Across financial services, artificial intelligence has become one of the most powerful tools for governance and operational oversight. From monitoring communications and flagging suspicious activity to processing volumes of data that would overwhelm any human team, AI adoption has surged to a phenomenal level. According to the Cambridge Centre for Alternative Finance, 81% of financial services firms are now using AI – no doubt spurred on by the incredible outcomes.
But what happens when the AI stops being an observer and becomes a participant?
From oversight to action
For most of the past decade, AI in financial services has played a defined role – reviewing recorded communications, identifying patterns and reducing false positives. It sat behind the glass, watching. That dynamic is changing rapidly. AI systems are now being used in several distinct ways across financial services – from drafting client communications for human approval, to generating summaries and recommendations that inform employee decisions, through to more autonomous systems capable of initiating follow-ups or responding directly on client channels. According to Fenergo, 93% of financial institutions plan to implement agentic AI within the next two years. NVIDIA’s 2026 financial services surveyfound that 21% have already deployed AI agents, with a further 42% actively assessing them.
This shift from passive monitoring to active participation creates a more complex governance environment. In some cases, AI-generated content is still reviewed and approved by an employee before being sent. In others, more autonomous systems may operate with limited human intervention. Those scenarios carry very different oversight, accountability and operational requirements. And in financial services, where every client interaction on a regulated channel carries operational, reputational and governance implications, that distinction matters.
A governance framework for a different era
The communications infrastructure most firms rely on today was designed for one purpose: capturing and archiving human-to-human communications. When organisations moved onto consumer messaging channels like WhatsApp and WeChat, firms invested heavily in governance platforms that could capture conversations, apply retention policies and surface them for oversight.
That investment was necessary. Regulatory scrutiny around off-channel communications has intensified significantly in recent years, while institutions have become increasingly aware that unmanaged communications create not just compliance concerns, but broader reputational and operational risks. The FCA’s August 2025 multi-firm review of 11 wholesale banks identified 178 breaches of internal communication policies – with 41% involving directors or senior managers. While these findings related to human use of off-channel communications rather than AI systems, they reinforced a broader point now shaping boardroom thinking: organisations need visibility and governance across every business communication channel, regardless of whether the communicator is human or machine-assisted.
But those frameworks were built around a fundamental assumption – that the messages being sent were composed by people. When an AI agent drafts a response to a client on WhatsApp, or generates a summary that shapes an investment recommendation, does the existing governance infrastructure capture it with the same rigour? In many organisations, the honest answer is no.
The paradox of today
This is where the paradox becomes concrete. Firms are deploying AI to improve oversight and operational efficiency while simultaneously introducing machine-assisted and, in some cases, autonomous communications workflows that existing governance structures were not designed to supervise. The tool designed to strengthen visibility is creating content that existing governance structures cannot fully explain or supervise.
Consider a practical scenario. A wealth manager’s AI assistant drafts a client message on a consumer messaging channel, drawing on portfolio data and market commentary. The message is sent, the client acts on it and the market moves against them. When leadership, auditors or regulators ask to review the communication trail, the firm can produce the message – but can it demonstrate how the AI arrived at that specific wording? Can it show the data the model drew upon, the parameters it operated within, or whether a human reviewed it before it was sent?
The Cambridge CCAF’s 2026 report reveals that two-thirds of financial services firms are not monitoring their AI systems for bias or discrimination. FinRegLab’s research highlights that agentic AI is advancing faster than the data infrastructures and governance frameworks designed to oversee it. And the EU AI Act, with its high-risk system obligations taking effect from August 2026, will impose requirements for human oversight, transparency and automatic event logging – obligations that many firms are not yet prepared to meet for their AI-driven communications.
Extending the governance perimeter
The solution is not to slow AI adoption, because the efficiency gains are massive. Firms that fail to adopt will fall behind both competitively and operationally. The right solution is to extend the governance perimeter.
Every AI-generated communication on a client-facing channel needs to be captured and archived with the same completeness as a human-authored message. Full audit trails should record not just what was sent, but the systems, data sources and approvals behind it. Organisations need clear human oversight thresholds – defined points at which AI-generated content requires review before reaching a client. For AI-assisted drafting tools, that may mean mandatory human approval and traceable edit histories. For more autonomous systems operating directly on client channels, organisations may require significantly stricter controls, escalation mechanisms and operational guardrails. And, critically, data ownership must remain with the organisation, not distributed across whichever third-party models happen to process sensitive information.
These are not new ideas. They are the same standards the industry spent years implementing for human communications on consumer messaging channels. The challenge is applying them consistently to a new category of communicator – one that operates at machine speed across every channel simultaneously.
The governance gap organisations are creating
Institutions are already seeing where this is heading. Regulators are increasing scrutiny of how firms deploy and represent AI systems, while boards and leadership teams are becoming more aware that poorly governed AI communications create reputational exposure and erode client trust. The FCA has made clear that its existing principles-based framework, including Consumer Duty and the Senior Managers and Certification Regime, applies fully to AI-driven outcomes. When an AI agent produces a poor result for a client, accountability will still sit with the institution.
The firms that will navigate this well are those treating AI governance as an extension of their existing communications governance – not as a separate technology initiative. They are asking the right question: if we would not allow an employee to message a client on an ungoverned channel, why would we allow an AI agent to do the same?
The AI paradox in governance exists only in the gap between where firms have deployed AI and where they have extended oversight to match. Closing that gap will become one of the defining governance and trust challenges of the next two years – because the real risk is not simply the use of AI in communications, but whether organisations can demonstrate visibility, accountability and control over the systems influencing or generating client interactions on their behalf.