2026-03-19 Return to Briefing

Global Regulators Converge on Comprehensive AI Governance, Mandating Frameworks for Risk, Resilience, and Ethics

Global Regulators Converge on Comprehensive AI Governance, Mandating Frameworks for Risk, Resilience, and Ethics

Emerging trend with significant business impact in the 12-24 month horizon.

Access Primary Source
Global Regulators Converge on Comprehensive AI Governance, Mandating Frameworks for Risk, Resilience, and Ethics** **Key Finding:** A global regulatory wave is solidifying, moving from principles to prescriptive rules for AI. Financial institutions face urgent, non-negotiable mandates to implement comprehensive, auditable governance frameworks covering data integrity, model explainability, third-party risk, and operational resilience to meet imminent deadlines from the EU's AI Act, DORA, and heightened scrutiny from US regulators like FINRA and the SEC. **Detailed analysis with evidence and source URLs:** The period leading up to 2026 is defined by a global regulatory push to establish robust guardrails for AI in finance. In the EU, the **AI Act**, formally approved in March 2024 and finalized in May 2024, classifies many financial AI systems (e.g., credit scoring) as "high-risk," imposing strict requirements on data quality, human oversight, and transparency. This is compounded by the **Digital Operational Resilience Act (DORA)**, fully applicable from January 17, 2025, which mandates stringent ICT risk management for AI systems and rigorous due diligence on third-party AI vendors to ensure operational resilience. Failure to comply poses significant financial and reputational risk. * **Source:** European Parliament, "AI Act: MEPs adopt landmark law on artificial intelligence", March 13, 2024. [https://www.europarl.europa.eu/news/en/press-room/20240308IPR19015/ai-act-meps-adopt-landmark-law-on-artificial-intelligence](https://www.europarl.europa.eu/news/en/press-room/20240308IPR19015/ai-act-meps-adopt-landmark-law-on-artificial-intelligence) * **Source:** EY, "DORA: What financial institutions should do now for 2025 readiness", May 15, 2024. [https://www.ey.com/en_ie/financial-services/what-financial-institutions-should-do-now-for-2025-dora-readiness](https://www.ey.com/en_ie/financial-services/what-financial-institutions-should-do-now-for-2025-dora-readiness) In the US, regulators are leveraging existing rules to govern AI. **FINRA's Regulatory Notice 24-08** (April 22, 2024) explicitly reminds firms that obligations for supervision, data integrity, and suitability fully apply to AI systems. Concurrently, the **SEC** continues to warn against "AI washing" and conflicts of interest, signaling a tightening focus on disclosure integrity. This unified regulatory pressure necessitates significant investment in internal governance, including the appointment of Chief AI Officers and ethics committees, to ensure compliance and maintain a license to operate. * **Source:** FINRA Regulatory Notice 24-08, "Reminds Member Firms of Their Obligations Regarding the Supervision of Artificial Intelligence", April 22, 2024. [https://www.finra.org/rules-guidance/notices/24-08](https://www.finra.org/rules-guidance/notices/24-08) ---