Regulators worldwide are increasingly focusing on the governance of artificial intelligence (AI) in banking, emphasizing the role of quality assurance (QA) and software testing in ensuring compliance. The evolving landscape of AI oversight highlights that regulators are not outright banning AI use; rather, they are demanding that banks demonstrate the control, testability, and accountability of their AI systems. This growing regulatory emphasis has placed QA teams at the forefront of compliance efforts.
The European Union’s AI Act stands as a landmark initiative in global AI regulation, establishing a risk-based framework applicable across multiple sectors, including banking. Many financial services applications, such as creditworthiness assessments and fraud detection, are classified as high risk under this Act. Consequently, high-risk systems face stringent requirements related to risk management, data governance, human oversight, robustness, and post-market monitoring. For QA teams, this translates into an expanded definition of testing, which now encompasses validating training data quality, assessing for bias and drift, and monitoring system behavior over time.
However, a disconnect exists between regulatory ambitions and the technical realities of AI systems. As noted by Jennifer J.K., “AI systems, especially LLMs, compress information in fundamentally non-invertible ways,” making complete transparency challenging. This places QA teams in a unique position, tasked with operationalizing regulatory expectations that are still in flux. They must convert broad legal directives into concrete testing strategies and metrics, producing evidence that regulators can scrutinize.
The shift from policy to practical governance is evident as regulators recognize that frameworks alone cannot ensure compliance. A growing emphasis on lifecycle controls reflects the understanding that the most significant risks often surface post-deployment as AI systems evolve and interact with new data. The World Economic Forum has underscored this point, stressing the need for continuous testing and monitoring, as static test cases become insufficient when AI behaviors may change over time. Jennifer Gold, CISO at Risk Aperture, emphasized the necessity for boards to have visibility into AI systems, which increasingly relies on testing outputs to demonstrate real-world performance.
In the UK, the Financial Conduct Authority (FCA) has adopted an innovative approach, opting for real-world testing of AI systems rather than issuing prescriptive rules. Ed Towers, head of advanced analytics and data science at the FCA, explained that this method provides a structured yet flexible environment for firms to trial AI-driven services under regulatory oversight. This shift signifies a move away from traditional QA practices, where documentation was submitted post-development, toward a model where AI behavior must be demonstrated under live conditions.
The FCA aims to facilitate innovation while avoiding “POC paralysis,” helping firms transition from perpetual pilots to operational AI systems. Towers clarified that the FCA’s focus extends to the entire AI ecosystem, encompassing the model, deployment context, core risks, governance frameworks, and human oversight. This comprehensive definition resonates with how QA teams approach system evaluation, reinforcing the expectation that governance must be grounded in observable behaviors.
Meanwhile, Singapore’s regulators are adopting a complementary stance emphasizing human-centricity and transparency without imposing rigid rules. S. Iswaran, Singapore’s communications minister, highlighted the country’s commitment to developing cutting-edge AI governance, which hinges on global collaboration and feedback. This focus on fairness and explainability directly informs testing methodologies, aligning governance with engineering disciplines.
As accountability for AI systems increasingly shifts to the boardroom, organizations must ensure robust testing mechanisms are in place. David Cass’s assertion that “you can never outsource your accountability” underscores the importance of reliable QA practices. Testing artifacts now serve as crucial evidence for regulators and boards alike, informing risk assessments and strategic decisions regarding AI systems.
The overarching theme emerging from various jurisdictions is clear: regulators are not expecting QA teams to become legal experts; rather, they are tasked with making governance tangible. Testing serves as the critical layer where principles of robustness, fairness, and accountability are realized. When AI systems cannot be effectively monitored or tested, they risk becoming regulatory liabilities, prompting banks to invest heavily in enhanced testing capabilities, model monitoring, and quality engineering. This trend reflects a recognition that consistent evidence of AI governance is paramount in navigating the regulatory landscape.
As the series continues, the final installment will delve into the global implications of AI governance in quality assurance, examining the responses of major international banking groups and highlighting the framing of AI risk as a systemic issue that demands rigorous testing rather than mere documentation.
See also
OpenAI’s Rogue AI Safeguards: Decoding the 2025 Safety Revolution
US AI Developments in 2025 Set Stage for 2026 Compliance Challenges and Strategies
Trump Drafts Executive Order to Block State AI Regulations, Centralizing Authority Under Federal Control
California Court Rules AI Misuse Heightens Lawyer’s Responsibilities in Noland Case
Policymakers Urged to Establish Comprehensive Regulations for AI in Mental Health
