GenAI has moved quickly from experiment to execution across financial services, but the compliance desk remains one of its toughest tests. While generative models promise faster interpretation of regulations, risks, and controls, trust is still constrained by concerns over explainability, accountability, and regulatory defensibility. As compliance teams face mounting pressure to do more with fewer resources, the question is no longer whether GenAI can improve efficiency, but whether it can be governed, audited, and trusted in high-stakes decision-making.
In part-two of a two-part series, FinTech Global sat down to speak to key industry leaders to see how industry leaders view the role of Generative AI in compliance and how it can secure greater trust.
For Supradeep Appikonda, COO and Co-Founder of 4CRisk.ai, trust begins with visibility. Explainability, he argues, is fundamentally a “show your work” requirement. Compliance teams need transparency into the cited sources and reasoning steps behind an AI response, particularly when prompts are complex or multi-layered. It is not enough to deliver an answer — teams must understand how technologies such as retrieval-augmented generation arrive at their conclusions.
Auditability introduces a different challenge. Because GenAI systems are probabilistic rather than deterministic, the same prompt may produce different results over time. Appikonda stresses that firms need a complete audit trail — including AI conversations, timestamps, user IDs, and model versions — to reproduce outcomes during reviews or investigations. Without this, organisations risk being unable to explain historical decisions that may later conflict with evolving governance, copyright, privacy, or bias standards.
Guardrails and human-in-the-loop workflows are therefore essential, particularly in high-stakes compliance decisions. Automated controls can screen inputs, restrict off-limit topics, and provide confidence indicators or draft responses that require verification. But even as models improve,
Appikonda maintains that human oversight remains indispensable. Regulators view humans not merely as a safety net, but as the legal owners of compliance decisions. “The AI provides the intelligence,” he notes, “but the human provides the compliance.” Smaller, specialised language models trained on domain-specific regulatory corpora, rather than broad public data, offer an additional layer of protection against hallucinations and IP risk.
That emphasis on accountability is echoed in b-next’s perspective. As GenAI shifts from innovation labs into boardrooms, trust has emerged as the central barrier to adoption. Unlike traditional rule-based systems, GenAI produces interpretation and recommendation — changing the nature of responsibility. In regulated environments, accuracy alone is insufficient. Outputs must be explainable, defensible, and reconstructible months or years later under supervisory scrutiny.
For b-next, explainability and auditability are not optional enhancements but core compliance requirements. Any GenAI system supporting surveillance or market abuse detection must operate within clearly defined boundaries, with full traceability across inputs, prompts, logic, and outputs. Guardrails that constrain models to validated data and defined tasks are critical, particularly in high-risk use cases where creative generation becomes a liability rather than an advantage. Human-in-the-loop workflows, b-next argues, are not a temporary compromise but a permanent requirement for trust.
Regulators, meanwhile, are pragmatic rather than resistant. They are open to innovation but explicit that accountability does not transfer to the model. If anything, GenAI is likely to raise supervisory expectations around governance, monitoring, and ownership of outcomes. Firms that succeed will be those that integrate GenAI into existing compliance frameworks — with continuous validation, performance measurement, and cross-functional oversight — rather than treating it as a standalone capability.
Earn a seat
Chaitanya Sarda, co-CEO of AiPrise, frames GenAI’s role more practically. It can earn a seat on the compliance desk, he says, but not as a “magic brain.” Instead, it should function like a highly efficient junior colleague — preparing cases, surfacing risk, and applying policy — while humans retain judgement and decision-making authority. Once deployed this way, the trust question shifts from the model itself to the quality of governance surrounding it.
Sarda emphasises that explainability and auditability standards for GenAI should mirror those already applied to other compliance models. Every AI-assisted decision should produce a clear paper trail: inputs used, checks run, materials reviewed, recommendations made, and human overrides applied. The objective is not to expose every internal model mechanism, but to ensure that when auditors ask why a decision was made, GenAI makes that explanation easier — not harder.
Guardrails work best when they are concrete. At AiPrise, GenAI is used to consolidate evidence, summarise information, rank alerts, and suggest outcomes based on written policy — but never to auto-approve or auto-reject high-risk cases. Over time, override rates and edge cases are tracked to continuously tighten controls.
Regulators, Sarda believes, will hold firms to a higher standard where GenAI is involved, but that does not equate to opposition. Firms that treat GenAI like any other governed model can often provide clearer audit trails and more consistent decision-making than before.
Explainability and auditability
Rick Grashel, Co-Founder and CTO at Red Oak, reinforces the inseparability of explainability and auditability in regulated environments. If an outcome cannot be explained alongside concrete, auditable facts, it is not production-ready. Red Oak’s AI agents return findings, reasoning, and suggested remediation for each review, with all supporting records preserved in a 17a-4 compliant datastore.
Hallucinations, Grashel argues, cannot be eliminated — just as defects cannot be eradicated in manufacturing. The focus must instead be on quality assurance. Human reviewers, armed with sufficient context, must inspect AI-generated outputs at critical decision points. Regulators have already embraced AI in their own supervisory activities, he notes, and so long as compliance records meet existing regulatory standards, AI-assisted processes remain acceptable.
From Hawk’s perspective, Chief Risk Officer Maximilian Riege suggests that GenAI has already earned partial trust in compliance. The frameworks exist; what remains is organisational willingness to adapt. Vendor due diligence, GDPR, and information security remain foundational, but GenAI introduces additional expectations around immutable logging of prompts, traceability to reliable data sources, and explainability in human terms.
Guardrails provide limits, humans provide judgement, and together they make hallucinations detectable and correctable — even if not fully avoidable. Productivity, Riege cautions, is the prize; governance is the price. Firms that automate faster than they control bias and drift risk scaling liability, not compliance.
Risk and reward balance
For Allison Lagosh, VP and Head of Compliance at Saifr, the balance between risk and reward is unavoidable. GenAI offers clear benefits — time savings, faster go-to-market, improved ROI — but introduces additional compliance workload rather than removing it. Manual controls and specialised review processes remain essential, particularly in externally facing use cases such as marketing content.
Regulators’ comfort with AI is growing, but firms must still comply with existing rules while preparing for evolving AI-specific expectations. Governance boards and AI committees are becoming central to approving models, monitoring accuracy, and maintaining oversight as adoption scales.
Across all perspectives, a common conclusion emerges. The trust that is held in Generative AI is not granted by innovation alone. It is earned through control, evidence, and accountability. When governed properly, GenAI can support faster, more consistent, and more focused compliance work. But on the compliance desk, trust will always belong to the humans who remain accountable for the decisions AI helps inform.
To read the first part of this series, click here.
Copyright © 2026 FinTech Global
