Skip to main content

The EU AI Act and Financial Services: How are Financial Institutions impacted?


On August 1, 2024, the European Union’s AI Act came into force—the world’s first legal framework regulating artificial intelligence. Designed to balance innovation and risk, this regulation introduces a series of staggered compliance deadlines, with most provisions becoming fully applicable by mid-2026. However, some prohibited AI uses, such as real-time biometric surveillance in public spaces, will be banned within six months.

Fines for non-compliance will also be severe, reaching up to 7% of global annual turnover for violations involving banned AI applications.

The AI Act’s compliance obligations are still evolving, but organizations must start preparing now. The act introduces risk-based classification for AI systems and imposes specific requirements on developers and providers, particularly in regulated industries like financial services.

In the meantime, a lot has been written about this regulation. Supporters praise the EU’s proactive stance, emphasizing the need for transparency, security, and ethical standards in one of the most disruptive technologies to date. Critics argue that the regulation comes too soon, as AI is still evolving, and its full potential remains uncertain. Some believe it could place the EU at a competitive disadvantage, creating barriers for startups and smaller firms that lack the resources to comply.

Yet, well-designed regulation can drive long-term competitiveness. Companies that integrate security, privacy, and ethics early may avoid costly retrofitting later as global standards evolve. Additionally, trust-driven industries such as financial services may benefit from greater consumer confidence in AI systems that meet stringent EU standards.

The AI Act categorizes AI systems into five risk levels, each with specific obligations:

  • Unacceptable Risk: AI systems which pose an unacceptable risk are outright banned under the AI Act. This includes AI applications that manipulate human behavior, use real-time remote biometric identification (e.g. facial recognition in public spaces) or implement social scoring (ranking individuals based on personal characteristics, socio-economic status or behavior). However, AI systems used for military, national security or pure scientific research and development are exempted from this category.

  • High Risk: AI systems used for biometric and facial recognition, medical applications, education, employment, and certain public sector functions are classified as high-risk and must comply with strict regulations. While these AI applications are permitted, they must adhere to strict regulations governing both the AI system itself and its provider. This includes thorough documentation, pre-market conformity assessments and potential regulatory audits.

General-Purpose AI (GPAI): This category primarily includes foundation models such as ChatGPT. Unless the weights and model architecture are released under a free and open-source license, in which case only a training data summary and a copyright compliance policy are required, GPAI systems must comply with transparency requirements. Additionally, high-impact general-purpose AI systems must undergo a rigorous evaluation process to assess potential systemic risks.

  • Limited Risk: AI systems with limited risks, such as chatbots and image and video generative AI must meet transparency requirements to ensure users are aware they are interacting with AI. The EU’s primary focus for this category is on reducing manipulation risks and ensuring transparency. This includes obligations to provide a summary of training data and to implement policies ensuring copyright compliance, among other requirements.

  • Minimal Risk: Most AI systems fall into this category and are encouraged to self-regulate. Examples include AI used in video games and spam filters. Since these applications are considered low risk, they face minimal regulatory requirements under the AI Act.

This tiered approach ensures that regulatory efforts focus on high-impact AI, while allowing low-risk innovation to continue with minimal constraints.

Financial services have been identified as one of the sectors where AI could have the most significant impact. The regulation defines two high-risk AI use cases in finance:

  • Creditworthiness assessments (AI models used to approve/reject loans)

  • AI-driven risk assessment & pricing for life and health insurance

AI-powered fraud detection, money laundering prevention, customer due diligence, credit scoring, algorithmic trading, investment optimization, insurance underwriting, and robo-advisors all fall under the AI Act. These applications will now require greater transparency, bias mitigation and regulatory oversight.

The AI Act also references existing EU financial services laws, particularly those covering internal governance and risk management. These laws will continue to apply to financial institutions using AI. EU financial regulators will oversee AI Act implementation within financial services, including market surveillance and enforcement.

One of the biggest challenges for financial institutions is proving compliance with the AI Act’s rigorous standards, particularly in areas like transparency, fairness, accountability, and oversight. For large financial institutions, the number of AI systems could be in the hundreds. Those that developed or deployed AI before the AI Act came into effect will need to reassess whether these systems comply with the new regulations. Consumer protection provisions in the Act may also require modifications to existing systems.

Additionally, financial firms must determine their role under the AI Act:

  • Providers: Those developing AI systems must ensure compliance from the outset.

  • Deployers: Those using third-party AI solutions must verify compliance and manage risks related to misuse or malfunction.

To navigate this, financial institutions should:

  • Identify AI Systems – Catalog all AI applications and classify them under the AI Act’s risk framework.

  • Assess Impact – Map AI Act requirements to existing policies (e.g. Model Risk Management, Data Protection, Third-Party Risk Management).

  • Strengthen Documentation – Ensure AI models have transparent training data records, bias assessments, and regulatory compliance reports.

  • Review Third-Party AI Systems – Both providers and deployers share responsibility for compliance. Institutions customizing third-party AI must evidence additional controls.

  • Enhance Governance – Align AI oversight with EU financial regulations, ensuring compliance with risk management, transparency, and fairness.

  • Customer Communication – Inform clients when high-risk AI systems impact their data or financial decisions.

While the AI Act introduces new compliance burdens, it also presents opportunities. Financial institutions that embrace transparency and risk management early may gain a competitive edge as global AI regulations evolve. By taking proactive steps now, financial services firms can turn compliance into an advantage—ensuring trust, efficiency, and resilience in an AI-driven future.

Comments

Popular posts from this blog

Transforming the insurance sector to an Open API Ecosystem

1. Introduction "Open" has recently become a new buzzword in the financial services industry, i.e.   open data, open APIs, Open Banking, Open Insurance …​, but what does this new buzzword really mean? "Open" refers to the capability of companies to expose their services to the outside world, so that   external partners or even competitors   can use these services to bring added value to their customers. This trend is made possible by the technological evolution of   open APIs (Application Programming Interfaces), which are the   digital ports making this communication possible. Together companies, interconnected through open APIs, form a true   API ecosystem , offering best-of-breed customer experience, by combining the digital services offered by multiple companies. In the   technology sector   this evolution has been ongoing for multiple years (think about the travelling sector, allowing you to book any hotel online). An excelle...

RPA - The miracle solution for incumbent banks to bridge the automation gap with neo-banks?

Hypes and marketing buzz words are strongly present in the IT landscape. Often these are existing concepts, which have evolved technologically and are then renamed to a new term, as if it were a brand new technology or concept. If you want to understand and assess these new trends, it is important to   reduce the concepts to their essence and compare them with existing technologies , e.g. Integration (middleware) software   ensures that 2 separate applications or components can be integrated in an easy way. Of course, there is a huge evolution in the protocols, volumes of exchanged data, scalability, performance…​, but in essence the problem remains the same. Nonetheless, there have been multiple terms for integration software such as ETL, ESB, EAI, SOA, Service Mesh…​ Data storage software   ensures that data is stored in such a way that data is not lost and that there is some kind guaranteed consistency, maximum availability and scalability, easy retrieval...

IoT - Revolution or Evolution in the Financial Services Industry

1. The IoT hype We have all heard about the   "Internet of Things" (IoT)   as this revolutionary new technology, which will radically change our lives. But is it really such a revolution and will it really have an impact on the Financial Services Industry? To refresh our memory, the Internet of Things (IoT) refers to any   object , which is able to   collect data and communicate and share this information (like condition, geolocation…​)   over the internet . This communication will often occur between 2 objects (i.e. not involving any human), which is often referred to as Machine-to-Machine (M2M) communication. Well known examples are home thermostats, home security systems, fitness and health monitors, wearables…​ This all seems futuristic, but   smartphones, tablets and smartwatches   can also be considered as IoT devices. More importantly, beside these futuristic visions of IoT, the smartphone will most likely continue to be the cent...

AI in Financial Services - A buzzword that is here to stay!

In a few of my most recent blogs I tried to   demystify some of the buzzwords   (like blockchain, Low- and No-Code platforms, RPA…​), which are commonly used in the financial services industry. These buzzwords often entail interesting innovations, but contrary to their promise, they are not silver bullets solving any problem. Another such buzzword is   AI   (or also referred to as Machine Learning, Deep Learning, Enforced Learning…​ - the difference between those terms put aside). Again this term is also seriously hyped, creating unrealistic expectations, but contrary to many other buzzwords, this is something I truly believe will have a much larger impact on the financial services industry than many other buzzwords. This opinion is backed by a study of McKinsey and PWC indicating that 72% of company leaders consider that AI will be the most competitive advantage of the future and that this technology will be the most disruptive force in the decades to come. Deep Lea...

A bank account - A concept of the past

Almost every recent article written about banking starts with the statement that the   banking industry is being disrupted   by new competitors, new innovations and new technologies. Although this statement is definitely true, the extend of the disruption can still be debated. Even the most innovative neo-banks still work with bank (current, saving, term and investment) accounts, cards (credit and debit), traditional credits, existing payment infrastructure…​ The user experience surrounding the origination and servicing of these products has dramatically improved (and will continue to evolve), but the underlying banking products are not really disrupted. You could argue that banking products are so intertwined with society and our way of thinking about finance, that they can’t be disrupted, but looking at those products you cannot ignore that they are far from an optimal solution in our current digital world. Let’s consider   cards   for example. Isn’t ...

An overview of 1-year blogging

Last week I published my   60th post   on my blog called   Bankloch   (a reference to "Banking" and my family name). The past year, I have published a blog on a weekly basis, providing my humble personal vision on the topics of Fintech, IT software delivery and mobility. This blogging has mainly been a   personal enrichment , as it forced me to dive deep into a number of different topics, not only in researching for content, but also in trying to identify trends, innovations and patterns into these topics. Furthermore it allowed me to have several very interesting conversations and discussions with passionate colleagues in the financial industry and to get more insights into the wonderful world of blogging and more general of digital marketing, exploring subjects and tools like: Search Engine Optimization (SEO) LinkedIn post optimization Google Search Console Google AdWorks Google Blogger Thinker360 Finextra …​ Clearly it is   not easy to get the necessary ...

Peer-to-peer payments - A crucial component towards a cashless society

The Corona crisis has led to an exponential   decrease in the usage of cash , due to the associated hygienic problems and the enormous rise of eCommerce. While in commercial transactions cash is disappearing rapidly, it is however still commonly used for   informal money exchanges , like between friends, family, colleagues…​, but also those payments are becoming more and more digital, thanks to   peer-to-peer payment (P2P) solutions . These solutions drastically   improve the user experience   (removing friction) for both the person initiating the payment (= the payer) and the person receiving the payment (= the recipient), compared to a simple initiation of a wire transfer in a banking app. Before clarifying where those solutions bring most value, it is important to first identify the   typical use cases , where peer-to-peer payments are most common, as the P2P payment solutions need to optimally accommodate these use cases: Family giving a   cash gif...

The UPI Phenomenon: From Zero to 10 Billion

If there is one Indian innovation that has grabbed   global headlines , it is undoubtedly the instant payment system   UPI (Unified Payments Interface) . In August 2023, monthly UPI transactions exceeded an astounding 10 billion, marking a remarkable milestone for India’s payments ecosystem. No wonder that UPI has not only revolutionized transactions in India but has also gained international recognition for its remarkable growth. Launched in 2016 by the   National Payments Corporation of India (NPCI)   in collaboration with 21 member banks, UPI quickly became popular among consumers and businesses. In just a few years, it achieved   remarkable milestones : By August 2023, UPI recorded an unprecedented   10.58 billion transactions , with an impressive 50% year-on-year growth. This volume represented approximately   190 billion euros . In July 2023, the UPI network connected   473 different banks . UPI is projected to achieve a staggering   1 ...

From app to super-app to personal assistant

In July of this year,   KBC bank   (the 2nd largest bank in Belgium) surprised many people, including many of us working in the banking industry, with their announcement that they bought the rights to   broadcast the highlights of soccer matches   in Belgium via their mobile app (a service called "Goal alert"). The days following this announcement the news was filled with experts, some of them categorizing it as a brilliant move, others claiming that KBC should better focus on its core mission. Independent of whether it is a good or bad strategic decision (the future will tell), it is clearly part of a much larger strategy of KBC to   convert their banking app into a super-app (all-in-one app) . Today you can already buy mobility tickets and cinema tickets and use other third-party services (like Monizze, eBox, PayPal…​) within the KBC app. Furthermore, end of last year, KBC announced opening up their app also to non-customers allowing them to also use these thi...

Marketplaces in the financial industry - Here to stay?

Marketplaces are   hip and trendy   on the internet and will likely evolve even more in the near future. In some markets (like food delivery, transportation, commerce, holiday…​) they already represent double digit market shares (e.g. in 2018 $1.86 trillion was spent globally on the top 100 online marketplaces), but for the financial services sector, their impact (even though there are a few unicorn FinTechs in this space) on the industry is still limited. Any form of   intermediation   (travel agents, taxi dispatchers…​) will likely be replaced by a modern, digital and more direct equivalent, i.e. a digital marketplace. As the business of banks is exactly the intermediation between people having excess money and people needing money, the financial services sector will be significantly impacted. Furthermore, marketplaces are strongly intertwined with other concepts like the   gig-economy, the sharing-economy and the API-economy . All these trends will ultimately...