AI Governance Gap Analysis
Most financial services firms believe their GRC platform covers AI governance. It does not.
A GRC platform monitors. A governance framework accounts.
A Note on Privacy: The tool asks no questions that identify your organisation. The results stay on your hardware for internal use only. We receive no data from your session.
United Kingdom
Wealth Managers & Consolidators
Consumer Duty, in force since July 2023, requires wealth managers to demonstrate good outcomes for retail clients at every stage of the advice and investment process. AI driven decisions are not exempt. They are, if anything, under greater scrutiny.
For consolidators managing multiple entities post acquisition, the challenge compounds. Governance frameworks built in one firm do not automatically transfer to another. Each entity requires its own documented AI inventory, accountability mapping, and explainability trail.
The FCA has been explicit: firms cannot outsource accountability to a technology vendor. If your portfolio construction AI produces a client outcome that the FCA questions, the accountability sits with a named CF or SMF holder. Not with the platform provider.
Building Societies
Building societies are deploying AI faster than their governance frameworks are keeping pace. Mortgage underwriting algorithms, arrears management tools, savings rate optimisation, fraud detection. Each carries regulatory exposure. The PRA and FCA are watching.
The PRA's supervisory statement on model risk management (SS1/23) set clear expectations for firms using models including AI models in credit and underwriting decisions. Documentation of model logic, validation methodology, and human oversight is now a prudential requirement.
For building society CEOs and Chief Risk Officers, the risk is personal. Under SM&CR, AI governance within your remit is your accountability. A model that produces discriminatory lending outcomes, an arrears algorithm that fails to identify vulnerable customers, an AI driven product recommendation that does not meet Consumer Duty standards each is traceable back to a named individual.
Credit Unions
Most credit unions are not building AI. They are buying it. Loan assessment platforms, arrears management tools, fraud detection systems, member communications tools each supplied by a third party vendor whose AI logic the credit union has limited visibility into, and unlimited accountability for. The FCA's position is unambiguous: outsourcing a process does not outsource the responsibility to understand and govern it.
Consumer Duty, in force since July 2023, requires credit unions to demonstrate good outcomes for retail members at every stage of the lending and savings relationship. AI driven decisions including automated loan decisions and arrears flagging sit squarely within that obligation. The standard is not process compliance. It is demonstrable member outcomes.
For credit union CEOs and Compliance Officers, SM&CR adds a personal dimension. Named Senior Managers carry individual accountability for the systems and processes within their remit. If an AI assisted lending decision produces a discriminatory outcome, or if an arrears management algorithm fails to identify and appropriately handle a vulnerable member, accountability is traceable to a named individual.