Morgan Stanley's trillion-dollar bet on external AI agents is forcing the conversation UK regulated firms have been avoiding: if you open your platforms to third-party AI, how do you stay compliant? The answer is not 'trust the algorithm'—it is rigorous governance, from day one.
Agentic AI  Trovix ReachFinancial Services · Legal · Accountancy

Morgan Stanley's decision to open ShareWorks and Equity Edge to thousands of external AI agents is not a vote of confidence in AI maturity — it is a forced acknowledgment that the margin between first-mover advantage and regulatory risk has collapsed. For UK regulated firms in financial services, insurance, law and accountancy, this matters directly. When a systemically important US bank opens its core operational platforms to third-party autonomous systems, the FCA, PRA and SRA will expect UK equivalents to have governance frameworks ready. This is not optional. The Consumer Duty (PS22/9) already demands that firms understand and manage third-party risks. Adding AI agents to that equation — agents you do not build or fully control — creates a new compliance burden that most mid-market firms have not yet mapped.

We are watching the industry move from 'can we use AI?' to 'whose AI is actually running our business?' Morgan Stanley's move signals that the integration phase is accelerating, but it also reveals the uncomfortable truth: most AI agent deployments still lack proper provenance, audit trails, or accountability structures. The pattern is clear across legal tech (Harvey and Legora have promised agent capabilities for 18 months without clarity on governance), insurance tech, and financial services platforms. Firms are racing to adopt external AI agents because they solve real workflow problems — but they are doing it without the institutional guardrails that regulated firms actually need. The EU AI Act's classification of high-risk AI systems in financial services decision-making is not theoretical anymore; Morgan Stanley's move makes it operational.

Trovix's view is blunt: opening your critical platforms to external AI agents without first establishing governance infrastructure is negligence, not innovation. UK firms need three things before they follow Morgan Stanley's model: first, an AI governance framework that maps every agent's purpose, training data, output verification and audit trail — this is where Trovix Audit becomes essential, not because it approves agents but because it forces you to articulate exactly what you are accountable for. Second, continuous monitoring of regulatory change (the FCA's expectations are shifting faster than most firms can track). Trovix Watch exists because the cost of missing a compliance signal during agent integration is now material. Third, and this is where most firms fail: you need human-in-the-loop verification of agent outputs before they reach clients or influence regulated decisions. Copilot-style assistants sold on productivity alone will not survive FCA scrutiny in financial services. The firms that succeed will be those that accept AI agents as tools that require more governance, not less.

Here is what you should do this month: audit your current third-party AI usage (including general-purpose LLMs like ChatGPT or Claude, not just specialist legal or financial tools). Map which systems touch regulated decisions, client data, or advice. Identify the gaps in your audit trails and accountability for those systems. If you have none, start there — do not add more agents until you have baseline governance. For mid-market practices, this means dedicating 4-6 weeks to governance mapping before you deploy new integrations. For larger firms, it means getting buy-in from compliance, risk and your regulators before external agents go live. Morgan Stanley has the balance sheet to absorb integration failures. You do not.

Source: CNBC

Related Trovix product:

Trovix Reach →Book a demo →