Until recently, most AI tools in finance acted as assistants, helping to draft reports, analyse trends or automate repetitive tasks. We are now seeing the emergence of agentic AI systems that not only support work but also carry it out. As AI agents begin to interact directly with platforms through application programming interfaces (APIs), the traditional user interface becomes less central, changing where value sits and raising new questions about control.
This has significant implications. If an AI system initiates a transaction, adjusts a forecast or flags a risk, who ultimately owns that risk?
Many assume that professional indemnity or director’s liability insurance cover will absorb the risk, but responsibility for decisions made using AI rests with the organisation, not the algorithm. At the same time, traditional insurance cover is becoming less reliable as a safety net. AI exclusions are appearing and, in some cases, depend on whether an output is treated as professional advice or a technology service.
AI raises questions that governance and professional practice are not yet equipped to answer
In 2022, the Dutch Tax and Customs Authority discovered this to their cost, receiving a fine of €3.7m after introducing an algorithmic fraud detection system without clear rules governing how it made decisions, audit trails that officials could explain to affected families, or a mechanism for citizens to challenge why they had been flagged. When something goes wrong, ‘the system said so’ will not withstand scrutiny.
Data foundations
Many of these problems originate much earlier in the process, in the quality and structure of the underlying data infrastructure. Cloud-based platforms, API-driven integrations and modular ‘composable’ systems relied upon by finance functions depend on data moving freely across systems. However, in reality, legacy systems, siloed datasets and inconsistent definitions mean teams must spend time extracting and reconciling data before they can use it. Without common standards, clear documentation and interoperability, the benefits of advanced technologies remain limited, regardless of the platform you choose to invest in.
Standards such as XBRL show what good looks like. Consistent definitions and structured data enable processing, comparison and auditing of information at scale. This may sound technical, but it is fundamental to building a trustworthy data infrastructure. Standardised, interoperable data reduces friction, improves transparency and gives organisations greater confidence in the systems and decisions built on it.
The ODI’s framework for AI-ready data is a good starting point for understanding a dataset’s AI-readiness across a set of key components: technical optimisation for machine learning; overall quality and adherence to standards; legal compliance; and responsible collection. Together, these encompass a dataset’s ethical and regulatory compliance, as well as its ease of use for technical practitioners, and governance and regulatory bodies.
Governance falls behind
The shift to agentic AI raises fundamental questions about accountability that governance and professional practice are not yet equipped to answer. Reviews have already found that firms struggle to explain model outputs and have gaps in governance and control. Finance professionals need to understand not just what a system recommends, but why – particularly in regulated environments where the ability to explain a decision is becoming as important as the decision itself.
Around 13% of data uploaded to cloud applications is sensitive corporate information
Although most organisations have data-loss prevention policies in place, many breaches are still caused by people rather than technology. Staff use workarounds, bypass processes or adopt tools that sit outside approved systems. In many cases, they are simply trying to use the same AI tools that save them time in everyday life at work.
However, without an understanding of the risks involved, employees often use AI tools outside formal governance structures and sometimes upload sensitive data to less secure, free platforms. Samsung encountered this in 2023 when staff uploaded source code and internal meeting notes to ChatGPT. Despite cautionary tales like this, around 13% of data uploaded to cloud applications is still sensitive corporate information.
The tools available for financing are developing at a revolutionary pace, but the responsibilities remain unchanged. And while AI can generate answers quickly, it does not guarantee that those answers are correct or appropriate. The ability to question and interpret outputs is not a soft skill; it is becoming the most critical professional capability in the field.
Addressing all this requires more than just internal policy documents. Trust has to be built into systems from the start, with clear rules for data use, controlled and transparent access, and the ability to trace and explain decisions from beginning to end. Users at all levels of the business also need the skills to explain not only what their systems do but why they can be relied upon.
For finance professionals, four questions are worth holding in mind:
- If a client or regulator asked you to explain an AI-influenced decision, could you do so clearly and confidently?
- Do you understand how your insurance policies treat AI-related risks and where exclusions may apply?
- Can you trace the data that feeds into your key financial outputs from source to decision?
- Do your teams have the skills to effectively question and challenge AI outputs?
Being clear about ownership of risk is a relatively new and fast-growing imperative.