🎧Artificial intelligence in the financial sector is firmly on supervisors’ radar – but what are they actually looking for? In this episode, Annerton partner Josefine Spengler joins Dana Wondra from Payment & Banking to discuss how supervisory authorities assess AI systems in practice. In part two of our “AI in Finance” series, the focus shifts from strategy to supervisory reality. – Tune in!
Table of Contents
AI under supervision: not a special case, but part of IT governance
The key takeaway: from a supervisory perspective, AI is not treated as a stand-alone innovation project. Instead, it is primarily regarded as an IT/ICT system with specific risk characteristics and assessed under existing regulatory frameworks – in particular DORA.
Governance over hype: what really matters in supervisory reviews
The decisive question is not whether AI is used, but how it is embedded, governed and monitored within the organisation. Supervisory reviews therefore concentrate on fundamental governance aspects:
- Who is accountable for AI-driven decisions?
- How was the model developed and validated?
- How is it continuously monitored?
- How can outcomes be explained and traced?
Performance metrics alone are not enough. Supervisors increasingly focus on traceability, controllability and clear allocation of responsibilities.
DORA meets the AI Act: breaking down silos
Complexity increases where DORA and the EU AI Act apply simultaneously. While DORA addresses operational resilience, risk management and third-party oversight, the AI Act follows a risk-based approach with requirements relating to transparency, documentation and human oversight.
For financial institutions, this means AI governance cannot be organised in silos. Treating regulatory requirements separately may lead to parallel structures instead of an integrated control framework.
From snapshot reviews to continuous supervision
International discussions, including at OECD level, highlight that the real challenge lies less in creating new rules and more in applying them to dynamic, evolving systems. Supervisory practice is therefore shifting – from one-off assessments towards ongoing monitoring and more dialogue-driven reviews.
Conclusion: AI is a management responsibility
The future of AI regulation will not be determined solely by legislation, but by practical controllability. AI is no longer merely an IT topic – it is a management issue.
Institutions using AI must be able to demonstrate:
- how decisions are generated,
- how risks are monitored, and
- how intervention is ensured where necessary.
About This Podcast
Alles Legal – Fintech Law in Brief delivers weekly insights into legal and compliance topics in the banking and fintech sectors.
This podcast is a collaboration between Payment & Banking and PayTechLaw.
Each Wednesday, our experts explain current legal developments in a clear and concise way – no legalese, just the context you need. Since 2021, PayTechLaw authors and Annerton lawyers have been bringing legal depth to the mic without losing clarity.
Whether it’s PSD3, DORA or FiDA – we provide the background you need. In 20 minutes. Straight to the point.
