OpenAI's new legal and finance tools signal something important — but not what most people think. The real story is that major AI vendors racing to capture regulated sectors reveals the actual danger: firms choosing tools based on marketing, not governance.
AI Governance  Trovix AuditLegal · Financial Services · Insurance · Accountancy

On 2 June, OpenAI announced it is building legal and finance-specific tools inside its Codex agent platform, directly competing with Anthropic and others like Harvey and Luminance for business customers in regulated sectors. The announcement matters to UK legal practices, insurers, asset managers and accountancy firms because it signals that the largest AI vendors are now treating regulated work — legal opinions, financial advice, underwriting decisions — as core product opportunities. But here is what the story really reveals: when OpenAI and Anthropic go public (as the article suggests both plan to do), they will market these tools aggressively to mid-market firms desperate to cut costs or look innovative. Most will adopt without asking the hard questions about vendor lock-in, model transparency, audit trails and liability. That is exactly where UK firms will fail their FCA Consumer Duty obligations, SRA Code requirements, PRA operational resilience standards, or their own professional indemnity insurers' demands.

This news is part of a larger pattern: the market is conflating 'AI capability' with 'responsible AI deployment'. Harvey and Luminance have built reasonable legal-specific tools, but they still face the same friction that kills AI projects — firms bolt tools onto existing workflows without changing governance, without establishing who is liable when the AI makes a mistake, without building audit trails that satisfy regulatory scrutiny. What OpenAI is now doing is scaling that problem. A general-purpose vendor moving into regulated sectors at speed, with tools built for speed, will almost certainly repeat the mistakes of previous waves of legal tech and insure-tech. The difference is that this time the stakes are regulatory. The EU AI Act is live. The ICO has published guidance on AI and UK GDPR. The FRC's new audit standards (ISA UK) explicitly name AI as a control audit must now test. The days of 'move fast and see what happens' in regulated sectors are ending.

Trovix's view: the problem is not that OpenAI is building these tools. The problem is that the market has no consensus on what 'safe adoption' looks like. A legal team using OpenAI's new agent to draft contract schedules or review terms has no way to know whether that output is being logged, whether it can be audited later, whether it meets SRA technology guidance, or whether their professional indemnity policy will cover a loss caused by an AI hallucination. Compare this to a purpose-built tool like Luminance, which has invested in sector context and audit infrastructure — still not perfect, but at least built with regulatory assumptions in mind. The real issue is not the vendor's capability; it is the firm's governance. Most mid-market firms do not have AI governance frameworks. They do not have policies for which decisions AI can touch, who verifies AI output, or how to log it. That is why Trovix Audit exists — to give firms a real-time view of where AI is being used in their business, what decisions it is touching, and whether they can prove to a regulator that they have control. Without that, adopting OpenAI's new legal tools is like installing a high-powered engine without brakes.

If you are running a law firm, insurance broker, asset manager or accountancy practice, do not wait for the next vendor announcement to act. Start now: inventory where AI is already in use (it probably is — staff are using ChatGPT and similar tools informally whether you know it or not). Second, map which decisions AI should never touch (FCA advice, SRA privilege decisions, PRA stress-test inputs). Third, build a simple policy for how the AI that remains gets used, logged and verified. Fourth, ask your indemnity insurer whether your current coverage extends to AI-assisted work — most policies do not. The vendors racing to sell you tools will not solve this. They will make it faster. That is not a feature.

Source: Bloomberg News

Related Trovix product:

Trovix Audit →Book a demo →