Nikhil Rathi and Christine Lagarde have just told you something important: the traditional regulatory cycle is broken, and your firm cannot afford to wait for the rulebook to catch up. The question is whether you will lead your own AI governance or fall behind.
AI Governance  Trovix WatchLegal · Insurance · Financial Services · Accountancy

On 3 July, the FCA CEO and ECB President said something that should worry every regulated firm in the UK: the system designed to protect you no longer works. Rathi stated plainly that traditional rulemaking cycles cannot match the pace of agentic AI development. Lagarde went further, acknowledging that AI poses major risk precisely because the 'means of defence have yet to be found.' This is not regulatory hand-wringing. This is an admission that the FCA, PRA and ICO are designing rules in the dark, issuing guidance that will be obsolete before it lands, and asking firms to comply with standards that do not yet exist. For mid-market law firms, insurers, financial services companies and accountancies, this means one thing: regulators will not protect you from AI risk in real time. You must protect yourself.

This story sits at the intersection of three converging pressures. First, AI products now ship faster than regulators can assess them—Harvey, Luminance and other legal AI tools are in production use while the SRA Code of Conduct and ICO UK GDPR guidance remain in perpetual catch-up mode. Second, agentic AI (systems that autonomously take decisions or actions) has moved from research papers to live deployment in regulated firms, and nobody—not the regulators, not the vendors, not the firms using them—has agreed on what 'safe' means. Third, the EU AI Act is now live, the FRC and PRA have issued governance standards (ISA UK 260, PRA SS1/23), but they are principles-based exactly because nobody could write prescriptive rules in time. The pattern is clear: regulation will follow deployment, not precede it. Firms that wait for certainty will lose competitive ground to those that build robust governance now.

Trovix's position on this is direct. The solution is not to ban agentic AI or wait for the rulebook. It is to implement AI governance that works independently of regulatory timelines. This means three things: you must monitor what the regulators are actually doing (not what they say they will do), you must audit your AI systems continuously (not when the FCA asks), and you must document your risk decisions explicitly so that when rules do land, you can prove you acted responsibly. Where many firms go wrong is treating AI as a procurement problem—they buy Harvey or Microsoft Copilot or Legora and assume compliance follows. It does not. Those tools are excellent at what they do, but they are not governance frameworks. Trovix Watch exists precisely because regulators cannot keep pace: it tracks real-time regulatory change across FCA, PRA, SRA, ICO and EU channels so you see the signal before the noise. Trovix Audit closes the loop by letting you demonstrate that your agentic AI systems have been tested, monitored and governed on your terms, not the regulator's schedule.

Right now, today, your firm should do three things. First, take an inventory of where you have deployed AI systems that make decisions, not just AI that assists humans—agentic AI is the regulatory target, not ChatGPT for drafting emails. Second, document your risk assessment for each system: why you deployed it, what could go wrong, and how you would know if it did. This is not a box-tick exercise; it is evidence that you took the FCA Consumer Duty (PS22/9) and PRA SS1/23 seriously while the rulebook was still being written. Third, set up a mechanism to track regulatory change—do not rely on your regulator's website or vendor newsletters. Use Trovix Watch or build your own system, but accept that you cannot outpace regulators; you can only refuse to lag them.

Source: CNBC

Related Trovix product:

Trovix Watch →Book a demo →