Client Hub Contact us
Insights breadcrumb-arrow AI governance in fund...

AI governance in fund operations: Building trust in automation

02 Jul 2026 Article
Full width image

An AI agent resolved an exception in your reconciliation workflow at 3am. It produced a plausible, well-documented explanation. It was wrong. How do you find out, and how quickly?

The conversation about AI in asset servicing typically focuses on capability and implementation: what the technology can do, how it works, where it delivers value. These discussions matter, but they miss the element that ultimately determines whether AI deployment succeeds or fails: trust.1

Without trust, even the most sophisticated AI sits unused or generates constant second-guessing that negates its efficiency benefits. Building that trust requires more than demonstrating technical capability. It requires governance frameworks that address how AI operates within the specific context of fund operations, where accuracy, auditability and regulatory compliance aren’t optional features.

Why governance matters differently in financial operations

Governance around AI isn’t purely a compliance exercise.2 It’s the foundation that enables operational teams to rely on AI decisions, regulators to understand how processes function and senior management to take accountability for automated operations.

Asset servicing presents particular governance challenges. Financial operations carry direct consequences for client assets, regulatory standing and institutional reputation. An error in reconciliation doesn’t just create operational inconvenience. It potentially affects reported NAV, client positions and regulatory filings. The stakes demand governance commensurate with the risks.

Traditional operational governance relies on documented procedures, segregation of duties, maker-checker controls and audit trails showing who did what and when. AI introduces complexity because results emerge from algorithms rather than human judgement following explicit rules.3 The question becomes how to maintain equivalent rigour when the operative is an AI agent rather than an operations professional.

The answer isn’t preventing AI from acting. It’s creating governance frameworks that provide appropriate oversight whilst preserving the efficiency benefits that justify AI deployment. Get this balance wrong in either direction and you either constrain AI to the point of uselessness or create operational risk that eventually manifests in errors, regulatory issues or client impact.

What AI governance means in practice

Effective AI governance addresses several distinct dimensions that together create confidence in automated operations.

Data handling and privacy. AI agents accessing operational data must operate within appropriate data governance. What data can agents access? How is sensitive information protected? How are data processing activities logged? These aren’t purely technical questions. They sit at the intersection of operational necessity, regulatory requirement and risk management.

Deterministic versus probabilistic outputs: the hallucination risk. Traditional automation follows fixed rules, always producing the same output from the same input. AI works differently, generating responses from learned patterns rather than explicit instructions. This means answers can vary and occasionally be wrong in non-obvious ways, a risk known as hallucination that governance frameworks must address directly.

For fund operations teams, the implication is clear. A reconciliation system either matches a position or flags a break. An AI tool interpreting a regulatory document is doing something closer to reasoning, and that reasoning can produce plausible-sounding errors that clear initial review unchallenged. Good governance means identifying which tasks AI can handle safely, which warrant human review, and ensuring staff understand the difference between a rules-based system and one making its best judgement. In practice, this means embedding that distinction into training, escalation design and how outputs are presented, so that staff can recognise when they are validating a match versus scrutinising an inference.

Decision authority and escalation boundaries. Every AI agent requires clear definition of what it can progress autonomously and what requires human involvement.4 In reconciliation processes, an agent might resolve standard breaks independently but escalate when discrepancies exceed certain thresholds or involve unfamiliar patterns. The governance question is how these boundaries get defined, who approves them and how they evolve as the AI learns.

This differs from traditional automation where rules remain static until deliberately changed. AI agents adapt based on experience, which creates governance challenges around when adaptation represents legitimate learning versus unintended drift from approved parameters.

Explainability and decision traceability. When an AI agent resolves an exception or completes a workflow, the logic behind its actions must be traceable.5 Not just that it performed a task, but why it determined that specific approach was appropriate.

This serves multiple purposes. Operations teams need to verify that AI actions and workflow align with operational understanding. Auditors require evidence that processes functioned correctly. Regulators need assurance that appropriate controls existed. When issues arise, investigation requires reconstructing what the AI determined and why.

The technical implementation of explainability matters less than the operational outcome. Can someone reviewing the AI’s action understand the outcome? Can they validate it was appropriate? Can patterns of decisions be analysed to identify potential issues before they become problems?

Human oversight models. AI governance must define how humans oversee AI operations without creating bottlenecks that eliminate efficiency benefits. This isn’t about checking every AI decision, which defeats the purpose of automation. It’s about monitoring AI behaviour patterns, reviewing samples of decisions, investigating anomalies and intervening when necessary.6

Effective oversight balances confidence and vigilance. Teams need sufficient visibility to trust the AI whilst maintaining enough distance to preserve efficiency. The governance framework defines what oversight occurs, how frequently, by whom and what triggers deeper investigation.

Change control and model evolution. AI agents improve through learning, but that learning must occur within controlled parameters. Governance frameworks need to address how AI capabilities can evolve, what approvals are required for changes, how testing occurs before deployment and how changes are documented.

This becomes particularly important as AI agents handle increasingly complex tasks. An agent that initially handles straightforward reconciliations might, through learning, become capable of resolving progressively complex scenarios. The governance framework determines how this capability expansion occurs: gradually with oversight, or through discrete approved changes.

Regulatory considerations

Regulatory frameworks increasingly address AI in financial services, though specific requirements continue to evolve.7 Governance frameworks must anticipate regulatory expectations even where explicit rules don’t yet exist.

Several principles appear likely to underpin regulatory approaches regardless of specific jurisdictions. Accountability remains with the institution deploying AI, not the technology provider. Senior management cannot delegate accountability for operations to algorithms.8 Under frameworks such as the FCA’s Senior Managers and Certification Regime, accountability for operational processes already sits with named individuals. AI does not change that principle; it complicates how those individuals can satisfy themselves that the processes they own are functioning correctly.

Proportionality matters. Regulatory expectations will likely vary based on the nature of the tasks that AI undertakes. An agent handling routine data validation or quality checks faces different scrutiny than one making valuation determinations. Governance frameworks should reflect this proportionality, applying rigour appropriate to risk.

Documentation requirements extend beyond what AI does to how it operates and how its deployment was approved. Regulators will expect evidence that appropriate due diligence occurred, testing was adequate, ongoing monitoring exists and governance operates effectively.

Building operational confidence

The ultimate test of AI governance isn’t regulatory compliance. It’s whether operational teams trust AI enough to rely on it whilst maintaining appropriate scepticism. This balance determines whether AI deployment succeeds operationally.

Trust develops progressively through demonstrated reliability. Early AI deployments benefit from conservative scope definitions and intensive oversight. As confidence builds through consistent performance, scope can expand and oversight can become less intensive whilst remaining rigorous.

Transparency about limitations matters as much as demonstrating capability. AI agents that clearly acknowledge uncertainty and escalate appropriately build more trust than those that project false confidence. Operational teams need to understand not just what AI can do but what it cannot or should not attempt.

Error handling reveals governance quality. When AI makes mistakes, and it will, the governance framework determines whether those errors get identified quickly, investigated thoroughly, learned from and prevented from recurring. The servicers who build confidence in AI won’t be those claiming perfection. They’ll be those demonstrating systematic improvement.

Communication about AI operations crosses multiple audiences. Operations teams need practical understanding of how to work with AI effectively. Management needs visibility into AI performance and governance. Auditors require evidence of controls. Clients increasingly ask about AI use in their service delivery. The governance framework should address how AI operations get explained to each audience appropriately.

Implementation realities

The hardest part of AI governance isn’t designing it. It’s keeping it honest over time.

Start with bounded scope: a single reconciliation workflow, a specific exception type, one client’s reporting process. Not because ambition should be limited, but because governance frameworks need to be stress-tested against real operational behaviour before they carry weight. 9 A pilot reveals where escalation boundaries were drawn in the wrong place, where confidence thresholds need recalibrating, where the handoff between agent and human creates friction rather than relieving it. That learning cannot happen in a design workshop.

But the more uncomfortable question is what happens after the pilot succeeds and deployment scales. Governance frameworks are written by people who understood the system at a point in time. The agents they govern keep learning. The operational context keeps changing. New instrument types arrive. New clients bring new requirements. Regulatory expectations shift. A governance framework that was well-designed at launch becomes quietly out of date, and nobody notices until something goes wrong.

This is why governance frameworks themselves need governance. Someone must own the question of whether the rules still fit the system they are governing. That review needs a cadence, a mandate and cross-functional input: operations, risk, compliance and technology together, not technology alone writing rules that operations then inherit. 10 The firms that get this right treat AI governance as a live operational discipline, not a document produced at deployment and filed.

Trust in AI isn’t declared. It’s accumulated: through consistent performance, honest escalation, visible reasoning and governance that demonstrably works. The asset servicers who build it carefully, starting with the right scope and maintaining it with the right discipline, will find that trust becomes a competitive asset. Clients ask about it. Regulators notice it. And operationally, it is what allows automation to expand from a pilot into something that genuinely changes how the business runs.

This article is part of our asset servicing insight series

Citations

1 Only 31% of Luxembourg firms believe clients see them as customer-centric; 57% acknowledge need for improvement. EY Benchmarking 2025, p.12

2 Top AI challenges shifted from technical integration (2023) to regulatory/legal hurdles (62%) and data quality (54%) in 2025. Deloitte 2025 AS Survey, pp.29–30

3 EU AI Act will require documentation, testing and risk classification of AI in financial services. EY Top 5 Trends, p.6

4 46% have dedicated AI/innovation teams; firms actively investing in AI governance and compliance frameworks. Deloitte 2025 AS Survey, pp.27–30

5 64% use quantitative and 57% qualitative metrics to measure AI. 61% of Luxembourg firms still track KPIs manually. Deloitte 2025 AS Survey, pp.29–30; EY Benchmarking 2025, p.17

6 EY: AI should “enhance and not replace human oversight.” Deloitte places human-in-the-loop augmentation as the production-ready tier. EY Top 5 Trends, p.7; Deloitte 2025 AS Survey, pp.25–26

7 Regulation was 0% concern in 2023; now 62% cite it as #1 AI challenge. EU AI Act expected by 2026. Deloitte 2025 AS Survey, pp.29–30; EY Top 5 Trends, p.6

8 CDO reporting lines vary (26% to COO/CEO, 30% to CIO/CTO) — accountability structures still unsettled. EY Benchmarking 2025, p.9

9 62% running pilots, 0% at “extensive” use. Phased approach prioritises accuracy and reliability before scaling. Deloitte 2025 AS Survey, pp.25–26

10 Firms investing across governance, data controls and upskilling simultaneously — 79% training internally, 50% via external partnerships. Deloitte 2025 AS Survey, pp.27–30

Sign up for updates
Subscribe to our newsletter for the latest content on data strategy and the investment world.

Subscribe Form