For years, financial institutions approached AI for compliance and trade surveillance functions with cautious optimism and contained experiments. That era is over.

In 2026, the center of gravity has shifted from isolated AI pilots to embedded infrastructure woven into day-to-day surveillance workflows: alert triage, investigation support, parameter calibration and reusable reporting. It’s less a bolt-on capability than an intelligent layer built into existing firm controls.

That shift comes with a more demanding set of expectations from firms and boards – and, increasingly, from supervisors. Regulators across the U.S., EU, UK and Asia-Pacific are moving beyond broad rulemaking into closer scrutiny of how AI systems are validated, governed and documented. The question is no longer whether your firm is experimenting with AI; it’s whether you can defend how it behaves.

That’s the premise of Eventus’ latest whitepaper, Operationalizing AI in Financial Compliance and Trade Surveillance. Below are seven key takeaways spanning the breadth of our research.

  1. The Four Surveillance Use Cases Where AI Delivers Real Value 

AI earns its place in surveillance when it’s embedded at high-friction points in the workflow. In our whitepaper, we identify four areas where it is most impactful: alert triage (ranking and de-duplicating alerts so analysts can focus and prioritize), investigation support (accelerating the path from flagged event to coherent narrative), parameter calibration (using outcome data to tune thresholds) and reusable reporting (producing consistent, audit-ready documentation without manual assembly). Across all four areas, the pattern holds: AI adds the most value when it supports human accountability, not when it attempts to replace it.

  1. U.S. Regulators Are Making AI Governance Examinable Terrain 

In the U.S., the SEC’s FY 2026 Examination Priorities place AI squarely inside its “Emerging Financial Technology” program, signaling that exam teams will ask how AI is governed, supervised and described to clients. FINRA directly invokes Rule 3110: if generative AI is part of a firm’s supervisory system, that system must demonstrate “integrity, reliability and accuracy.”

At the state level, NYDFS continues to stand out for translating AI governance into auditable third-party expectations. The CFTC, meanwhile, has launched a new Innovation Advisory Committee and is pushing for fit-for-purpose regulatory frameworks that account for AI’s systemic implications. Taken together, the message from U.S. regulators is consistent: existing compliance obligations apply just as forcefully to tools that happen to be powered by AI, and firms should expect ever-closer scrutiny of the controls behind them.

  1. The Global Regulatory Landscape Is Converging 

Around the world, regulators are not moving in lockstep, but they are moving in the same general direction. The EU AI Act begins imposing obligations on high-risk AI use cases in August 2026. The UK’s FCA has opened applications for a new AI Live Testing cohort, encouraging adoption within a framework that requires firms to demonstrate controls under real conditions. Singapore’s MAS published its Guidelines on AI Risk Management in late 2025, mandating board-level oversight, firmwide AI inventories and lifecycle governance. In Australia, APRA has signaled targeted supervisory engagements to assess AI risk management practices. The common thread across jurisdictions: governance, explainability and documentation are critical.

  1. Repeatable AI Isn’t Just a Best Practice – It’s a Necessity 

In surveillance, a model that performs well but can’t be explained or reproduced is operationally unacceptable. There is a sharp distinction between repeatable systems (same inputs, same outputs) and variable systems (outputs may shift as data or model state changes). When AI influences who gets investigated, what gets escalated or what gets reported, the firm must be able to demonstrate repeatability, traceability and auditability. Black boxes undermine confidence and create defensibility gaps that supervisors will find.

  1. Frank AI: Repeatable Intelligence in Practice 

Eventus built Frank, a deterministic AI interface, to answer a specific question: how can AI both benefit users and hold up in an investigation or an exam? Frank AI sits inside the Validus platform and converts plain-language queries into precise, auditable queries against clients’ existing surveillance data, not open-ended text generation. Outputs are grounded in structured data, and no client data is sent to public LLMs. In one client use case, Frank AI helped a surveillance team surface anomalous trading activity beyond one standard deviation, paired with an outlier table that narrowed focus to the handful of dates that genuinely warranted scrutiny.

  1. Most Firms Should Buy, Not Build – But the Bar for Vendors Is High

The vendor landscape has become noisier. “AI-powered” is now a default claim, not a differentiator, and Gartner projects that over 40% of agentic AI projects will be canceled by EOY 2027 due to escalating costs and inadequate risk controls. Meanwhile, building in-house forces firms to stand up real lifecycle operations – testing, change management, monitoring, documentation – on top of the baseline AI expertise most firms lack in compliance-calibrated form. Buying can compress time-to-value, but requires scrutiny: Where does the model run? What subcontractors touch the data? What’s the continuity plan? The whitepaper offers five key questions firms should ask when evaluating any AI-powered surveillance solution.

  1. The Winning Posture: Calibrated Intelligence 

Firms like Deutsche Bank and Goldman Sachs have already embraced agentic AI for trade surveillance – but even then, humans retain final authority over outcomes. The whitepaper’s closing argument: the winning posture for surveillance is calibrated intelligence. Firms that treat AI as a controlled, evidence-producing capability, rather than a fully autonomous decision-maker designed to deliver maximal automation, will be best positioned to capture durable productivity gains and maintain regulatory trust as agentic techniques mature. To approach this technology responsibly, firms must design for bounded behavior, right-size oversight to autonomy and impact, test everything and keep accountability human.

The whitepaper goes deeper on every one of these topics – including a jurisdiction-by-jurisdiction regulatory breakdown, a practical three-tier validation framework and detailed guidance on what exam-ready AI governance looks like in practice. 

Download the whitepaper here.