Artificial intelligence tools are moving from experimentation into operational workflows across capital markets, forcing financial firms to revisit how internal governance, model risk controls, and accountability frameworks apply to increasingly complex systems.
Regulators and industry bodies have highlighted that AI and machine learning are being deployed across market-facing functions, while emphasizing that governance, oversight, and transparency requirements do not disappear when decisions are partially automated.
Adoption expands while oversight standards tighten
IOSCO’s work on AI in capital markets has highlighted both the breadth of emerging use cases and the associated risks — particularly around model complexity, explainability, and the potential for unintended outcomes.
In parallel, the CFA Institute has argued that explainability is increasingly central to institutional trust and risk governance in finance, with “black box” behavior acting as a barrier to broader organizational adoption.
The net effect is a widening gap: optimization gains are accelerating, while governance systems are being pressured to catch up.
Governance moves from “AI policy” to operational control
A growing share of oversight focus is shifting from high-level AI principles toward operational questions, including model ownership, override authority, output monitoring, and failure containment.
NIST’s AI Risk Management Framework frames governance as a lifecycle function, emphasizing structured processes to map, measure, and manage AI-related risks rather than treating oversight as a one-time, pre-deployment exercise.
For financial organizations, this effectively translates AI adoption into a governance challenge, requiring the integration of AI systems into existing control stacks, audit frameworks, and accountability structures.
This shift reflects broader structural concerns around how AI systems are instructed, constrained, and supervised within market infrastructure.
Explainability becomes a risk variable, not a feature
As AI systems become more complex, explainability is increasingly treated as a risk variable rather than a product preference.
CFA Institute research argues that explainable AI is needed not only for compliance but also for institutional trust and effective risk governance, because opaque models can weaken oversight and decision accountability.
Regulatory-oriented analysis has similarly emphasized that lack of explainability can create model risk in critical financial contexts, including where models affect regulatory or prudential outcomes.
Model risk management frameworks extend into AI
Rather than inventing entirely new oversight regimes, many institutions are likely to extend existing model risk management logic into AI.
In the UK, the Bank of England’s Prudential Regulation Authority has outlined principles for model risk management frameworks that emphasize governance, controls, validation, and ongoing monitoring — concepts that translate directly to AI and machine learning systems used in decision-making.
This is one reason AI governance is increasingly being pulled into risk committee territory: once models influence capital allocation, execution, credit, or surveillance functions, oversight standards become structural rather than optional.
Implications for market infrastructure
As financial organizations operationalize AI, governance and oversight increasingly become part of the adoption pathway — shaping what can be deployed, where it can be deployed, and under what monitoring expectations. IOSCO has specifically pointed to governance and risk management as central themes as AI use expands in capital markets.
