AGI Readiness for Financial Services: What Banks, Insurers, and Asset Managers Should Be Doing Now

The three AI capability frontiers in financial services

Financial services organisations face AI capability advances on three distinct fronts, each creating different governance challenges and requiring different responses. Understanding which frontier poses the most immediate governance challenge for your specific institution is the starting point for effective readiness planning.

AI in investment and markets is advancing rapidly. Algorithmic trading has existed for decades, but the integration of large language models into investment research, earnings analysis, portfolio construction, and market commentary is qualitatively new. AI systems that can synthesise earnings calls, analyse regulatory filings, and generate investment recommendations at a scale and speed impossible for human analysts are already in use. The governance challenge: these systems are making or substantially informing investment decisions at speeds that make traditional pre-trade human oversight infeasible. Model risk management frameworks must evolve to address AI systems that operate faster than human review can keep pace with.

AI in risk management is the governance frontier where financial regulators are most active. Credit scoring AI, fraud detection AI, and AML/CFT AI are all subject to specific regulatory expectations that are more demanding than those for traditional statistical models. The specific governance gap most financial institutions face: model validation methodologies developed for logistic regression and scorecard models do not adequately validate the AI/ML systems increasingly being used for the same purposes. Independent validation of gradient boosted models, neural networks, and LLM-based systems requires different technical expertise and different methodological approaches.

AI in customer service and advice is where the immediate conduct risk lies. AI systems generating personalised financial communications, AI-assisted advice, and AI-driven claims processing are subject to conduct regulation — Consumer Duty in the UK, ASIC's responsible conduct obligations in Australia, CFPB oversight in the US — that applies regardless of whether a human or an AI system is involved in the communication. The specific risk: AI-generated financial communications that are plausible-sounding but inaccurate, or that constitute advice without the appropriate authorisations and best interests protections.

Extending model risk management to frontier AI

The SR 11-7 model risk management framework — the foundational US banking standard, with equivalents from APRA, the EBA, and other financial regulators — was designed for statistical models with well-defined inputs, processing logic, and outputs. Extending it to large language models and agentic AI systems requires adapting several core elements. Model validation for LLMs cannot rely on the same interpretability-based approaches used for traditional models — red-teaming, adversarial testing, and capability evaluation are the emerging validation methodologies. Performance monitoring for LLMs must address distributional shift, prompt sensitivity, and the possibility that model outputs change when the underlying model is updated by the vendor. And model ownership for AI systems developed and maintained by third parties requires vendor management approaches that go beyond traditional technology outsourcing governance.