Regulators’ AI tools face the accountability test

AI

Artificial intelligence is reshaping the financial sector at pace, approving loans, drafting disclosures and flagging suspicious transactions inside regulated firms, yet the rules designed to govern it remain unfinished. Crafting governance frameworks in this environment has been likened to painting the centre line on a motorway before the concrete has set.

According to Sherlocq, the pandemic accelerated digital adoption across financial services, and AI is now pushing that transformation into overdrive, opening gaps between performance and expectation that are far from hypothetical.

Sherlocq recently discussed a critical topic of who regulates the regulator’s algorithm?

Supervisors worldwide are building AI oversight frameworks, but every few months a new capability or failure mode emerges that existing drafts never anticipated.

Firms are being asked to comply with expectations that are, in places, still being written. The emerging consensus is that supervisors should focus on governance and outcomes rather than chasing individual technologies, and that they will need their own AI to keep up with the industry’s.

That raises a question receiving too little attention: who regulates the regulators once they deploy their own models? The arithmetic is straightforward. The volume, speed and opacity of model-driven decisions inside a modern bank have outrun manual review. Examiners cannot read a million automated lending decisions, but software can. Several authorities are already quietly using AI to supervise AI.

On paper, this is sensible, even overdue. Machine review excels at exactly what defeats humans: sifting vast model output for bias or drift, benchmarking algorithmic systems against control standards, and spotting patterns hidden across thousands of unremarkable decisions.

But the moment a regulator deploys a model to judge a firm, it inherits every problem it has spent a decade telling firms to fix. A supervisory model trained largely on historical enforcement cases from one sector, geography or era will reproduce the priorities of that past, looking hardest where regulators already looked and staying quietest where the next problem is forming. When a model’s output can trigger an investigation or a fine, that stops being a technical footnote and becomes a question of legitimacy.

Enforcement also needs an explanation. Regulated firms are entitled to understand, challenge and seek review of findings against them. If a supervisory model flags a lender for bias and the honest answer to “on what basis?” is that the tool is a black box, the enforcement action stands on thin ice. The regulator would be demanding a standard of transparency it cannot meet itself.

Four questions remain unanswered in any jurisdiction: who reviews the supervisor’s own models; what remedy exists when the supervisory AI is wrong; what happens when the model inherits the bias baked into historical enforcement data; and who is liable when an automated supervisory decision causes harm to a firm, consumers or a market.

None of this argues against AI-assisted regulation, which may prove fairer and more thorough than the overstretched human version. The argument is narrower: a regulator’s tools should meet at least the standards imposed on supervised firms. The longer that gap persists, the more it erodes confidence in the entire architecture of oversight.

For firms, uncertainty is no excuse to wait. The direction of travel is clear enough to act on, a gap that tools such as Sherlocq were built to close by tracking regulatory movement across jurisdictions in real time. Firms should inventory their AI systems with named owners, document data sources, testing and oversight as they deploy, build for a common regulatory core with regional variations, and treat AI readiness like inspection readiness.

Compliance and risk teams need not become data scientists, but they must be able to ask sharp questions, log model drift and explainability failures on the risk register, and give boards honest narratives. “I don’t understand this model” has stopped being a defensible position in a senior seat, and regulators will in time test it. The firms that fare best will be those that built accountability into governance early, not those that waited for perfect rules.

Read the full Sherlocq post here. 

By Daniel Willis, Editor of RegTech Analyst 

Read the daily FinTech news

Copyright © 2026 FinTech Global

Enjoying the stories?

Subscribe to our daily FinTech newsletter and get the latest industry news & research

Investors

The following investor(s) were tagged in this article.