Financial institutions using large language models (LLMs) should build trustworthy frameworks to prevent risks such as data leaks, bias and hallucinations, advised the European Securities and Markets Authority (ESMA).
Alongside the Alan Turing Institute, and the Institute Louis Bachelier, ESMA published a report on pathways to responsible adoption of LLMs in the finance sector, without compromising on accuracy, fairness or control in 2024.
About 85% of firms surveyed including banks, insurers and researchers, shared they were using LLMs in some way. From reading and summarising long documents, answering client questions to detecting fraud or risks and supporting ESG reporting, LLMs are being leveraged to save humans time on repetitive tasks.
Despite LLMs being a perfect match on paper for finance firms, it can also cause problems if not used carefully including:
- Human rights issues – leaking private or sensitive financial data.
- Well-being issues – giving bad advice or causing job insecurity.
- Bias – unfair or discriminatory decisions if the training data is biased.
- Poor quality – inaccurate, “hallucinated” (made-up) information or unreliable answers.
- Legal/reputational risks – breaking laws or damaging trust if clients act on wrong outputs.
As Nikhil Rathi, Chief Executive of the FCA (Financial Conduct Authority), warned, “Generative AI can affect our markets in ways and at a scale not seen before.”
The workshop highlighted two major risks tied to AI adoption in finance.
- The first is quality-of-service harm – when an AI system confidently delivers incorrect, incomplete, or misleading information.
- The second is the legal and reputational fallout that can arise when such errors occur.
In a world where a single misplaced word in a regulation can impact the outcome of a compliance review, these risks are far from theoretical, they strike at the heart of business integrity and trust.
As ESMA and the Alan Turing Institute note, “AI systems used in financial services must not only perform well but also be explainable and auditable.”
That’s precisely the gap FinregE can fill, turning regulatory compliance AI into something regulators can verify, not just a trust of faith.
From concern to control: what ESMA warns and how FinregE responds
1. Inaccurate or misleading AI outputs
The report’s top concern is “quality of service harms” which means the AI produces inaccurate, incomplete, or misleading outputs.
In finance, this could mean a misinterpreted rule, an overlooked clause, or a false assumption which can have a ripple effect across compliance decisions.
How FinregE solves this problem
FinregE’s Regulatory Insights Generator (RIG) is trained exclusively on verified legal and regulatory texts and not all web content. This means no hallucinations and no guess work. Every answer RIG provides links directly back to the source, down to the paragraph and clause-level.
RIG’s design ensures clients are provided reliable insights and answers. Our clients reported a 40% drop in audit risks after implementing FinregE’s solutions because now every output can be traced and justified.
2. Legal and reputational damage
When an LLM produces inaccurate or biased outputs, it’s not just a technical fault, it could also be a potential compliance breach.
ESMA warns poorly governed AI can lead to enforcement actions, public trust issues, and reputational harm that can take years to rebuild.
How FinregE solves this problem
FinregE embeds advanced AI into its regulatory compliance workflows. Every insight goes through a rigorous process which involves review, validation, and approval before it’s finalised.
Each action taken such as who reviewed a regulatory change, what changes have occurred, why something has changed, is automatically logged. This creates an auditable chain of accountability that meets both internal and regulatory scrutiny.
This approach prevents mistakes and builds a culture of defensibility. When a regulator asks why a particular decision was made, FinregE clients can showcase a complete audit trail to explain and demonstrate regulatory compliance.
3. Opaque third-party models and data sources
The report highlights another deep concern that most financial institutions rely on closed, general-purpose LLMs. They don’t know how these models were trained or what data shapes their answers which creates a governance blind spot, and firms can’t defend outputs that can’t be explained.
How FinregE solves this problem
FinregE’s models are domain-specific and fully transparent. Our system monitors more than 2,000 regulatory websites across 160 countries, refreshing every two hours for near real-time compliance.
Each publication is captured from the original regulator, tagged by source, and classified by topic, sector, and jurisdiction before being processed by AI.
When FinregE’s system summarises a regulation, compliance, risk and legal professionals are not reading the internet’s interpretation, they are reading structured and contextualised texts, ready to be actioned.
4. Fragmented oversight and disconnected processes
ESMA notes that many financial firms use AI tools in isolation. Compliance teams use one platform, risk another, and legal a third – without consistent oversight.
This fragmentation could mean duplicative efforts, inconsistent analysis, and gaps in accountability.
How FinregE solves this problem
FinregE integrates AI-powered horizon scanning, impact assessment, and compliance governance into a single, auditable platform.
Every regulatory change moves through defined stages: identification, triage, impact analysis, action assignment, and closure. Dashboards give executives real-time visibility into what is being reviewed, who is responsible, and what is outstanding.
This structure has driven measurable outcomes: clients have achieved a 67% reduction in manual compliance efforts and $100,000 monthly savings by replacing fragmented workflows with FinregE’s automated, end-to-end system.
5. Unchecked speed over oversight
The final risk is cultural. The ESMA report warns the drive to “move fast” with AI and innovate often outpaces internal governance and policy controls. As a result, financial institutions risk becoming technology adopters without proper governance standards in place.
How FinregE solves this problem
FinregE helps firms scale across multiple jurisdictions safely. Our platform allows rapid adoption of regulatory compliance AI while maintaining rigorous oversight. Each AI-generated insight sits within a controlled workflow and is reviewed by human experts before decisions are made.
This human-in-the-loop model ensures speed never sacrifices regulatory compliance.
Responsible AI in practice
ESMA and the Alan Turing Institute structured their workshop around five principles of responsible AI adoption: robustness, data dependency, security, fairness, and accountability.
Here’s how FinregE brings each one to life.
- Robustness
AI in finance must perform reliably across jurisdictions, languages, and regulatory types. FinregE’s AI regulatory compliance platform is trained on structured, regulator-sourced data which is continuously validated through automated testing and client feedback. Each update is version-controlled, ensuring consistent, repeatable accuracy every single time.
- Data dependency and asymmetry
The report highlighted the imbalance between the firms building AI tools and those supplying the data. FinregE flips that dynamic by grounding all intelligence in publicly available, regulator-owned data, captured directly from source. We don’t depend on third-party datasets or hidden intermediaries; clients can trace every insight and regulatory update back to its original source.
- Security and privacy
FinregE is built for sensitive data environments. Hosted securely on Microsoft Azure, it is ISO 27001, FSQS, and Cyber Essentials Plus certified, and compliant with GDPR and EBA/ESMA cloud outsourcing guidelines. Data is encrypted for safety and never leaves a controlled client’s instance.
- Fairness and bias
FinregE’s AI avoids cultural or demographic bias because it is trained on legal and regulatory text and not unstructured social or general data. Models are tested for consistency across jurisdictions to ensure the same rule is treated with the same logic, no matter where it originates from.
- Accountability and explainability
FinregE’s explainable-AI foundation means every output can be traced back to both its data source and human reviewer. Each decision is recorded, and each action is attributed. This creates a transparent and accountable loop that supports internal governance and external audits, precisely what the report defines as responsible deployment.
Turn caution into confidence with FinregE
ESMA’s report urges FIs to adopt LLMs responsibly and safely. It calls for high standards, transparency, and accountability frameworks that allow firms to innovate without losing regulatory integrity.
This is where FinregE can help.
Our regulatory compliance technology reads rues the same way regulators do – verbatim, verifiable, and in real time and transforms them into structured, actionable intelligence.
No hallucinations. No hidden models. No governance gaps.
Book a demo today.
