusion, the journey towards effective AI governance in financial services is ongoing. By understanding the regulatory landscape and implementing structured frameworks, organisations can navigate the complexities of AI adoption. The future is bright for those who prioritise governance and accountability in their AI initiatives.

Watertrace is committed to supporting financial services organisations in achieving intelligent automation. By providing the tools and insights needed for effective governance, we help clients gain a competitive edge in an ever-evolving landscape.

FAQs

What is AI governance in financial services?

AI governance in financial services refers to the frameworks, controls, policies, and oversight mechanisms used to ensure artificial intelligence systems operate safely, transparently, ethically, and in compliance with regulatory expectations. It includes areas such as accountability, model monitoring, data quality, operational resilience, and auditability.

Why is AI governance becoming important for insurers and banks?

As AI becomes more deeply embedded in underwriting, fraud detection, claims automation, investment analysis, and compliance processes, regulators increasingly expect firms to demonstrate that these systems are explainable, controllable, and resilient. Poor governance can create operational, compliance, reputational, and financial risks.

What is the FS AI Risk Management Framework (FS AI RMF)?

The Financial Services AI Risk Management Framework (FS AI RMF) is a US industry-led governance framework introduced in 2026 to help financial institutions implement structured AI controls. It builds on the NIST AI Risk Management Framework and includes practical tools such as control objectives, maturity assessments, risk matrices, and implementation guidance tailored to financial services.

How does the US approach to AI regulation differ from the UK approach?

The US approach is evolving around structured governance frameworks with detailed controls and operational implementation guidance. The UK approach is more principles-based, with regulators such as the FCA and Bank of England integrating AI oversight into existing regulatory frameworks rather than introducing standalone AI legislation for financial services.

What are the main AI governance risks for insurance companies?

Common AI governance risks in insurance include:

• biased underwriting decisions

• lack of explainability in automated claims processing

• poor data quality

• inadequate monitoring of AI systems

• third-party model dependencies

• operational failures within automated workflows

• insufficient audit trails for AI-driven decisions

What does “explainable AI” mean in financial services?

Explainable AI refers to the ability to understand and justify how an AI system reaches decisions or recommendations. In financial services, explainability is important for regulatory compliance, customer fairness, operational oversight, and risk management.

How does the FCA regulate AI in financial services?

The FCA currently regulates AI through existing financial services regulations rather than dedicated AI laws. Firms are expected to ensure AI systems align with core regulatory principles such as fairness, accountability, operational resilience, transparency, and consumer protection.

What is the role of SMCR in AI governance?

Under the UK’s Senior Managers and Certification Regime (SMCR), senior leaders remain accountable for decisions and operational outcomes involving AI systems. This means firms cannot fully outsource responsibility for automated decisions to technology platforms or AI models.

What are AI control objectives in financial services?

AI control objectives are governance requirements designed to ensure AI systems operate safely and reliably. They may include controls around:

• model validation

• data lineage

• access management

• monitoring and testing

• incident response

• third-party oversight

• audit logging

• human review processes

Why is operational resilience important for AI systems?

AI systems often depend on complex data pipelines, cloud infrastructure, and third-party services. Operational resilience ensures firms can maintain critical services, detect failures, recover quickly from incidents, and continue operating safely even when disruptions occur.

How can insurers prepare for future AI regulation?

Insurers can prepare by:

• establishing clear governance structures

• improving data traceability

• implementing monitoring and audit capabilities

• documenting AI decision processes

• strengthening third-party oversight

• aligning operational controls with emerging regulatory expectations

What are regulators most concerned about with AI in financial services?

Regulators are increasingly focused on:

• transparency of automated decisions

• consumer fairness

• systemic risk

• concentration risk from cloud and AI providers

• operational resilience

• governance accountability

• model drift and ongoing monitoring

• cybersecurity and data integrity

What is AI operational visibility?

AI operational visibility refers to the ability to observe, trace, and monitor the data flows, processes, dependencies, and automated decisions that support AI systems. This helps organisations improve governance, auditability, resilience, and regulatory readiness.

How does AI affect compliance and risk management in banking and insurance?

AI can improve fraud detection, monitoring, and operational efficiency, but it also introduces new governance and compliance risks. Firms must ensure AI systems comply with regulatory standards, produce reliable outcomes, and maintain adequate human oversight.

Will the UK introduce AI-specific financial services regulation?

The UK is currently taking a regulator-led and principles-based approach rather than introducing standalone AI legislation for financial services. However, regulators continue to gather industry feedback and may introduce additional supervisory guidance as AI adoption expands.

What is third-party AI risk in financial services?

Third-party AI risk refers to governance and operational risks created when organisations rely on external AI vendors, cloud providers, analytics platforms, or outsourced data services. These dependencies can create challenges around oversight, resilience, accountability, and concentration risk.

How can financial institutions make AI systems more auditable?

Financial institutions can improve AI auditability by:

• maintaining clear data lineage

• logging automated decisions

• documenting model changes

• monitoring system performance

• implementing governance controls

• ensuring human oversight where necessary

• creating transparent reporting processes

What does “responsible AI” mean in financial services?

Responsible AI refers to the development and deployment of AI systems in ways that are ethical, transparent, fair, secure, and aligned with regulatory expectations. It focuses on ensuring AI supports business outcomes without creating unacceptable operational or societal risks.

Why are boards becoming more involved in AI governance?

Boards are increasingly responsible for overseeing technology risk, operational resilience, and regulatory compliance. As AI systems become more business-critical, boards are expected to ensure appropriate governance, accountability, and control frameworks are in place.

How can operational processes impact AI governance?

AI systems rely heavily on the quality and reliability of operational processes and data pipelines. Weak operational controls can reduce transparency, increase risk exposure, and undermine the accuracy and trustworthiness of AI-driven decisions.