A Cambridge study showing agentic AI deployment jumping from 24% to 81% in four years should excite and terrify financial services firms in equal measure. The real story isn't the technology—it's that supervisory frameworks haven't kept pace, and many firms are deploying autonomous AI systems withou
Regulatory Watch|Agentic AI|AI Governance|Financial AI  Trovix AuditFinancial Services · Legal · Insurance · Accountancy

The University of Cambridge research published this month makes one thing clear: agentic AI—systems that make decisions and take action autonomously—is no longer experimental. Financial firms expect it to become standard. But here's the uncomfortable truth embedded in the same study: regulators including the FCA, PRA and the Treasury are still writing frameworks that don't yet exist at scale. Mid-market UK financial services, legal, insurance and accountancy firms face a practical dilemma. Deploy agentic AI now and build governance later—risking compliance breaches under Consumer Duty PS22/9, SRA Code obligations, and FRC ISA UK requirements. Or wait and cede competitive ground to larger firms with dedicated AI teams. Neither choice is good.

This gap between deployment velocity and regulatory readiness is the defining challenge of 2026. We have seen this pattern before: blockchain (2017), open banking (2018), cloud-first operations (2020). But agentic AI is different because these systems don't just process data—they make binding decisions. An autonomous credit assessment agent, a contract review system making redline recommendations, a claims decision engine: all carry legal and reputational weight. When Harvey, LLM-based legal assistants, and general-purpose document extraction tools like those built into Microsoft Copilot roll out at scale, they work best as aids to human judgment. But 'agent' systems promise end-to-end autonomy. That's where the regulatory risk lives. The EU AI Act's risk-based framework is already stricter than anything the UK FCA, ICO or Lloyd's Blueprint Two currently mandate. UK firms rolling out autonomous systems now will face retrofitting later.

At Trovix, we believe the answer isn't to chase the latest agentic API or assume that good intent substitutes for measurable governance. Firms deploying autonomous AI need three things simultaneously: transparent audit trails that show how decisions were made (not just that they were made), explicit human-in-the-loop controls at decision points where regulatory or reputational harm is possible, and documented frameworks that connect each AI system to specific compliance obligations under GDPR, PRA SS1/23, or SRA Code requirements. Too many current approaches—including some sold as 'governance dashboards'—treat AI oversight as a box-ticking exercise. Trovix Audit is built specifically to map autonomous AI decisions back to regulatory obligations and flag drift in real time. It doesn't prevent you deploying agentic systems; it ensures you can explain them when regulators ask.

If you are a mid-market regulated firm, here is what you should do this month: audit which AI systems you already have in production or pilot that make autonomous decisions (not just assist). Then map those systems to your specific regulatory obligations—not in general terms, but line by line. If you cannot answer 'why did this AI make this decision, and how does that decision comply with FCA/FRC/SRA rules?', you have a gap. Before you deploy more agentic systems, build the governance layer. Not because it will make you compliant by 2030—the rules are still evolving—but because it will make you defensible and adaptable when they do. Firms that treat agentic AI governance as a bolted-on afterthought will struggle. Firms that embed it from day one will be ready.

Source: CNN

Related Trovix product:

Trovix Audit →Book a demo →