AI Compliance for Financial Services
Financial Services is addressed by 50 regulatory updates across 9 jurisdictions and 7 frameworks. This page tracks how regulators worldwide are approaching financial services in the context of artificial intelligence.
Framework Requirements for Financial Services
Regulations Covering Financial Services
US Federal(24)
SEC actions on false and misleading AI statements
SEC enforcement releases in 2024–2026 show the Commission continuing to treat false or misleading AI claims as a disclosure and fraud problem for public companies and advisers.
FTC inquiry into generative AI investments and partnerships
The FTC’s 6(b)-style inquiry into major AI investments and partnerships signals antitrust and market-structure scrutiny for AI deals and ecosystem concentration.
COVID-19 Origin Act of 2023
The COVID-19 Origin Act of 2023 was enacted as Public Law No. 118-2 on 2023-03-20, making it a completed federal legislative item with no new AI compliance obligation identified in the source.
FISA Amendments Act extension enacted
Congress enacted a law extending the authorities of Title VII of FISA through 2026-04-30, so organizations reliant on US intelligence-collection authorities should refresh legal and vendor-risk assumptions before the extension lapses.
SEC Enforcement Against AI Misstatements and AI-Related Fraud
The SEC continued AI-related enforcement in FY2025 and created a Cyber and Emerging Technologies Unit in February 2025, meaning false or misleading AI claims and technology-related investor fraud remain an active enforcement priority.
Colorado(7)
Colorado SB189 Automated Decision-Making Technology
Colorado SB189 was introduced in the Senate on 2026-05-01, adding another state-level automated decision-making proposal that could expand obligations for organizations using AI in consequential decisions.
Bryan Dorsey v. Robert T. Jones
The state court listing gives no substantive outcome, so there is no actionable compliance change in the provided record.
State v. Bailey
The state court listing is caption-only and does not identify any operative holding, so no regulatory action is evident from the supplied text.
Bryan v. Child Support Enforcement Agency
The state court listing is caption-only and does not disclose an operative ruling, so there is no compliance delta in the supplied text.
In the Interest of W.G., Minor Child
The minor-child case entry is purely caption-level in the supplied text, with no discernible regulatory or compliance trigger.
European Union(4)
ESAs publish first annual report on DORA major ICT-related incidents
On 2026-06-03, the EBA, EIOPA and ESMA published their first annual overview of major ICT-related incidents under DORA, underscoring that borderless ICT and AI-driven risks now require financial entities to tighten cybersecurity and incident-reporting readiness.
ESMA supervisory briefing on algorithmic trading
ESMA's supervisory briefing on algorithmic trading signals updated supervisory expectations for firms using trading algorithms, so market participants should verify controls, testing, and monitoring against the briefing immediately.
ESMA supervisory briefing on algorithmic trading
ESMA issued a supervisory briefing on 26 February 2026 that signals closer supervisory expectations for firms operating algorithmic trading systems, so controls, testing, and oversight should be reviewed now.
ESAs spring risk update on geopolitical pressures and private finance risks
The ESAs’ spring risk update flags elevated geopolitical and private finance risks on 27 March 2026, signaling tighter supervisory scrutiny for firms with material market, liquidity, and concentration exposures.
Switzerland(4)
FINMA guidance on governance and risk management when using artificial intelligence
FINMA’s 18 December 2024 guidance says supervised institutions must adapt governance and controls to the materiality and probability of AI risks, including operational, model, data, IT/cyber, third-party, legal, and reputational risks.
FINMA guidance on AI governance and risk management
FINMA’s AI guidance highlights operational, model, cyber, data-quality, third-party, legal, and reputational risks, so Swiss financial institutions should formalize AI governance and oversight now.
FINMA Guidance on Governance and Risk Management When Using Artificial Intelligence
FINMA published AI governance guidance on December 18, 2024, making governance, model risk, data quality, cyber risk, third-party dependence, and legal/reputational risk explicit supervisory priorities for Swiss financial institutions using AI.
FINMA Guidance on AI Governance and Risk Management
FINMA’s AI supervisory guidance highlights operational, model, data, cyber, third-party, legal, and reputational risks, so Swiss financial institutions should treat AI governance as an immediate supervisory issue.
United Kingdom(4)
FCA, Bank of England and Treasury joint statement on frontier AI models and cyber resilience
The FCA, Bank of England, and HM Treasury said firms must be able to identify, monitor, and manage external AI-related applications, libraries, and services integrated into their networks, raising the bar for cyber and third-party resilience.
FCA Mills Review on how AI will reshape retail financial services
The FCA launched a review of advanced AI’s impact on retail financial services, with feedback due 24 February 2026 and recommendations expected for the FCA Board in summer 2026.
FCA, Bank of England and Treasury issue frontier AI cyber resilience statement
UK authorities issued a joint statement on frontier AI model cyber resilience, so regulated firms and FMIs should now align AI governance with existing operational resilience and cyber controls.
FCA AI live testing and innovation support
The FCA’s planned AI live testing service, with rollout targeted for September 2025, means financial firms should prepare to evidence model behavior, controls, and testing assumptions before engaging the regulator.
International(3)
ESAs Spring 2026 Risk Update
The ESAs’ spring 2026 risk update flags heightened geopolitical and private-finance risks, signaling supervisors expect firms to reassess enterprise risk exposure and preparedness now rather than waiting for a formal deadline.
ESMA Supervisory Briefing on Algorithmic Trading
ESMA issued a supervisory briefing on algorithmic trading on 2026-02-26, giving market participants a fresh supervisory signal on expectations for controls, governance, and monitoring of trading algorithms.
ESAs spring risk update on geopolitical pressures and private finance risks
The ESAs' spring risk update flags heightened geopolitical pressure and rising private-finance risk exposure, so firms should refresh enterprise risk assessments and supervisory reporting assumptions now rather than wait for a hard compliance date.
New York(2)
New York automated lending decision tools bill advances
New York A00773 advanced to third reading on 2026-04-30, signaling imminent scrutiny of automated lending tools and the need to prepare consent/opt-out and governance controls now.
New York automated lending decision-making bills advance
New York’s automated lending decision-making bills advanced on 2026-04-30, moving consent and opt-out requirements for banks closer to enactment and increasing near-term compliance planning pressure for lenders using automated tools.
Germany(1)
Weekly digest — coming soon
Leave your email to get the first issue when it ships. Free, no account required.
We use your email only for the digest. Privacy policy