Financial services leaders have sounded the alarm over a significant absence of AI governance standards in the UK, with new research from Zango AI, a compliance technology firm, warning that the sector faces growing systemic risk.
According to Financial Reporter, the findings come as the Bank of England prepares to bring together the Treasury, the FCA and the National Cyber Security Centre to evaluate the risks associated with Anthropic’s Mythos model.
The report, titled The Future of AI Governance & Compliance in Financial Services, is based on interviews with 27 C-suite and senior figures across risk, compliance and AI governance at UK and European financial institutions, as well as four industry roundtables involving 60 additional senior practitioners. Contributors include senior representatives from Santander, St James’s Place, Stripe, Standard Chartered, Lloyds Banking Group, Monzo, Allica Bank, Commerzbank, Revolut and Ecommpay, alongside John Glen MP, a member of the Treasury Committee.
The research identifies a fundamental shift in how AI is being used across financial institutions — moving away from systems that deliver predictable outputs towards generative and agentic technologies that produce context-dependent results which cannot be fully validated before deployment. This shift is creating a widening oversight gap, with business and technology teams deploying AI at a significantly faster rate than the risk and compliance functions tasked with overseeing them. Several institutions were found to be unable to account for all the AI tools in active use across their own organisations.
Zango AI is a compliance technology firm focused on supporting financial services organisations in managing AI-related governance and regulatory risk.
The report highlights that criminal organisations are already taking advantage of this gap. Global fraud losses reached $579bn in 2025, with 90% of financial professionals reporting a rise in AI-enabled attacks. Leaders pointed to a lack of operational guidance as a notable shortcoming in the UK relative to the US, which in February 2026 published a practical Financial Services AI Risk Management Framework developed through a Treasury-led public-private collaboration involving 108 financial institutions. Singapore’s Monetary Authority published an equivalent in March. No comparable standard currently exists in the UK or EU. Without shared operational guidance, the report cautions, firms are independently addressing the same governance challenges, resulting in inconsistent controls and oversight gaps that can be exploited at scale. The report calls for practitioner-built, sector-specific implementation guidance developed with regulatory engagement, modelled on the Joint Money Laundering Steering Group — the industry-developed standard for financial crime compliance that carries government endorsement without being formally mandated.
Lord Clement-Jones, Liberal Democrat spokesperson for science, innovation and technology in the House of Lords and co-chair of the All-Party Parliamentary Group on AI, writes in the foreword: “What is immediately missing is the translation of high-level regulatory principles into day-to-day operational practice. We cannot simply wait for the aftermath of the first major AI-fuelled financial scandal to force us into action.”
Zango CEO Ritesh Singhania said: “Compliance teams are trying to keep pace with AI systems their own colleagues have deployed, and with criminal networks scaling faster than anyone’s defences. Weak governance doesn’t just create individual risk; it creates systemic vulnerability across the entire sector. What’s missing is a shared implementation standard that gives firms a consistent basis for governing AI as they adopt it.”
Santander global chief operating officer (legal) and Zango adviser Dean Nash said: “The kinds of AI systems now being adopted across financial services don’t behave the way the systems we built our governance frameworks around behaved. They make judgements, produce different outputs in different contexts, and cannot be fully tested in advance. This poses a significant accountability problem. Right now, most firms are trying to solve it alone, without a shared standard to work from.”
Copyright © 2026 FinTech Global
