There is a pattern that repeats itself every time regulation intersects with something organisations don’t yet understand well. When GDPR arrived, firms hired a Data Protection Officer (whether needed, or not). When Consumer Duty landed, firms hired a Consumer Duty Champion. Now, as AI rises up the risk register, firms are hiring Heads of AI Governance.
In each case, the impulse is the same: isolate the problem in a new hire, give them a title, and consider that the governance mapping is complete. In each case, the outcome is the same: the person is under-resourced, under-connected, and unable to effect the cross-business change the regulation actually demands, in some instances leading the role to be redundant shortly after.
The UK legislators and regulators keep reinforcing the fact that no new rules are coming, at least not yet, and to use the frameworks that are already available within the FCA handbook.
Unfortunately, despite having more access to information, frameworks and concepts, the operational realities vs. theoretical discussions means that it’s ever more complicated to get your house in order.
What prevents successful operational systems and controls?
On 15 May 2026, the Financial Conduct Authority (FCA), Bank of England, and Treasury issued a joint statement on frontier AI models and cyber resilience. Within thirty minutes, LinkedIn was flooded with posts explaining what it “now means” for regulated firms.
Here is what it actually says, in the document’s own footnote: this statement is not intended to introduce new expectations. It brings together existing messages to support firms as the operating environment becomes more complex.
What does this mean in practice? That the FCA, BoE and Treasury are aligned on the fact that current operational resilience rules, systems and controls obligations, Senior Managers and Certification Regime (SMCR) accountability do not require an overhaul. What is insufficient is firms’ execution against the frameworks already in place.
Regardless whether you’re a firm that has outsourced their IT infrastructure to third parties, or even where IT teams exist: with minimal internal technical capability to oversee, challenge, or understand what those providers are doing, or siloed teams, the deeper problem is more structural. This was, for a long time, considered efficient but could now prove to be a compounding liability from years of arms-length IT capability.
The National Cyber Security Centre (NCSC) is explicit: AI will amplify both strengths and weaknesses in an organisation’s security posture. If your strength is a well-mapped technology estate with clear ownership and logging, AI-assisted defence works in your favour. If your weakness is opacity, systems you’ve outsourced and can’t see into, AI-assisted attack works against you.
The speed at which this threat has materialised is worth pausing on. In just 18 months, the best AI models went from barely progressing on a realistic simulated enterprise attack to completing over half of it, and a full attempt now costs around £65.
Read that again as a COO. A sophisticated, multi-step cyberattack on your organisation can now be attempted for under the price of a team lunch. The assumption that your firm is too small, too niche, or too obscure to be a target is not a viable fallback when the economics of targeted attacks have collapsed. Couple that with not having to comply with any regulations, and iteration doesn’t have to go via a governance process.
Much like the old school concept of financial crime responsibility, historically seen as a risk and compliance problem, AI risk is not just an IT problem.
Why hiring a ‘Head of AI Governance’ will not cut the mustard
The FCA’s joint statement is precise about what it expects at governance level: Boards and senior management should have sufficient understanding of frontier AI risks, not to manage them operationally, but to set strategic direction and oversee how control functions manage risks.
The parallel with Consumer Duty is interesting. Consumer Duty is not a compliance function (this was specifically called out) it is a cross-business obligation that touches product design, communications, customer service, pricing, and complaints. Firms that treated it as a solo compliance project rather than an operating model reframe consistently produced board reports that did not reflected any real change in how the business ran.
AI governance has an identical structure. It touches procurement decisions, third-party contracts, data architecture, incident response, staff training, and customer-facing systems. It cannot be owned by one person who was, eighteen months ago, an AI consultant with no background in how a hedge fund actually operates – and actually, the operational intricacies and workflows that need to be considered.
There is genuine value in external AI expertise, but AI experts who lack deep operational knowledge of regulated financial services – how a compliance function works, what a system of controls looks like, what the FCA means by a material business service, cannot build governance frameworks that will hold up to regulatory scrutiny. The people who understand how your business actually runs tend already to be inside it. The upskilling question is not how to hire AI governance in it is how to bring the AI literacy up to the people who already hold operational accountability.
The difference between dual and solo regulated businesses
Dual-regulated firms have been living with enhanced operational resilience obligations for longer and at a higher standard of scrutiny. Not only that, but prior to those formal rules the oversight from the PRA required those organisations to move slower, to ensure that your starting point is not exploratory but to have the mindset of the worst-case scenario. That experience is useful data showing not that they found the right individual to own AI governance but that they built it as a systemic function: operational resilience teams, incident response, compliance, risk, and technology working toward a shared framework with defined ownership at each layer. The FCA statement reflects this model exactly: governance and strategy, vulnerability management, third-party risk, protection, and response and recovery are listed as five distinct domains, each requiring specific capability.
For smaller, solo-regulated firms the proportionality argument cuts both ways. Yes, the regime is calibrated to your size, but the threat is not, and with barrier to entry increasingly decreased for threat actors, proportionality in regulatory expectation does not mean proportionality in risk exposure.
The impact of tech companies running financial services enterprises
A significant cohort of FCA-authorised firms, particularly challenger banks, embedded finance providers, and crypto-adjacent payment businesses, were built by technologists first and regulated entities second. The risk is almost the reverse of traditional firms, where their product teams are strong, their engineering culture is strong but their understanding of regulatory probabilistic risk, the likelihood that a specific system failure produces a specific consumer harm at a specific scale, is often significantly weaker.
The NCSC notes that frontier AI capabilities are inherently dual-use: the same tools that can identify vulnerabilities and develop exploits can be used by defenders for security testing and hardening. But this dual-use benefit only materialises if the people deploying these tools understand both the technical and the regulatory dimensions of what they’re testing. A strong engineer who can run an AI-assisted vulnerability scan is not automatically equipped to assess whether the result of that scan constitutes a material risk to a regulated business service under the FCA’s operational resilience framework.
The gap between technical competence and regulatory fluency is not an insult to technical teams, but it is a structural reality that needs bridging, which cannot be done by a specific job title.
Why we should be cautious about the systems we deploy to ‘solve’ a problem
There is an irony to the fact that the response to AI-driven risk is increasingly to deploy AI-driven tools. Vendors are now, and have been for some time, marketing AI-enabled compliance monitoring, AI-enhanced KYC, AI-assisted surveillance.
The FCA statement does not endorse this framing uncritically in that investment and resourcing decisions should reflect the emerging threat, including increased exposure from end-of-life systems or those out of vendor support. The risk is not only from what attackers are doing with AI, it is also from what your vendors are doing with it, without you understanding whether those systems are themselves properly governed, tested, and secured.
The NCSC makes the same point from a different angle: AI-enhanced cyber security tools introduce new complexity, creating additional dependencies and failure modes that may be difficult to detect or control. In other words, deploying an AI tool to manage risk is itself a risk management decision that requires governance. If your firm is relying on word of mouth and vendor sales pitches to select the systems managing your compliance, operational resilience, and financial crime obligations, it opens a potential other governance gap.
Practical things to consider about organisational upskilling and system-wide controls
The NCSC is direct about where to start: the most effective actions are not novel or experimental: accurate asset inventories, robust access controls, secure configuration, comprehensive logging.
These are all operational discipline and should be a precondition for everything else.
For COOs at SME financial services firms, can you currently answer the following?
- Do we know every system in our technology estate, including those managed by third parties on our behalf?
- Do we have clear contractual rights to audit, challenge, or exit those vendors?
- Do we have a documented process for triaging and remediating vulnerabilities when a vendor notifies us of one?
- Does our board receive meaningful reporting on technology risk, not just a RAG (Red, Amber, Green) status, but an articulation of what the risk actually is?
- Are the people in our operational resilience, compliance, and risk functions developing working literacy in AI risk: not AI expertise, but enough understanding to ask the right questions of those who have it?
Building the underlying capability, mapping your systems, understanding your third-party dependencies, embedding accountability at the right levels, can put you on the right trajectory to effectively utilise frontier technologies.
Elira Solutions works with FCA-regulated firms on technology governance mapping, systems and controls infrastructure, and operational resilience. If you would like to understand where your current framework has gaps, contact us at elirasolutions.co.uk
