FIN.
Financial Crime PreventionFintech & InnovationResourcesSupervision

Report looks at global norms for AI in financial services

13/01/2026
Sheilah Mackie

A report by the International Regulatory Strategy Group has looked at consistency and disparities between emerging norms in the use of AI in financial services.  Generally, it found that there is broad alignment on high level principles but divergence as to how countries operationalise them, with some using prescriptive regimes and others principle-based and innovation-first approaches. The EU is more prescriptive, the UK of course is principles-based and Singapore uses voluntary guidance. Key conclusions from the report include:

  • that AI largely amplifies existing risk rather than adding new ones – specifically model risk, data governance, third-party concentration and cyber-threats;
  • principles-based supervision with technology-neutral rules at its heart works best;
  • that there should not be any new hard global rules on AI, not least because the rapid evolution of AI would risk obsolescence of rigid rules.

The report usefully recaps on uses by industry and regulators. For industry, it summarises current uses as:

  • customer focussed in:
    • credit underwriting
    • marketing
    • insurance
    • chatbots
  • operations-focussed in:
    • back office functions
    • risk management
    • information processing
  • trading and portfolio management
    • market sentiment analysis
    • portfolio management
  • regulatory compliance
    • fraud and money laundering/terrorist finance detection
    • financial crime reporting

Supervisors are increasingly using AI for many aspects of supervision and also for stress testing, with the example given of modelling social media interactions in a bank run.

The report annexes details on how several key jurisdictions are regulating, and notes that the uptake of AI is hampered by cross-border issues, mainly data localisation policies. This is constraining innovation, while restricted cross-border data flows can also create blind spots in AI risk assessments. The report also notes that the extra-territorial impact of some laws, such as the EU AI Act has had the effect of creating an additional layer of regulation at enterprise level, given it is impractical to deploy different variations between jurisdictions.

If you’d like to discuss this further, please contact Katie Simmonds or me, Sheilah.

Sheilah Mackie

View all posts