Key Definitions
| Term | Definition |
|---|---|
| Credit Scoring AI | An AI system that evaluates the creditworthiness of natural persons, used to determine credit access, terms, and pricing. Classified as high-risk under EU AI Act Annex III, point 5(a). |
| Algorithmic Trading | Trading in financial instruments where a computer algorithm automatically determines individual parameters of orders such as timing, price, quantity, and routing, with limited or no human intervention. Regulated under MiFID II. |
| Model Risk Management (MRM) | The process of identifying, assessing, and mitigating risks arising from the use of quantitative models, including AI/ML models, in financial decision-making. |
| Anti-Money Laundering (AML) | The set of laws, regulations, and procedures intended to prevent criminals from disguising illegally obtained funds as legitimate income, including AI-powered transaction monitoring and customer screening. |
| Robo-Advisor | An automated digital platform that provides algorithm-driven financial planning and investment management services with minimal human supervision. Subject to investment advice regulations under MiFID II. |
| Insurance Risk Assessment AI | An AI system used in evaluating insurance risk and pricing for natural persons. Classified as high-risk under EU AI Act Annex III, point 5(b). |
| Explainable AI (XAI) | AI systems designed to provide human-understandable explanations of their decision-making processes, critical for financial services where regulators and customers require transparency. |
| DORA (Digital Operational Resilience Act) | EU Regulation 2022/2554 establishing a comprehensive framework for ICT risk management in the financial sector, including requirements for AI systems as part of ICT infrastructure. |
| Stress Testing | The process of evaluating a financial institution's ability to withstand adverse scenarios, increasingly incorporating AI model performance under stress conditions. |
| Prudential Supervision | Regulatory oversight of financial institutions' safety and soundness, including the adequacy of their risk management practices for AI systems. |
| Fair Lending | The principle that credit decisions must not discriminate against applicants based on protected characteristics, enforced through disparate impact analysis and regulatory oversight. |
| Know Your Customer (KYC) | The regulatory requirement for financial institutions to verify the identity and assess the risk of their customers, increasingly supported by AI-powered identity verification and risk scoring. |
Chapter 1: The Financial Services AI Landscape in 2026
Financial services is the most heavily regulated sector for AI deployment. AI systems in banking, insurance, and investment face overlapping compliance requirements from the EU AI Act, sector-specific financial regulations (MiFID II, PSD2, Basel III, Solvency II, DORA), data protection law (GDPR), and national financial supervisory authority guidelines. The convergence of these frameworks creates a complex but navigable compliance landscape where organizations that invest in structured AI governance gain both regulatory compliance and competitive advantage.
1-1. AI Applications in Financial Services
| Application | Sector | EU AI Act Classification | Regulatory Overlay |
|---|---|---|---|
| Credit scoring | Banking | High-risk (Annex III, 5a) | CRD/CRR, national consumer credit law, EBA guidelines |
| Insurance underwriting and pricing | Insurance | High-risk (Annex III, 5b) | Solvency II, EIOPA guidelines, national insurance law |
| Algorithmic trading | Investment | Sector regulation | MiFID II Art.17, ESMA guidelines |
| Fraud detection | All | Minimal/limited risk | PSD2, AML directives, national fraud law |
| AML transaction monitoring | Banking | Minimal/limited risk | AMLD6, EBA AML/CFT guidelines |
| Robo-advisory | Investment | Sector regulation | MiFID II investment advice requirements |
| Customer onboarding (KYC) | All | Sector regulation | AMLD, eIDAS, national KYC requirements |
| Claims processing | Insurance | Limited/minimal risk | National insurance regulation |
| Market surveillance | Investment | Sector regulation | MAR, MiFID II |
| Customer service chatbots | All | Limited risk (Art.50) | Consumer protection, GDPR |
1-2. Regulatory Convergence
Financial AI faces a unique convergence of regulatory frameworks:
Layer 1: EU AI Act (Horizontal AI Regulation)
- High-risk classification for credit scoring and insurance AI
- Provider and deployer obligations
- Documentation, monitoring, human oversight requirements
Layer 2: Sector-Specific Financial Regulation
- MiFID II for investment services and algorithmic trading
- PSD2 for payment services
- CRD/CRR for banking prudential regulation
- Solvency II for insurance
- AMLD for anti-money laundering
Layer 3: Digital Operational Resilience (DORA)
- ICT risk management requirements for all financial entities
- Applies to AI systems as ICT components
- Third-party ICT provider oversight (including AI vendors)
Layer 4: Data Protection (GDPR)
- Personal data processing requirements
- Automated decision-making restrictions (Art.22)
- Data subject rights
Layer 5: National Financial Supervision
- National competent authority guidelines and expectations
- Supervisory review and evaluation (SREP)
- Thematic reviews of AI use in financial services
1-3. Supervisory Expectations
Major financial supervisory authorities have issued guidance on AI:
| Authority | Guidance | Key Requirements |
|---|---|---|
| EBA (European Banking Authority) | Discussion Paper on ML in Internal Ratings-Based Approach (2021); Report on AI and Big Data (2020) | Model governance, explainability, non-discrimination, consumer protection |
| EIOPA (European Insurance Authority) | AI Governance Principles (2021) | Proportionality, fairness, transparency, human oversight |
| ESMA (European Securities Authority) | AI in Securities Markets Report (2023) | Market integrity, investor protection, systemic risk |
| ECB/SSM | Guide on AI in Banking Supervision (2024) | Internal model governance, data quality, validation |
| BaFin (Germany) | Big Data and Artificial Intelligence Principles (2021) | Accountability, transparency, non-discrimination, data protection |
| FCA (UK) | AI Update (2024); Discussion Paper on AI (2022) | Consumer outcomes, competition, data ethics |
| SEC (US) | AI Risk Alert (2024); Proposed Rules on Predictive Analytics | Conflicts of interest, investor protection, market integrity |
| CFTC (US) | AI Primer (2024) | Market manipulation, algorithmic trading risks |
| MAS (Singapore) | FEAT Principles (Fairness, Ethics, Accountability, Transparency) | Comprehensive AI governance framework |