European Commission Shapes the Next Frontier of AI Governance in Finance
As financial institutions expand their use of artificial intelligence (AI), the EU is refining governance, accountability, and data-protection frameworks to safeguard markets and consumers. This initiative is crucial as AI increasingly shapes core workflows in financial operations, including onboarding, analytics, pricing, compliance, and portfolio allocation.
The Regulatory Landscape
Europe’s regulatory agenda recognizes AI as integral to operational resilience, conduct governance, and data-protection mandates. Key regulations include the Digital Operational Resilience Act (DORA), the General Data Protection Regulation (GDPR), and the developing EU AI Act.
At the Singapore FinTech Festival (SFF) 2025, discussions highlighted the expectation for deeper evidence of model control and lifecycle assurance following AI adoption. Explainability and human accountability have emerged as central themes in the responsible use of AI within the financial sector.
Operational and AI Governance
The EU’s regulatory framework aims not only to protect privacy and fundamental human rights but also to foster confidence in the development of digital and tokenised economies. Under DORA, financial firms must establish comprehensive ICT risk-management frameworks, report cyber incidents, and manage third-party ICT vendor risks.
Supervisory technical standards from authorities such as the European Banking Authority (EBA) and the European Central Bank (ECB) will define how validation, documentation, and model governance are implemented in practice.
Challenges in Explainability and Human Accountability
Explainability remains a challenge in applying AI to financial services. Understanding how AI reaches its conclusions can be complex, especially with systems that operate similarly to the human brain. The need for robust governance is crucial, with institutions focusing on the ethical use and legitimate purposes of AI tools.
Maintaining human oversight is essential, ensuring that financial institutions remain in control of AI systems while utilizing these tools to enhance efficiency and service offerings. Supervisors increasingly demand evidence of validation and monitoring processes that demonstrate AI behavior across its lifecycle.
Managing Third-Party Risks
As digital transformation progresses, financial institutions face growing complexities. Outsourcing technical functions does not transfer liability, and organizations must maintain oversight of their AI systems, even when utilizing third-party models or cloud services.
Generative AI (GenAI) provided through large third-party models requires the same scrutiny. Clear controls are necessary to manage issues like hallucinations, misclassification, and unintended bias, ensuring that third-party AI remains within the bank’s risk perimeter.
Governance-First Foundations for Scalable AI
Effective human oversight is central to responsible AI deployment. Regulators are increasingly adopting hands-on approaches to engage with institutions, working through practical implementation issues rather than relying solely on abstract guidelines.
Across jurisdictions, regulatory approaches differ, with the EU developing a comprehensive framework for high-risk AI, while other regions adopt sector-specific guidance or principles-based approaches. A consistent supervisory principle is proportionality, where controls should reflect the materiality and risk of each AI use case.
Conclusion
For institutions, the imperative is clear: AI must be governed with the same rigor as capital, liquidity, and operational risk. The EU’s regulatory principles offer the stability needed to adopt AI confidently, highlighting that strong governance is foundational for innovation, safeguarding customers, and scaling AI across mission-critical processes.
