Name: AI in Financial Services: What Compliance Needs to Get Right
Uploaded: 2026-03-03T17:06:06.048Z
Duration: 50 min 8 s
Description: AI in Financial Services: What Compliance Needs to Get Right

Transcript for "AI in Financial Services: What Compliance Needs to Get Right": All right. Hi, everyone. Welcome to the Comply panel on AI and financial services. My name is Allison Cooley, and I'm the senior director of product marketing over here at Comply. I'm super excited to be joined by my fellow colleagues and panelists today. You know, we've had conversations internally just about how AI is showing up in financial services. There's a lot of buzz. There's a lot of, you know, confusion, and we're here to answer a lot of those questions. So before we get into it, before I introduce our speakers, I want to take care of a few housekeeping things. So I we have a we'll be sending a recording of today's session out to everyone who's registered and anyone who's live here in the audience, so you'll be able to watch it after the fact. We also have a few members of our team here today that are monitoring the chat, so feel free to engage with other attendees there. I know there's a lot of questions. Some of them we proactively thought through in advance. We're gonna try and get to those as much as we can, but they're nuanced. So based on your firm profile, how your business is run, how big your business is, we wanna make sure we have a little extra TLC in the way that we answer those questions. So we're going to take a lot of those offline, and a member of our team is going to reach out to you individually to clarify some of those things. So without further ado, I would love to welcome my panelists. I'll start with David Bliss. David, can you introduce yourself rather? Sure, absolutely. Thanks Allison. Hi everyone, David Bliss here, Chief Product Officer at Comply. So my team is responsible for setting our product roadmap, research and development, what are we going to do to improve our current products, and what should we look at investing in for future capabilities and offerings in order to ensure that we stay ahead of the curve both regulatorily speaking and, in terms of the technology. And of course, the big question on that front is AI and how is AI going to disrupt, financial services in general and and regtech specifically and that's a little bit about what I'll talk about today. Great. Jennifer, I'm going to toss it over to you next. Thanks, Allison. Hi, everyone. I'm Jennifer Jansen Myske. I recently joined Comply as a Senior Vice President of Regulatory Services. So, I'm leading the expansion of Comply's consulting capability for our comprehensive, enhanced, and managed services offerings. Before joining Comply, I spent fifteen years at Ernst and Young providing compliance consulting and assurance services to wealth and asset managers, focusing on areas such as compliance program design, SEC exam readiness, regulatory change management, and compliance operating models. And it's great to be here with you all today. Thanks, and welcome to Comply. We're so excited for you to be here. And then last but not least, we've got Jeremy. Jeremy, can you take a second to introduce yourself? Hi, everyone. My name is Jeremy Trinka. I'm the CISO here at Comply. My team is responsible for all things cyber here at Comply to include security operations, incident response vulnerability management, as well as compliance and governance related concerns as they relate back to information security. So I've got about fifteen years of experience in the cybersecurity industry, and that's spread across federal governments, government contracting, healthcare, and of course, services. Great. And so you can see why I picked these three to join us today. They all bring different perspectives from the product side, the security side, and then, of course, the regulatory pieces, because we all know that the regulators can be a little vague, and there's a lot for us to cover here. So, David, the first question I've got is for you, which is what is the difference between AI, LLMs, AgenTeq AI, and how these things are structured. So if you could give us a compliance leader overview and their terms of kind of what this looks like. Yeah. So various types of AI technologies have been around for a long time. Right? Almost ten years ago, I launched my first machine learning computer vision product, but that was before generative AI and LLMs. So then right around what 2020, 2021, ChatGPT and some of the other models took off. So large language models really were taking the AI capabilities from prior generations, training them on natural language communication on top of a massive amount of content from things like the entire Reddit database and the the World Wide Web at large. And so all of a sudden you had AI via these LLMs, at your fingertips as a non technical retail type of user, right? And so now LLMs can replace a number of basic web browsing searching capabilities. And so generative AI in my overly simplistic explanation is AI that helps generate content. So we've all probably used LLMs, Claude, ChatGPT, Gemini, Copilot to draft documents, to draft website copy, if you're in marketing, right, Allison, to draft PDF product collateral that we then look at and tweak and publish, or to create or generate summaries of emails, documents, recorded meetings that you missed. So that's generative AI, right? What I think about differently is this next evolutionary phase, which is agentic workflows or AI agents, where it is designed to accomplish a task. And I don't just mean answering questions in a chat. That that doesn't really count as an agent. Right? So, things like self driving software, autopilot, and the like, that is an agent that is accomplishing a task that is designed to do for the humans involved, right? And there are many, many other examples, but, as we look at how agents can take our products to the next level in the compliance world, it would be things like, can this agent answer policy related questions or SEC rule interpretations and not just answer the question but then direct you or even complete a workflow for you based on that answer. Right? So can it submit a trade request on your behalf as an example, or can it complete the certification on your behalf and the human just has to verify that it's accurate and speed up the job, that traditionally the human would do fully manually. So again, high level, overly simplistic overview, but LLM, generative AI, chatbots now taking that technology to interact with the human to accomplish specific and in some cases complex tasks via agents or agentic workflows. Thank you for breaking it down. I think it kind of gets misconstrued often, and so it's really important to know the differences because my next question is both for you and Jennifer, is, like, what are the most common cases or use cases rather that we're seeing in financial services? So before we get into that, we did run a CCO survey a few months ago, and so I'm sure someone in my team is gonna pop these numbers in very quickly. But from the survey results, we, surveyed a lot of compliance leaders across The US and The United Kingdom, and they reported that 63% are leveraging AI for risk scoring and alerts, 60% are leveraging AI for document summarization, so, David, to your point, And then 53% are leveraging AI for marketing communications review. So would love for you guys to expand on that or add a couple other use cases of where you're seeing this show up in your conversations with clients. Jennifer, I'll point it to you first. Sure. So I'm seeing a lot of variability here, but some of the things that we're seeing is the virtual assistant model, which is enabling firms to process large volumes of data for things like due diligence or investment research. We're seeing some other support models with client experience and communication. So this can be a virtual assistance and chatbot model that you guys were alluding to earlier, as well as maybe getting sort of behavioral insight interaction analysis and client sentiment by monitoring client communication. We are seeing AI used in surveillance activities as well. And then finally, I would say another big area is around data extraction to help analyze rules, help with things like your compliance rule engine, things like that. Yeah, I think you nailed it Jennifer and Alison, you said a couple of good examples where we see with the most frequency AI being used within the financial compliance space already. Electronic communications, surveillance, right, sifting through the vast amount of emails, text messages, teams, Bloomberg, Zoom chats, archiving and off channel communications has been a hot topic with the SEC and the financial services industry for many years. And so you can do basic things and look for key words or phrases, right? But AI is far better at sifting through vast quantities of text and identifying any potentially problematic or risky language. Same thing with marketing review or advertising review. You don't have as large of a volume to review but, you have again very clear risky phrases, guaranteed returns and things of that nature. So AI is pretty good already at identifying risky language in those draft marketing materials, advertisements, etc. And not only that, but now recommending potential changes to the wording that would be less risky, while at the same time recommending the specific disclosures that you have to make as per the marketing rule when you do talk about performance or other things. You have to be very careful on exactly how you do that. AI is good at those types of things already. Thank you both. I think that, that's just such a solid point, and it leads me to my next question, which is directed at Jennifer, course, because we've got to talk about the regulatory landscape, right, because that's why we're all here. So, so much always is changing with what's going on with regulators in The U. S, U. K, globally, right? So, can you give us an overview of where we are and what the key requirements that we're aware of today with these regulators and what the people on this session are desperate to know more about, which is, you know, how it might show up in exams and things like that? Of course. So the AI regulatory landscape in financial services is evolving quickly as regulators balance innovation and risk management. So firms are having to navigate expanding guidance around things like model risk, bias, privacy, explainability, with a lot of uncertainty that we have right now. So regulators have been increasingly engaged, especially in The US, and supportive of responsible AI, but there is not a unified global framework. So as a result, firms need to be flexible with their programs and be able to adapt as these regulations evolve. But I think it might be helpful if we give you a bit of an overview of the divergent market approaches that we're seeing, really across The US, EU and APAC. So I'll start with the EU because they are the furthest along in that they were the first to provide regulation known as AI Act. And it is largely expected and has been to some degree to serve as a blueprint for other regulators across the globe. And what it does is it classifies AI according to its risks. It also prohibits certain unacceptable risks, such as social scoring, manipulative AI. But one of the main components of this regulation is addressing high risk AI systems and making sure that there are appropriate safeguards in place. Now if we look at APAC, which has taken a somewhat different approach. So they initially were fairly hands off and relied on voluntary guidelines that focus on things like ethics, fairness, accountability, which really contrasted with the EU. However, more recently, several jurisdictions such as China, Singapore, and Japan have recently enacted more binding sector specific rules, especially in finance. So we are seeing more prescriptive rulemaking here. Some of the themes that we're seeing, particularly at APAC include topics like addressing deep fakes and misinformation, as well as data privacy. But I know we what we really wanna focus on here is is The US, and this is probably the the more complicated story, which is that currently, there's no federal legislation or regulation in The US that regulates AI. However, we have seen some federal and state activity that you should probably be aware of. So over the past year or so, several states have passed their own laws, including bans on deep fakes and disclosure requirements. There's also been quite a bit of action from the executive branch. In January 2025, Trump issued an executive order removing barriers to American leadership in AI, which calls for federal departments and agencies to revise or rescind guidance that would be considered an impediment to the advancement of AI. Similarly, in July 2025, the administration published the America's AI action plan aimed to secure US AI leadership and promote innovation. The US Congress has also considered numerous AI bills covering a range of issues, which have largely emphasized voluntary guidelines and really an effort to foster innovation. So a lot of these initiatives, as you can see, especially from the federal level, have been pro innovation, pro AI US leadership. But probably the most significant and most recent action we've seen from Trump, which was in December 2025, is that he actually issued an executive order aimed at preventing state level AI regulation. So the question is, where does that leave us? And what does that really mean for you guys? And so I guess first, I would say that the expectation is that the executive order blocking states from regulating the AI initiatives that have already been put out. We expect that to receive major challenge, and we've already seen that from the states over the past couple of months. But until a federal law or regulation comes out, we are operating in a patchwork of existing federal and state laws, which we know is creating a heavy compliance burden for firms. So financial institutions are ultimately following regulators, sector, and agency led guidance covering areas like anti discrimination, consumer protection, explainability, conflict of interest. But at the end of the day, firms are ultimately being left in a position where enforcement and litigation are preempting regulation. Yeah. I mean, that it's as clear as mud in a lot of ways. Right? So and I mean that enduringly because it's really difficult to navigate this, but at the end of the day, AI is technology, and technology has its own requirements. Right? And so from a regulatory perspective, if you're using AI and you don't understand how it's working or what it's doing or how it's making decisions in critical workflows or things like that, marketing review, e comms review, trade review, things like that, you get into a really sticky spot. Because if you can't explain it and the regulator asks you to explain it, you can't be like, oh, I used AI. That's not going to satisfy them. It doesn't satisfy them in today's regulatory environment with normal technology. It's not going to make them happy when that comes in. So from that perspective, I want to segue quickly into David and Jeremy and talk about responsible AI development, privacy concerns, and things in that kind of realm of the world that people need to be thinking about. Jeremy, I know that I was the person who championed bringing AI into Comply. And you I had to go to you, and I had to, you know, walk you walked me through what we were looking at. And so I had a great experience with that. So this, you know, compliance professionals are looking at at at adopting AI, whether it's in an existing technology, like a compliant technology or something else, or if it's adopting cloud or open AI or things like that nature, where are the things that compliance officers need to be asking about, and what does that procurement look like? Yeah, for sure. So, I think from a procurement perspective, I'll zoom in on that a little bit because I think the first thing to really consider is the fact that when you're procuring AI, really you're procuring software. And I know this is a little bit of a controversial statement, but at the end of the day, AI is software and all software inevitably will contain AI. So when you look at that and you think about how you procure software, what are the primary things that you're considering from a cybersecurity perspective? The first thing, data handling. What data is being collected by the platforms? How is it being handled within these AI systems? Is it being reused to train additional AI models? Is there a proper segregation between customers and clients once the data is in the platform? The second piece I would hone in on is validating the vendor security program. Have they undergone any independent audits? You'll typically look for things like your SOC two, ISO 27,000. There's some emerging standards as well that ISO is coming out with like 42,001 framework for AI management systems. Plus as Jennifer had keyed in on as well as things like the EU AI Act that are all really focused in on establishing standards that AI platforms are expected to adhere to based on where you're accessing it from. But it also kind of sets a framework for what security expectations are out there in the ether that AI platforms will be developing against. So, the third piece I would hone in on is change management and how platforms are changing AI every day. There's something in the news. I mean, I can't tell you the last time I went a day without seeing some new news about how AI is disrupting an industry or new jobs are at risk. All of that isn't a strong indicator of this ever changing and evolving market. And what you need to be thinking about is how does that change impact your key business processes, especially if you align them to AI. If you decide to say implement agentic AI to perform specific business functions, if that is scaled back, changed as a result of strategic decisions on software providers and what is the net result to you? Are there any data or privacy impacts? Fourth, would hone in on auditability because any AI system, data that's going in, what you're querying for, all of that should be able to be audited. You should be able to navigate either a series of usage reports or the dashboards, API posts, depending on how technical you wanna get. I'll try to keep it high level, but generally your ability to audit and supervise the use of AI to facilitate your business functions is key. So, I'll turn it over to David to provide a little bit more additional insight. Yeah, I mean, at a really fundamental basic level, certain products, the licenses for things like ChatGPT or Claude, the level of the license will determine what your data can and can't be used for. So again, fundamental level, if you are using a personal free license of one of these tools, be very, very, very careful what you talk to it about or which documents you load, because it's likely that you are training the broader model and that data is no longer private. So hopefully you're all aware of that. Now if you used a very similar product but in an enterprise license, the answer changes and your data is likely protected and is not being used for broader model training and development purposes, but those are the questions to ask. And then, you know, to Jeremy's point, think about the use case and what do you what problem are you trying to solve with this software which may or may not include AI? And do you really need AI to solve that problem well or is it already pretty well solved? If you think that AI does bring good additional value, then what data would the AI need access to to solve that problem? And how are you going to make that data? Documents, communications, databases. How are you going to make it available to that tool? And is that a secure connection? So of course for really small businesses, you don't have smart people like Jeremy because you may not have a CISO, right, in terms of the way that he's smart. You've got smart people that are smart in other ways. But at an enterprise level or a medium sized business level, you probably have CTO, CISO, general counsel, or you need to partner with those people, with your procurement team, and run through a formal DDQ, you know, due diligence process and make sure that you know exactly which data elements it's going to require, how it's going to be connected, and how that data that is ultimately your data or your customer's data will and won't be used, where it will be stored, etcetera. So hopefully that's helpful. It's extremely helpful and I think there's probably a lot of people diligently taking notes of everything Jeremy just said and thinking to themselves. I will watch that recording. I'm sure the question and I will if I look at the questions, I'll get distracted. But, Jennifer, I want to bring it back to the regulatory perspective that we were talking about earlier, because David just mentioned some of the small advisors when we're talking about security and procurement. So, like, from a small advisory standpoint or small compliance teams, like, what is some practical guidance that they should be focused on? Like, I I have worked at small in small teams, and, like, every minute matters. Right? And so AI can do things in a second that would take a human five hours. So it's a very attractive thing for people to start leveraging, but also a small team is not wanting to get in hot water with regulators. So talk to us about that a little bit. That is absolutely a fair question. So maybe let's just focus in on the Advisors Act and the core principles there and talk through some examples. When you think about the Advisors Act, some of the principles are fiduciary duty, disclosures, marketing, record keeping. So what we want to be able to answer and think through is how those principles apply to AI. So when we think about fiduciary duty, we might think about how AI is used in investment decision making. Generally, I would say that this is a pretty high risk area. And if you were making the decision to use AI in this area, then you should expect scrutiny around documentation of how decisions are made, the transparency and explainability of the tool, monitoring to make sure that the recommendations align with the client profiles, and that there are appropriate disclosures of any material complex, especially if the AI outcome could favor the advisor economically by recommending maybe higher fee funds. So for that reason, we really hadn't yet seen widespread adoption of fully autonomous AI driven investment decisions. So that would probably be the first place that I would look at. But data governance is also critical. So looking at the data quality that's being used by the AI tool, because that means that advisors really need to maintain strong controls around those data sources and making sure that they've got strong controls around privacy and the protection of confidential information. That just becomes more heightened when you are using AI. The marketing role similarly, is a big one. This is the number one area where we've seen enforcement actions to date, when firms have been overstating their use of AI in marketing materials. So, would definitely flag that from a practical focus area standpoint. And then finally, AI generated communication. So if you're using chatbots, if you are using AI to summarize meetings, make sure that you are keeping track of those and maintaining those as part of your rule two zero four-two recordkeeping requirement. We have gotten so many questions around the AI notetakers and if that's sent out. And David, is an article that went out. I'm not going to name the VC firm. But there was a VC firm that pitched a startup. Or rather, the startup pitched the VC firm up. And they had this meeting. The meeting was recorded. Startup leaves the meeting. The venture capitalists are still on the call. They talk about how much they hated that startup. They talk about MMPI across different companies they're talking to. Jeremy's nodding. This is a nightmare of what happened next. But what happened next was they were like, Bye. And unbeknownst to them, something was configured that decided to send the transcript out to the start up because they were in the original meeting invite. So not only did the start up get feedback about their start up, but they were able to get access MMPI information in a very scary way, and then it turned into this whole books and records conversation for a lot of different people. And we don't have to, you know, solve for all that because it is nuanced with regards to what's being, you know, what's being, said in that conversation. But, Jeremy, I know this is, like, ringing alarm bells. And so from, like, perspective of that, not just compliance technology, but that's such an easy mistake to accidentally make. You shouldn't say poor things about people on calls, but, you know, we'd love some some opinions that you've got over in your head about about how that went wrong. Sure. I'll go ahead and kind of start and then I'll pass it back to I think it comes down to good hygiene. Honestly, I think the general AI landscape has changed what we consider to be general hygiene with how we work. There was probably a day and age where we expected things like voice communications and video communications to remain confidential, remain one to one. Now with things like AI note takers, those things are very quickly becoming documented that immediately makes them discoverable and all kinds of things. I think it starts with just being aware of the fact that this technology exists and it may be involved in a variety of ways with your day to day work, especially as we kind of continue in this remote landscape, where we're frequently on Zoom calls or frequently on Teams calls, just generally understanding to look out for things like the fact that something is being recorded and transcribed and acknowledging that fact. From your perspective, if you're looking out for risks associated with that, you may not want to automatically have your calls recorded and transcribed. A lot of places are taking that as a best practice just to ensure that they don't run into similar situations like you described. But I kind of hate to say it, but it's almost unavoidable at this point. Just need to begin to change our norms with how we work relative to AI and understand that it is ingrained in the digital workplace. Yeah, I think first my sort of ironic reaction when I saw that story is the AI tool is clearly capable of summarizing a transcript and paraphrasing. Right? So at some level it quote unquote understands that one group of people was speaking poorly of another company and maybe speaking of entirely unrelated third party companies, but it also has no intelligence around maybe I shouldn't send this because it is still after all just software and there was a rule in the software that says after the meeting you send this to all participants from the meeting. So, you know, intelligence in some cases is kind of a stretch in the AI world still, which is why I'm not too worried about losing my job tomorrow. Now eventually all of the context that humans are pretty good at and the sort of obvious, maybe you shouldn't send that to these people kind of conclusion will be in AI set of capabilities. But I think we're a long way off from that. So for any of you who are worried about your job, hold out hope for a little longer. Yeah, common sense can go a long way. Yeah, common sense not being so common, especially with AI tools still, right? I'm sure they will get there, but when, who knows? To Jeremy's point, know when the tools that you use regularly are utilizing AI. It's hard to know because in this day and age software is everywhere and everything and if you have a desk job, if you're in financial services or if you're in software industry like we are, desk job, right? You're interacting with a million pieces of software a day. But for those things that you use regularly, understand what the defaults are. So like Zoom or Teams now will often have note takers transcription recording turned on by default. Maybe turn it off by default when you are talking to clients. Even in our own discussions with clients, some of them love when we record and then send them transcripts and summaries of those transcripts powered by AI. Some have very strict policies and have had to tell people, hey, I see the red light is on, turn that off because I know that it's going to be subjected to the AI tools. So just be really careful and conscientious that you always know where it's already being used and what control you have over what is default versus what is opt in. Opt in versus opt out is very important. Mhmm. So I'm gonna my next question's for Jennifer, and it's, like, the the phrase of the SEC, which is they keep using this phrase reasonably designed. Right? And so we've talked a lot about AI, how it's used, how it could be used, the risks, the things, all that. But when it comes down to it, there needs to be a governance framework. And the SEC is telling us it needs to be reasonably designed. So what's your advice to people on this webinar who are trying to unpack exactly what that means? Yeah, fair question. Well, I do think that the SEC is quite intentional with the language that they're choosing. But the good news is that there are some emerging standards guiding AI governance. And I would say most frameworks align around five core pillars. So I'll go through each of those. The first one is governance and accountability. Really, firms are establishing AI oversight committees to evaluate use cases, assign accountability, and ensure cross functional input, especially from teams like compliance, risk, technology, and the business leaders. So that'll be the first one. The second one is AI specific risk management. So organizations are building lifecycle risk frameworks covering development, deployment, monitoring, and this includes risk tiering use cases, enhanced model risk controls, strong data governance, change management, and importantly, explainability. The third one is policies and guardrails. So firms are implementing clear, acceptable use policies, defined approved tools, data restrictions, required human review, and prohibited uses. We do see a lot of firms restricting public AI tools for all of the reasons that David mentioned earlier. So that is probably recommended best practice. The fourth pillar, would say, is testing and ongoing monitoring. So this is something that would include things like accuracy testing, stress testing, drift monitoring, and really taking a risk based approach and focusing on the highest risk AI cases. And then finally, last but not least, is training, disclosure, and vendor oversight. So effective programs should include employee training. They need to have transparent disclosures to clients, and they absolutely need robust third party oversight of AI vendors, as we've already talked to you a little bit about. Thank you. That's very helpful, I think. And it leads me into another question I'd like to to ask Jeremy, which is, you know, in compliance policies and procedures are sort of the rule book. Right? They need to be updated. They need to be reflective of what the firm is doing in practice. So I know that, you know, when we procured AI, for example, we had to adjust our policies and procedures internally. And, you know, we're not a firm, so we don't have policies and procedures. We have our own handbooks and manuals that we've got. So what are some ways that, you know, different types of compliance teams, the small ones, midsize, and enterprise. I think enterprise are probably a little bit more sophisticated with the resources, but maybe the smaller teams of, like, how to work with, you know, the IT team, security team, other leaders who are responsible for employee guidelines and handbooks and manuals in developing those policies and procedures? Sure. So I think in general, in a lot of ways, AI constitutes a need for its own policy within organizations. And that policy should really encompass a handful of things. What does acceptable use look like is probably one of the biggest ones. Bringing it to a higher level, what about ethical considerations that you are going to allow when you permit AI to be used within your organization? And then clearly defining the outputs that are expected and who the responsibility of those outputs is are all key. I think that AI kind of operates in a space where it can blur the lines of responsibility in terms of who's taking ownership of this deliverable before it's being provided to a client. I don't think the SEC or FINRA are going to be able to confidently point to any AI model and say that it's their fault. At the end of the day, anything that's coming out of your organization that has been produced by you, regardless of what tool and whatever you call it, is going to be your responsibility. So, the foundation for this policy should define those very clearly, be explicitly spelled out and put on paper and socialized. And I think that's kind of a key piece that gets missed a lot too when it comes to policies such as this, is honing on that recurring training piece as well. You're going to want to set the policy, ensure that you're actually doing the policy, adhering to it, whether that's outlining your acceptable tools list, actions that are not permitted, but then confirming and verifying that a message sent is in fact the message received. Thank you. That's super helpful. Laid out, David's going to talk. Right, on that same front, so as a provider of software, what we have to be really careful of, because of course all of our clients are financial services entities for the most part, right? So what we have to be really careful of is AI washing. So in the before times, a few years ago when ESG was the hot topic in financial services, greenwashing was a concern, right? Whereas like, oh, everything's green, this fund is green, that investment's green, this is company. And everyone was rightly being monitored carefully by the SEC for this greenwashing nonsense where people were claiming everything was environmentally friendly, etcetera. And in some cases it was, and in many cases it was just marketing. And so the same thing has happened with AI. We can't AI wash because to Jeremy's point and to your point, Allison, a bunch of our clients, especially in the enterprise side, have very strict policies against AI being used in many or all of their workflows and their vendor provided software. So we have to be extremely clear about where AI is being used and what for and why and where it's not, so that we can tell a client who asks for this in writing whether or not they have been exposed to AI without their express written permission. Translating that to the other side of as a financial services compliance officer, the question is, do you know if your partners and vendors are AI washing? Are they really using AI or is it more a sales pitch? And if they are using it, exactly where and for what purpose? And are you okay with that versus the parts of their products that are not being powered by or using AI. I think in non regulated industries it's easy to just claim you're AI native and everything's AI because it sounds good and you look innovative, but you can't be doing that as a regulatory technology provider. Right. I mean there's a huge difference between machine learning, which has existed for a long time, right, in AI and I think people are using that interchangeably, and I'm glad you touched on that David because I think it's a big big area of concern, and we only have a few minutes left, which leads me into my final question. So, you know, what is the one question each of you would ask, or rather, what is the one question about AI that compliance officers should be asking their executive teams right now. So I've heard from some of our clients that are like, AI is off the table. We need to really understand it to go go move forward. I've heard from another client that's like, I have to procure so much AI software. Like, it's insane. So, I'll start with Jeremy and then we can pass it around. Sure. So, I'll kind of play off a little bit of the last question because I think if I was to ask one very simple, succinct question about AI, it would probably be along the lines of, if something goes wrong, who's personally accountable? AI in general kind of gets rolled out in a way that blurs that. And when I say who's accountable, I'm talking about a person. Not a department, not vendor, not a model, a named individual. And with AI blurring that responsibility, leadership often may not be able to clearly identify who owns specific outcomes. If things are rolled out in broad sweeping ways that may not adhere to policy or your intended approach. And if they're client facing, it leads to potential governance gaps for sure. And this is where things like human in the loop reviews are really key, ensuring that any kind of outputs that you're aligning to an AI tool or vendor are receiving that human reviewer sign off is really critical. Establishing that policy that clearly defines the expectations for people to know that if they are using AI, they're responsible for the outputs. All of these things are really key considerations for executive teams right now to be thinking about because it's not just something you can just kind of bolt out and expect people to norm into daily processes and expect efficiencies to just come out of the narrow. So that's where I would go. David, do you want to take it next? Sure, I'll try to be brief. So the one question I would ask the board or leadership team as a compliance officer is what are we trying to accomplish with AI? Whether that's right now, short term or long term, especially in context where you're getting pressured to use it more frequently. Because what I've seen is a lot of times it's FOMO disguised as strategy, right? Like if there's actually a strategy and there are specific outcomes to Jeremy's point, then that answer should have pretty good specificity. We're trying to see X percent increase in productivity across all employees, compliance included. Okay, so it's personal productivity. Or we're trying to show that we're innovative with our, clients and prospects and compete better in the market. Okay, well then maybe that's a different, set of solutions to solve that problem. But if you have stakeholders who struggle to answer what the outcome is that they're hoping you achieve with AI, that's probably the FOMO disguised as strategy point of view. And that's where you'd be wise to take a step back and go, is this just because they think we need to because they see it in the news every day? And if so, I should be pretty uncomfortable with that. That's such a great point. I mean, get a lot of questions, of course, in my role of that, and my first question is always, what are you trying to accomplish with AI? Because I'll get questions from our team. I I mean, I may probably learn that from you, but, it it really is, like, the keeping it simple is sometimes the easiest. Right? Like, what are we trying to do here? And then we can figure it out from there. So, Jennifer, last but not least, what would you be telling a compliance officer that they should be asking their executive teams? Sure. Well, coming from my compliance background, I think I would ask the question, if our highest risk AI use case fails tomorrow publicly, could we prove that our governance was reasonably designed and actually working? Because when the regulator comes in, the questions that they're going to ask are, do you know this use case was high risk? How was it approved? What controls were in place? Who monitored it? And they're going to want to know that you're able to defend your AI governance from that type of scrutiny. I love that. That is such a good, strong way to end this panel. I want to thank all three of you for joining me today. I know there is a lot of chatter in the chat next to us. We will get to it. I'm sure we'll have even more inspiration to have further conversations about this. We are going to be doing a webinar in, a few weeks around AI and books and records, so I will send out some information about that. But thank you David, Jennifer, and Jeremy and we will catch you next time. Bye bye. Thank you all. Cheers.