Regulation & AI·White paper

Why the AI Act strengthens Risk & Compliance functions

Since the European regulation came into force, financial institutions have been searching for someone to own AI governance. Most are looking in the wrong place.

The reflex is almost universal. A new regulation arrives, it concerns artificial intelligence, so there must be a head of AI. Since the AI Act's first deadlines, general managements across banking and insurance have opened searches for a Chief AI Officer — a new, transverse function expected to carry the organisation's regulatory compliance on its own.

It is an org-chart error. And a costly one, because it creates a responsibility without a real mandate, alongside the frameworks already doing the work.

What the AI Act actually says

The European regulation does not reason by job title, but by level of risk. High-risk AI systems — and credit scoring and insurance pricing are among them — fall under requirements financial institutions already master: mapping, documentation, human oversight, data quality, model auditability.

In other words: risk governance, permanent control, and regulatory compliance. These are not the remit of a new, isolated function. They are, precisely, those of the Risk and Compliance functions.

AI governance does not create a discipline. It reveals one — and it already exists.

The real consequence for org charts

The organisations that succeed in their compliance will not be those that added a box to the org chart. They will be those that strengthened their Risk and Compliance functions with a new generation of profiles: hybrid leaders, able to hold regulation and data together.

  • A Chief Risk Officer who understands model risk as well as credit risk.
  • A Chief Compliance Officer who reads an AI system as they read an anti-money-laundering framework.
  • Teams able to document and supervise models that can no longer be delegated blindly.

These profiles are rare. Which is precisely why they are not found through job ads, but through direct approach — and why the way an institution recruits them becomes, itself, a matter of governance.