Sofia Ihsan, AI Consulting Lead at Forvis Mazars, says AI is now deeply embedded across financial services, but governance and oversight have not kept pace, creating growing operational, regulatory and trust risks for firms and advisers.
Although we’re already a month into 2026, for the months and years ahead it is clear that AI is no longer a futuristic ambition for financial services. It is increasingly embedded in the day to day operations of banks, insurers and wealth managers in areas such as real‑time fraud detection and credit decisioning to providing more personalised client journeys. For advisers, onboarding is faster, portfolio insights are more data driven, and digital engagement is becoming the norm.
Yet the governance of AI has not kept pace. Many firms still rely on frameworks designed for static models and approaches that struggle with AI’s dynamic, continuous learning nature. The result is a widening gap in operational resilience, regulatory readiness and cyber defence that, if unaddressed, can undermine client trust.
When AI decision‑making goes mainstream
AI‑enabled decisions now influence credit approvals, fraud alerts, risk profiling and client segmentation. Unlike traditional systems, modern models are often adaptive, updating as new data arrives. Legacy controls that depend on point in time validation and historical back tests are not enough on their own. Without ongoing oversight, firms risk drift that degrades performance, hidden bias that harms outcomes, and choices that are difficult to explain to clients or regulators. For advisers, the ability to articulate the rationale behind recommendations is central to both regulation and client confidence.
Beyond traditional model risk management
Traditional model risk management remains foundational, but it needs to be augmented for AI. Firms should adopt continuous monitoring, lifecycle governance and rigorous documentation of data lineage, training, testing and updates. This is not only about compliance; it is about resilience. Unmonitored models can degrade silently until issues become visible to clients or supervisors. For advice firms and their institutional partners, this also raises questions about reliance on third‑party platforms and data sources that embed AI beneath the surface.
A broader, faster‑moving cyber threat landscape
AI expands both the attack surface and the attack vectors. Threats such as data poisoning (manipulating training data), model inversion (extracting sensitive information), model stealing and prompt injection attacks are growing more sophisticated. Effective protection now requires a blend of cybersecurity discipline and an understanding of how models learn and behave over time, especially where client data and trust are at stake.
Board accountability and ethical oversight
Responsibility for AI governance is moving decisively to boards and senior leadership, alongside cyber security and financial controls. This includes ensuring staff are trained not only to use AI tools, but also to understand the regulatory, reputational, financial, ethical and operational risks and how to manage them. For advisers, this emphasis on ethical AI aligns with professional duties to act in clients’ best interests and to sustain confidence in the advice process.
Regulation raises the bar
Regulatory expectations are tightening. The EU AI Act and emerging standards are pushing firms to embed responsible AI principles from the outset covering risk tiering, documentation, transparency and post‑market monitoring, rather than retrofitting controls. Even where advisers are not directly in scope, they will feel the impact through platform providers, product manufacturers and data partners. In 2026, compliance is not just about avoiding penalties, it is about demonstrating trustworthiness in a digital advice ecosystem.
Governance as a competitive advantage
The differentiator in 2026 will not be how widely AI is deployed, but how intelligently it is governed. Firms that invest in robust oversight, transparency and ethical frameworks will innovate with confidence, protect clients and respond credibly to regulatory scrutiny. For IFAs and their clients, effective AI governance is not an abstract technical issue, it is fundamental to trust, resilience and the credibility of financial advice in an increasingly automated world.
