How should financial institutions balance the potential of LLMs with the regulatory and compliance requirements that govern financial services?
Simon Thompson, Head of AI, ML and Data Science, GFT‘ Balance’ is, perhaps, the wrong mindset. Compliance isn’ t optional for Financial Services Organisations. Luckily, it is possible to meet compliance obligations while using LLMs. There are two steps: first, establish a clear and workable governance process.
That means a process that’ s for real, which makes actual decisions in a timely manner, rather than a process that plays pass the parcel with submissions.
So, the folks running the process have to be accountable to decision makers and empowered to make decisions themselves.
The second step is to create a culture of looking before leaping. Working through the steps to get an application into production before creating demos can prevent the generation of a lot of smoke and no fire.
A structured approach from the start helps flag the real blockers, like not having enough data to validate a use case, before time and money get sunk into it.
Richard Harmon, Vice President and Global Head of Financial Services at Red Hat It is important to start out by thinking holistically about the final product or solution, taking into account key design principles where Gen AI will be utilised. There needs to be a balance between the use of sophisticated algorithms and tools as part of a solution, with the corresponding regulatory and compliance requirements, as well as a key requirement for enhanced explainability capabilities.
The EU-AI Act, which came into force on March 13th, is the most comprehensive global AI-focused regulatory example so far, and it aims to take a balanced( i. e., risk-adjusted) view on what is permitted while taking into account a range of determining factors to ensure robust and trustworthy AI systems.
These include the need for explainability, comprehensive documentation, stringent process and data governance, continuous human oversight, proactive risk management and meticulous auditability.
The image opposite provides one simple, principled approach to be taken into account when planning all gen AI-based solutions – the design of the solution needs to ensure that it is“ Trustworthy”, as this is crucial for adoption.
Regulatory compliance will and should limit the use of Gen AI if there is not a sufficient degree of explainability and transparency so that the solution outcomes are understood by all parties.
122 September 2025