The churn of regulatory change keeps firms on edge, scrambling to align with ever-shifting global rules. Generative AI steps in with bold promise, turning chaotic updates into manageable insights through automation and sharp analysis. But as it streamlines compliance, questions loom about its pitfalls—data risks and hidden biases. Can GenAI truly reshape how firms stay ahead of the regulatory curve? In Part 2, we go further with industry thought leaders to see where they stand.
According to Alex Mercer, head of innovation at Zeidler Group, at the moment the company is finding that most of its clients are using the technology to speed up existing processes and automate smaller steps within the space.
He remarked, “It’s not as common to find any that are fully automated in a true sense, but any tasks that are already automated to a degree (like quarterly regulatory filings) will slowly march towards full automation.”
For Mercer, the reliability of GenAI for interpreting complex legal language leaves much to be desired. “While it can create results that sound great, and often are quite accurate, we’ve found that the default models provided by most vendors tend to not be consistent on their interpretation, he said.
Mercer stressed that this can generally be fixed through additional layers or processing, such as having the model be a fine-tune with some additional legal information, implementing a RAG process against core regulations, establishing evaluations, continuously monitoring and updating existing prompting processes, and so on.
“If you can build out this additional support for consistent interpretation, then GenAI can become quite reliable,” said Mercer.
Are regulators supportive of AI-based compliance tools? In the experience of Zeidler and Mercer, regulators are very interested in the tools but generally seem to be taking a “wait and see” approach.
He explained, “I find that part of this interest is due to the idea that it could greatly expand the ability of firms to remain in compliance and perform analysis instead of just accepting a higher risk tolerance. In general, if the firm is still responsible for compliance and has a clear audit trail from the AI-tool being used, I can easily see a future where using an AI-tool can be treated the same as hiring a third party to handle a compliance matter.”
Risks still abound in terms of relying on AI for regulatory interpretation, with the main risks consisting of how models are biased towards existing rules & regulations, and the lack of consistency in interpretation.
Mercer stated, “To be blunt, most LLMs tend to be heavily biased towards existing laws and regulations within the US and sometimes struggle when it comes to jurisdictions with less of a digital footprint. In addition, most of these models have a knowledge cutoff date that can be 1-2 years behind present, and require some sort of solution to patch this information in. This could be through RAG, enabling web-search-retrieval, or sticking to a solution that already has it integrated as a tool. Relying solely on the LLM without additional structure can be a recipe that leads to failure.”
Alongside this, a lack of consistency is the reality for a lot of off-the-shelf commercial models, he said.
Mercer continued, “This is based on the fundamental nondeterministic nature of LLMs – if two people ask the same questions, the answers will not be identical in wording, and sometimes can be radically different in interpretation. Unless additional structure is built around the LLM, this nature will likely leak into any interpretations. It’s not necessarily fatal in all cases, and it can be controlled, but it has to be considered when implementing AI.”
Reimagining workflows
The combination of AI, robotic process automation (RPA) and machine learning (ML) is serving to automate and enhance compliance efforts in financial services, claims UK-based RegTech FullCircl.
The firm remarked, “AI is reimagining even the most complex workflows, in fact the more complex the workflow, the more value AI automation can generate – AML, KYC, KYB, IDV, credit and affordability, pre-screening, fraud detection, risk management.”
FullCircl added that automated document collection, validation, cross checking, and compliance reporting on a single platform, ensures smarter, faster regulatory adherence, at lower cost and reduced complexity.
“Further AI, as part of a wider data orchestration platform is helping firms by ensuring that when regulations change, so too do compliance processes – workflows stay current, compliance officers are left free to focus on more complex decision-making, and customer experience remains unaffected,” it continued.
In terms of reliability, FullCircl stressed that language models like natural language processing (NLP) and natural language understanding (NLU) are proving incredibly valuable especially when it comes to generating plain-language summaries of legal documents.
The firm said, “However, for more complex legal language, oversight remains important – it’s an incredibly risk-sensitive and highly nuanced field, and as we’ve seen GenAI is still prone to errors, hallucinations, and inaccuracies. This creates the potential for malpractice and regulatory intervention. Whilst GenAI is a powerful tool for orchestrating legal workflows, when it comes to complex work human oversight remains necessary.”
Regulators, FullCircl believes, are fully supportive of AI-based compliance tools, although, they are aware of the need for caution and fostering the right balance between innovation and ensuring consumer protection and market integrity.
The company said, “Regulators support the fact that AI-based compliance tools have a key transformative role to play ensuring regulated businesses are always ahead of the increasingly complex compliance landscape both locally and across all jurisdictions of operation. A move away from manual processes and workflows towards a more dynamic tech and data driven compliance strategy will help firms keep pace in a way that balances the dual challenges of stringent regulatory compliance and delivery of superior customer experiences”
FullCircl gave the example of the FCA and the PRA, in particular, who have adopted a principles-based approach to regulating AI in the financial services sector. When deploying an AI-based compliance tool, it’s therefore vital that firms select the right partner.
“They must ensure that vendors are set up to help them meet regulatory requirements and navigate evolving compliance requirements. Likewise, it’s vital to work with partners that robustly defend information security and help focus on core activities without concerns over security vulnerabilities,” said FullCircl.
What are the risks for FullCircl when it comes to relying on AI for regulatory interpretation?
The company detailed, “There are some well-documented risks here – inaccuracies and misinterpretation, the potential for bias, reduced transparency, data privacy issues etc. But the real question is really – is the risk worth the reward? And to that I think the answer must be yes.”
Companies who are utilising the latest tech advances are staying ahead of ever evolving regulations. Rules engines are ensuring every decision is aligned with pre-defined rules, risk tolerances, and documented policies to improve control and transparency, and analytics ensure firms can demonstrate exactly which data and rules triggered a decision, meeting regulatory standards for explainability.
FullCircl added, “Orchestrating data from hundreds of global sources—PEP lists, sanctions, adverse media, credit, corporate registries, biometric ID verification, and bespoke vulnerability signals – ensures firms only rely on the most-up-to-date intelligence, reducing risk of false positive and misinterpretation. Also, In-life monitoring ensures regulatory interpretation isn’t a one-off snapshot but an ongoing, up-to-date process, and real-time datasets help firms flexibly adapt as regulations evolve.”
Drastic improvements
In terms of the regulatory tasks that are now being automated with AI, Supradeep Appikonda, COO and co-founder of 4CRisk.ai, the entire regulatory business process can be dramatically improved through AI, allowing Legal, Government Relations, Regulatory Affairs and Compliance teams to accelerate performance and respond to market changes faster.
He said, “AI is powering up processes ranging from regulatory horizon scanning, through obligations management, creation of rulebooks and compliance gap analysis.
Within the regulatory change business process, AI is further automating the once manual and error-prone tasks of applicability and impact analysis and carrying that through to an AI-driven workflow.”
Appikonda also remarked that AI is superb at analysis of large volumes of diverse information types and is getting particularly good at interpreting the intent of regulations.
He explained, “AI can parse documents from feeds to automatically extract changes, along with titles, sections, type (informative, prescriptive, prohibitive) to understand actionable vs. non-actionable changes, matter, type (disclosure, policy, and so on. to understand subject matter) and map the enterprise business taxonomy to automate the business impact assessment. All this gets done within a matter of minutes without any human intervention. That kind of analysis goes a long way to help regulators and legal staff determine risk and draft law memos on changes.”
A key question being asked, however, is what risks come with relying on AI for regulatory interpretation.
“GenAI based on large language models that are trained on public information can still get it wrong, so it’s best to use smaller, private, specialized language models trained specifically on a regulatory, risk and compliance domain to ensure a high degree of accuracy and more precise interpretation and content generation. The risk is the LLM may contain inaccurate information, or biased results,” said Appikonda.
Are regulators supportive of AI-based compliance tools? On this, Appikonda stated that the company is seeing regulators getting up to speed on what AI can do across the board and are very supportive. “They are highly engaged, giving valuable feedback to vendors and recommending that firms adopt AI where it makes sense,” he said.
Flipping the script
Madhu Nadig, co-founder at Flagright, said that until recently, keeping up with rule changes meant armies of analysts scanning newsletters and legal gazettes, then rewriting policies by hand.
According to Nadig, GenAI has started to flip that script. ”Large‑language models now monitor hundreds of regulatory sources in parallel, flag clauses that overlap existing controls, draft red‑lined policies, and even suggest training updates for frontline staff. Early pilots show turnaround times for impact assessments falling from weeks to hours,” he said.
Despite this, reliability is still bounded by context, he claims. Nadig added that GenAI excels at summarising well-structured statues, but it can misread edge-case wording or jurisdiction‑specific definitions. The firms getting real value treat the model as a first drafter and keep subject‑matter experts in the loop to verify nuance.
Nadig continued, “Supervisors are cautiously optimistic. The UK FCA and Singapore MAS now run sandboxes where firms can test AI‑driven compliance workflows, as long as they maintain explainability logs that show why the model reached each conclusion. Regulators’ main worry is over‑reliance: hallucinated interpretations, latent bias in training data, and the possibility that a model update silently changes policy advice. The safeguard is layered governance, version‑controlled prompts, audit trails, and a clear rule that humans sign off on any policy change before it goes live.”
At Flagright, Nadig stressed the company is embedding GenAI strictly as a drafting aid. He said, “Every suggestion is version-controlled and tied back to the exact source paragraph, so compliance officers can trace and approve (or reject) each change before it touches live policies. This keeps the speed benefits of GenAI without outsourcing judgment or accountability.”
Powerful mechanism
For AscentAI, with the overwhelming volume of complex regulatory information, financial institutions are looking for tools and capabilities to help them capture and understand changes quickly and effectively.
The company said, “GenAI offers risk and compliance teams with a powerful mechanism to succinctly and elegantly summarize regulatory documents, providing them with the information they need to work faster, set priorities, and make informed decisions.
“Taking it a step further, AscentAI enables firms with the ability to use GenAI to summarize specific regulatory obligations within these larger documents that directly impact them, providing the granular understanding required for decision-making and quick action.”
