“Built for another era” – Are current regulations amplifying AI risk?

With the U.S. Treasury’s recent AI innovation roundtables highlighting that regulatory frameworks “built for another era” may be increasing compliance risks by making firms reluctant to innovate, how can regulators work with the industry to support the deployment of advancing technologies?

06 July 2026 6 mins read
Profile picture of Kathryn Fallah By Kathryn Fallah
Written by humans

Written by a human

In brief:

  • Recent innovation roundtables hosted by the U.S. Treasury have explored scaling AI as it moves from experimentation to implementation
  • Participants stated that regulation needs to be “fit-for-purpose” and flexible
  • Discussion focused on how regulatory culture must shift to encourage innovation, and the need for regulators and the industry to stay in step

It’s been said that those who don’t move forward fall behind. In the case of AI governance, those who aren’t moving forward aren’t just falling behind – they may fall into trouble. In a series of U.S. Treasury roundtables focusing on AI innovation, participants across financial services stressed the need for governance and regulatory guidance to evolve alongside AI. 

Many organizations have already passed the experimentation stage and are now considering how to integrate generative AI (GenAI) technologies into workflows on a larger scale, with Global Relay’s recent Industry Insights report finding that 54% of firms intend to introduce AI into their compliance or surveillance workflows in the next year. But can regulatory frameworks “built for a different era” hold back innovation while increasing risk?

Strategy to scale: Evolving alongside AI

Over the past several months, the U.S. Treasury hosted a four-part roundtable series on AI innovation, which opened the floor to financial institutions, technology firms, and regulators to discuss:

  • High-value AI use cases, including back-office operations and risk management, such as anti-money laundering suspicious activity reports
  • The best approaches for facilitating innovation
  • Current blocks to adoption

From fast-evolving AI use cases to the potential for generative tools to boost financial crime compliance, firms are past the point of merely testing potential AI use cases. As roundtable participants stated, the current challenge is determining how to operationalize these strategies and where governance and regulatory guidance can support implementation.

AI has presented tremendous value to the financial services industry, with roundtable participants stating that it offers firms the potential to “boost worker productivity, reduce firms’ operational costs, and raise overall firm output.” However, Comptroller of the Currency Jonathan Gould also noted it’s vital that regulatory frameworks evolve in step to “facilitate growth and preserve confidence in the banking system.”

Modern technology calls for modern regulation

Roundtable participants stated that AI regulation should be “fit for purpose.” To support responsible adoption, regulators should be “clarifying expectations, remaining technology-neutral, and avoiding overly prescriptive approaches,” such as by taking an outcomes-oriented view and ensuring rules around AI are not more stringent than those applicable to humans.

The balance of AI regulation is a hotly contested topic, with the industry split down the middle – 45% think we would benefit from more prescriptive AI regulation, while 41% think that regulators being clearer on existing expectations would be more beneficial.

Firms may be hesitant to deploy tools without clear guidance, with 38% of firms seeing this lack of clarity as a considerable barrier to AI adoption, and 47.5% seeing it as “somewhat of a barrier.”

Treasury Secretary Scott Bessent explained how a lack of regulatory clarity or frameworks that are not built for the current moment may be negatively impacting AI uptake:

“Regulatory frameworks built for a different era can result in a reluctance to innovate, and that reluctance in itself can become a source of financial stability risk. When financial institutions cannot deploy tools that enhance their security, resilience, and global competitiveness, the economy as a whole suffers.”

Beyond adapting regulations, participants also stated that agency culture needs to shift. Instead of merely accepting innovation at supervised firms, examiners should be encouraging it and embracing it, such as by utilizing AI tools themselves for exams.

Don’t fall behind the innovation curve

Alongside modern regulation, the roundtable series also covered AI’s essential role in defending against risk in an increasingly challenging landscape. With threat actors misusing novel tools to carry out unprecedented threats, firms that fail to leverage AI to defend against cyberattacks, fraud, and financial crimes may find themselves more vulnerable to breaches or attacks. Concerningly, roundtable participants noted the lack of regulatory clarity around AI tools that can increase cybersecurity.

Especially as firms implement generative AI tools that can analyze data and influence decision-making, model accuracy is key to maintaining customer trust. Participants noted that emerging model risk management frameworks and structured processes can help address these risks. They also requested modernization of model and third-party risk expectations, especially where GenAI model validation and supply chain accountability are concerned.

What measures can firms take to support compliant AI adoption?

Regulators are in a tricky position, caught between an industry that is increasingly loud in its demands for guidance and the incredible pace of AI evolution threatening to make legislation obsolete before the ink is even dry. Nikhil Rathi, Chief Executive of the Financial Conduct Authority (FCA), summarized the situation:

“Technology is moving much faster than many regulatory paradigms. Legislation will never keep up.”

Firms looking to embrace the opportunities that AI offers must be conscious of balancing today’s regulatory expectations (and those yet to be formalized) against pressure – both internal and external – to “get on the AI bus.” There are steps firms can take to ensure they’re adopting AI from a “governance first” position:

  • Conducting regular risk assessments of deployed AI models to identify and mitigate potential vulnerabilities
  • Work cross-departmentally with relevant stakeholders across legal, compliance, IT, and ops roles – because AI risk doesn’t just “live” in one department
  • Perform due diligence on any third-party providers to ensure their own security and operational resilience measures are stringent enough
  • Undertake continuous reviews of model governance frameworks and ongoing reviews of performance to establish whether models are acting as intended and frameworks are in place to spot risk as it manifests
  • Capture and securely archive data from Generative AI or AI assistant platforms to ensure you meet data completeness expectations
  • Prioritize consistent employee training across your organization around AI and the risks it may present
  • Monitor for regulatory messaging or developments that may impact the way your firm uses AI, handles AI data, or conducts and evidences governance

AI governance may still be evolving, but firms that maintain proactive, forward-looking programs and work “compliance first” will be best positioned to adapt to developing expectations while innovating responsibly.

Regulators may still be determining how to update frameworks to better support the pace of innovation, though firms can lead the charge by confirming that all AI technologies within their ecosystem – including those provided by third-party partners – are security-first, regularly tested for risk, and scalable as the industry evolves.

About Article

Published 06 July 2026

About Author

Share Article