Throughout the week in our In Focus series, we’ll be looking at how financial advice firms are using, and can use, artificial intelligence (AI) in ways that are practical, responsible and commercially valuable.
John Warchus, Partner in the Commercial & Technology Team at Moore Barlow, examines the legal risks facing financial advisers as AI adoption gathers pace.
Financial advisers are in an unusual position when it comes to artificial intelligence. Research from Unbiased consistently shows that people recognise AI as both a significant threat and a genuine opportunity for their profession in the future (56%), although widespread adoption remains limited. The hesitation is understandable given the potential legal risks involved as expectations rise and competitive pressure builds, the firms that delay are not just falling behind technologically, they are accumulating legal and regulatory risk without even realising it.
Adopting AI without solid legal foundations will prove costly in commercial, regulatory and reputational terms. The challenge is that the legal landscape itself is still taking shape, which makes it tempting to defer action. That would be a mistake.
The Legal Framework for AI
The UK government has deliberately avoided prescriptive AI legislation, instead opting for a principles-based approach around five principles: safety, security and robustness; transparency; fairness and accountability; and contestability and redress. These principles are being applied through existing regulators, including the FCA, using existing laws rather than new standalone AI laws.
The absence of specific AI legislation can create a false sense of security: without explicit obligations, firms may interpret the current frameworks as lenient. However, this is not the case. The FCA has established tools at its disposal, including the Senior Managers and Certification Regime, which provides a direct mechanism for holding individuals accountable for AI-related failures within their organisations. Targeted legislation is also widely expected, particularly around high-capability AI systems and intellectual property. The time to build governance frameworks is before that legislation arrives, not after.
Both FCA Regulations and the core five principles mean that IFAs will be liable for any tools they use in providing services to clients: this means that they will need to be able to explain how their AI systems work, what decisions are made by AI, and they will bear legal liability to clients for any errors (hallucinations) caused by the AI system used.
Keeping a “Human in the Loop”
Given that IFAs will be legally liable for their use of AI tools, it is crucial that human monitoring and oversight is maintained. Not only will this help to identify and avoid any errors before advice is sent to clients (or decisions taken) but it will also be a legal requirement in relation to Automated Decision Making implied by the five core principles referring to security and robustness.
Protecting IP, Confidentiality and Data
It is vitally important that vendor agreements are checked to explicitly confirm that the IFA firm owns the rights in all AI-generated outputs such as reports/models/investment strategies and that input data coming from an IFA/end client cannot be used by the vendor for future models or otherwise used without permission. In addition, firms need a clear right to extract or migrate data if they change platforms and the vendor should be obliged to assist with any such transfer.
Data Protection and Cyber Security
It is likely that the adoption of AI will lead to the increased processing and transfer of client personal data, so it is essential that all the correct legal safeguards are in place to ensure that such processing and transfers comply with GDPR. Equally, the growth of AI tools will increase the number of systems prone to attacks by hackers – these systems need IT and human protections put in place to repel such attacks.
Vendor Contracts and liability
When an AI system produces an error, the legal responsibility to the end client remains firmly with the adviser or the firm. All hallucinations (outputs that look plausible but are factually incorrect), present a particular risk: Without proper human review and correction, these errors can reach clients with significant adverse financial and reputational consequences for the IFA concerned
Contracts with AI vendors should therefore be carefully reviewed and negotiated to ensure that vendors do not insert unreasonable disclaimers for their systems and warrant that:
- Their systems will perform to a defined specification or performance level
- All training data was obtained and used lawfully
- Indemnities should cover for any vendor data breaches, misuse of confidential information and infringement of third party IP rights and regulatory non-compliance
- The contract has a reasonably large liability cap so that the IFA will have an effective remedy for any breaches by the vendor.
Meanwhile, the IFA firms own client terms should include appropriate liability limitations to limit any claims from end-clients and make clear that AI outputs may not be error-free, are subject to the operation of the markets and/or rely upon the accuracy of any information provided by the client.
Legal Vigilance
The IFA firms that approach AI adoption with a proper AI policy in place, robust contracts, and clear IP protections will be better placed to manage risk and build client trust. Enlisting specialist legal advice early should be seen as a commercial must for firms looking to use AI competitively and responsibly whilst minimising the risk of a legal claim. Ultimately, as with all professionals, IFAs will be liable if the AI tools they choose to use prove to be defective.
By John Warchus – Partner in the Commercial & Technology Team at Moore Barlow
![[UNS] celebrate](https://ifamagazine.com/wp-content/uploads/wordpress-popular-posts/801986-featured-300x200.webp)
