Artificial intelligence has moved rapidly from buzzword to boardroom priority in asset management. Nowhere is that more evident than in financial crime prevention, where firms are exploring AI-driven tools for client onboarding, transaction monitoring and market abuse surveillance. But while the technology promises efficiency and sharper detection, it also raises difficult questions about regulation, accountability and risk.
That tension was at the heart of a recent discussion with Samuel Brewer, a financial services lawyer at City law firm Travers Smith, who advises asset managers on regulatory compliance.
Brewer describes an industry keen to innovate but wary of stepping too far ahead of regulatory comfort.
Explainability and regulatory hindsight
According to Brewer, two issues dominate conversations with clients considering AI deployment. The first is explainability. Regulators have long expected firms to understand and explain how their systems work, particularly when something goes wrong. AI, especially machine-learning models that evolve over time, challenges that principle.
“Firms are grappling with how bullish to be,” he says, noting that many tools are marketed as “AI-powered” without clear explanations of what that actually means. In a financial crime context, this matters: if an AI system fails to flag suspicious transactions, or wrongly excludes clients during onboarding, firms must still be able to justify the outcome to regulators.
The second concern is what Brewer calls retrospective interpretation. Regulators may appear supportive of innovation today, but enforcement decisions are often made years later. A decision that looks reasonable now could be judged harshly with the benefit of hindsight.
“That’s a big imponderable,” Brewer says. “The worry is not so much what regulators are saying now, but what happens in two or three years’ time if things haven’t worked as expected.”
A technology-neutral approach in the UK
In the UK, the Financial Conduct Authority (FCA) has so far resisted calls for AI-specific rules. Its consistent position, according to Brewer, is that AI is simply another technology and that the existing, technology-neutral rulebook should be sufficient.
In practice, that means firms are free to use AI in compliance systems – whether for market abuse surveillance or transaction monitoring – proving they continue to meet regulatory standards. There is no formal regulatory “sign-off” for AI tools, and responsibility ultimately rests with the firm.
The FCA has attempted to strike a balance through initiatives such as its AI Lab, which allows firms to discuss planned deployments in a relatively safe environment. However, Brewer suggested these initiatives have delivered mixed results. Some firms find value in early engagement, while others question whether the regulator has sufficient technical expertise and resources to keep pace with rapid innovation.
Europe’s more prescriptive stance
The picture is more complex in the European Union. The EU AI Act, which is being phased in over the next few years, represents a more prescriptive approach, categorising AI systems by risk level and imposing obligations accordingly. Financial services firms operating across borders must now consider how these requirements intersect with existing regulatory regimes.
Yet even in Europe, the direction of travel is not entirely clear. Brewer points to a recent European Parliament report on AI in financial services that struck a more cautious tone on over-regulation, citing competitiveness concerns and the risk of Europe falling behind the US.
“There’s an interesting tension,” he says. “The legislation is there, but you’re also hearing voices saying that sector-specific financial services rules may already be doing much of the job.”
Ethics, bias and data protection
Beyond formal regulation, AI raises ethical questions that are particularly acute in compliance functions. Brewer highlighted the risk of unintended discrimination in areas such as client onboarding and know-your-customer checks. If training data is skewed, AI systems may disproportionately reject certain demographic groups, creating both legal and reputational risks.
Data protection is another pressure point. Compliance systems inevitably process large volumes of personal data, and firms must ensure that AI tools do not inadvertently share or reuse data in ways that breach privacy rules.
In contrast, Brewer suggests that transaction monitoring raises fewer ethical concerns and more practical ones. “At that point it’s about efficacy,” he says. “Is the system actually working better than what you had before?”
Measuring effectiveness
Proving that AI delivers genuine benefits remains a challenge. Many firms default to productivity metrics: hours saved, alerts processed faster, or false positives reduced. But Brewer cautioned that these headline gains can be misleading if firms overlook the time and cost involved in building, testing and supervising AI systems.
“There’s almost always still a human in the loop,” he says. “Once you factor that in, the efficiency gains may be less dramatic than initially expected.”
Governance and accountability
From a legal perspective, governance is becoming as important as technology choice. Brewer said firms are increasingly asking whether AI oversight should be formally allocated under the UK’s Senior Managers and Certification Regime. Naming a senior manager with responsibility for AI could help demonstrate accountability, but it also concentrates risk.
Due diligence on third-party vendors is equally critical. Asset managers adopting AI-driven compliance tools should be asking suppliers how systems have been tested and benchmarked against regulatory requirements, and should deploy them gradually rather than “unleashing” them across the business.
What comes next?
Looking ahead three to five years, Brewer expects enforcement cases where AI plays a central role. Such cases are likely to expose gaps in existing frameworks and, in turn, prompt more targeted regulation – much as earlier technological shifts eventually led to new rules.
For now, however, the message to asset managers is one of cautious pragmatism. AI offers real potential to strengthen financial crime controls, but it does not absolve firms of responsibility. As Brewer put it, blaming the algorithm will never be an acceptable defence.
In a sector built on trust and oversight, the challenge will be harnessing AI’s power without losing sight of the principles that regulators, and investors, expect firms to uphold.
This interview forms part of a recently-published report on financial crime, produced in collaboration with FIS. The full report may be viewed by clicking here.
