Nikhil Rathi and Christine Lagarde are correct: most AI rollouts in regulated firms will fail under scrutiny because they treat AI as a productivity tool rather than a controlled system. This is not scaremongering. It is the inevitable consequence of deploying systems designed for speed without the
AI Governance  Trovix SiftLegal · Financial Services · Insurance · Accountancy

The FCA CEO and ECB President have just said something UK regulated firms need to hear: your traditional compliance playbook is already obsolete. Traditional rulemaking cycles take months or years. Agentic AI systems change their behaviour in weeks. The gap between what your risk framework approves and what your AI actually does in production is where enforcement action lives. For mid-market law firms, insurers, financial advisors and accountancy practices, this is not abstract. The FCA Consumer Duty PS22/9 explicitly requires firms to understand their tools. The SRA Code requires solicitors to act with integrity. The PRA SS1/23 framework for model risk management applies to any material decision-support system. If you cannot explain why your AI gave that recommendation, you are already in breach.

What Rathi and Lagarde are describing is not a temporary mismatch. It is a structural problem with how the industry has approached AI adoption. Firms have deployed systems like Microsoft Copilot, Harvey for legal research, and Luminance for document review on the assumption that productivity gains equal business value. But none of these platforms were built with the governance requirements of regulated firms as the primary design constraint. They were built to be useful. They were not built to be auditable in real time, nor to provide the causal transparency that regulators now demand under frameworks like the EU AI Act and ICO guidance. The result: thousands of firms are running AI systems they cannot fully explain to their own compliance teams, let alone to regulators.

Trovix's approach is different because it starts with a question most AI vendors never ask: what does the regulator need to see? Trovix Aria is built as a retrieval-augmented generation system that holds itself accountable to your own knowledge base, not to a black-box LLM. Trovix Sift extracts data with documented provenance, so every decision can be traced. Trovix Watch monitors regulatory change in real time, not quarterly. This is not about being faster than generic AI. It is about being defensible. When the FCA asks 'how did your system reach that conclusion?' you can point to the rule, the source document, and the extraction logic. Systems like Harvey and Luminance are excellent at their specific jobs, but they operate in a black box relative to your governance framework. That gap is what regulators are now closing down.

What you should do right now: audit every AI system currently in use against FRC ISA UK and PRA model governance standards. You will find gaps. Then—and this is critical—do not fill those gaps with more generic AI. Do not add another Copilot seat or another LLM-based chatbot hoping the problem will resolve itself. Instead, map the specific regulatory obligation each system must satisfy (Client Duty, Anti-Money Laundering, Conflict of Interest, Data Protection under ICO UK GDPR), then match that obligation to a system designed to discharge it with evidence. For document intake and data extraction, this means systems with documented chains of custody. For knowledge assistance, this means RAG systems that can be audited. For regulatory monitoring, this means automated change capture with compliance routing. The firms that will survive the next 18 months of regulatory scrutiny are not the ones with the most AI. They are the ones with the most defensible AI.

Source: CNBC

Related Trovix product:

Trovix Sift →Book a demo →