The constraint AI actually removes
The conversation about AI in wealth management has settled too quickly on the wrong headline. Most of it is about advice: copilots that draft suitability letters, summarise client meetings, take a few minutes off the adviser's day. That work is real and it is welcome. It is also not the deep change. The deeper function is compliance, and it is the most transformational because it removes a constraint that has defined the discipline for years.
Compliance has always run on sampling. A firm reviews two or five percent of files or financial promotions, because that is all human bandwidth ever allowed, and it extrapolates from there. We dressed that up as methodology, but it was never really a methodology. It was rationing. AI built for compliance ends the rationing. A firm can move from sampling to full coverage and check every case against its own criteria. That is not the same activity done faster. It changes the statistical basis of the control itself.
The cost backdrop is what makes this matter. UK financial services firms spend more than £33.9 billion a year on regulatory compliance, over 13% of operating costs on average, according to PwC and TheCityUK. The average advice firm spends around 13 hours every week on compliance activities, more than two months of the working year. When a control is that expensive and still only touches a fraction of cases, "review more, faster" is the wrong ambition. Reviewing everything is the point.
Sampling was never really a choice. It was a rationing mechanism dressed up as methodology.
Two products wearing one label
The mistake I see the market making is bundling advice tools and compliance tools and selling them as a single "AI for wealth" proposition. They are different products, solving different problems, with completely different risk profiles.
The advice tools are assistive and low stakes. A human reads the drafted note, rewrites it, and catches a mistake in seconds. The compliance tools touch regulated determinations. They demand a far higher standard of auditability and control, because the cost of a quiet error is not an awkward client email, it is a bad outcome that surfaces months later in a complaint or a review.
A firm that buys the productivity layer and assumes it has therefore dealt with its compliance exposure has in fact dealt with neither properly. It has bought convenience and told itself it bought control. Those are separate purchases, and only one of them is the thing a regulator will test.
A firm that buys the productivity layer and assumes it has dealt with its compliance exposure has in fact done neither properly.
Auditability is a design choice, not a model property
What a regulator wants is not clever output. It is reproducibility and an evidence trail: which document, which clause, which rule, what the system flagged, and who reviewed it. The firms that are exposed are not the ones that adopted AI. They are the ones that cannot reconstruct what their AI did when a regulator or an ombudsman asks. That gap is a design choice. It is not a property you can extract from the model after the fact.
Financial promotions make the point concrete. In 2024 the FCA had 19,766 promotions amended or withdrawn, a 97.5% increase on the year before. As the channels multiplied, human review did not keep pace, and the gap showed up in the numbers. The old workflow, marketing drafts an asset and compliance reviews it across a scatter of email threads, was already straining. A compliance system that reads every promotion, checks it against the rules, and produces the audit trail on demand is a different kind of control.
The regulator is signalling where this goes. The FCA, in its Mills Review into the long-term impact of AI on retail financial services, has begun naming AI assurance platforms that monitor and audit AI systems as part of the future landscape. When the supervisor starts describing the assurance layer, that is a strong hint about what it will expect firms to have.
The firms that are exposed are not the ones that adopted AI, but those that cannot reconstruct what their AI did when a regulator asks.
Keep the model out of the decision seat
There is a clean way to hedge the risk of putting AI near client data and regulated judgments, and it is architectural. You refuse to put the frontier model in the decision seat. This is the other reason bundling is a mistake. A productivity tool is forgiving, because a human catches a hallucination in seconds. A compliance tool is not forgiving, because its output is a regulated judgment. That is exactly why it needs deterministic checks and a full audit trail around the model, rather than trust placed in the model itself.
The regulatory direction supports this reading. The UK and EU are both landing on outcomes and accountability rather than prescription. The UK has made the right call in resisting a separate AI rulebook; a bespoke statute would be obsolete inside two years, given how fast the models move. Even in Brussels, the high-risk obligations of the EU AI Act have now been pushed back to December 2027. That tells you the architects of the strictest regime think it needs more room for adoption. Regulate the outcomes, keep a named human accountable, and let the mechanism move underneath.
You hedge the risk by refusing to put the frontier model in the decision seat.
What this means for a wealth firm
If your AI plan for the next year is a productivity layer for advisers, that is a fine thing to buy, but be honest about what it is. It is convenience, not control. The compliance question is separate, and it is the one that gets tested.
Ask three things of any compliance tool. Does it move you from sampling to full coverage, or does it just make sampling faster? Can it reconstruct every determination on demand, down to the document, the clause, the rule, the flag and the reviewer? And is the model kept out of the final decision, with deterministic checks and a human at the accountable point? Get those three right and compliance stops being the tax on growth it has always been. It becomes the thing that lets a firm grow without its risk growing in step. That is the symbiosis worth building, and it is closer than the advice headlines suggest. If that is the version of AI you want in your business, it is the conversation we have every day.
- 01PwC and TheCityUK — the true cost of compliance
- 02FCA — financial promotions data 2024
- 03Money Marketing — average advice firm spends 13 hours a week on compliance
- 04FCA — Mills Review into the long-term impact of AI on retail financial services
- 05Hogan Lovells — EU legislators agree to delay high-risk AI rules
AI in mortgage compliance: oversight first, speed follows
AI in mortgage compliance is the use of artificial intelligence to check mortgage case files against regulatory rules, flagging issues for a human to approve before the lender decides. Lenders are racing to put AI into underwriting for speed, but brokers named compliance checking the bigger prize: unsupervised, unauditable AI just reaches the wrong answer quicker.
AnnouncementCurvestone and OMS: compliance checking for every mortgage case
The OMS Curvestone integration checks every mortgage case submitted in OMS for completeness, consistency and compliance, flagging issues to the firm's case checker inside the existing case journey. That deployment model is the point: coverage only reaches 100% when the check runs inside the workflow, not in a separate portal.

Dawid Kotur
CEO and co-founder, Curvestone
Dawid co-founded Curvestone in 2024 after a decade working at the intersection of financial services and applied machine learning. He writes about the strategic direction of regulated-industry AI, the FCA's evolving approach to model risk, and the operational changes UK lenders are making in response to Consumer Duty. He sits on the FCA Smart Data Accelerator advisory cohort.
LinkedIn