AI Trading Doesn't Need New Rules. It Needs Better Governance.

Wait 5 sec.

"Legal & Compliance, can we launch this?"It is probably one of the most common questions being askedinside brokerage boardrooms today.Trading Automation Is Moving from EAs to AIRobinhood has launched Agentic Accounts.eToro now allows clients to create AI-powered portfolios through a simpleconversation. ThinkMarkets has introduced ChelseaAI, enabling traders toexecute orders using natural language. AI is quickly becoming another interfacethrough which retail clients access financial markets.If I were sitting in that product approval meeting asGeneral Counsel or Chief Compliance Officer, my answer would probably be yes.Not because there are no risks, but because I'm not convinced those risks require anentirely new regulatory framework.I've long argued that artificial intelligence should beregulated through existing financial services obligations rather thanAI-specific rulebooks. Technology evolves faster than regulation ever will.Good regulation should therefore focus on outcomes, governance, andaccountability, not on the technology itself.Read more: FCA's Landmark AI Review Lands After the Agents Already ArrivedViewed through that lens, AI-enabled trading is lessrevolutionary than it first appears. Financial markets have permitted automatedexecution for decades. Traders have long deployed Expert Advisors throughMetaTrader, connected algorithms through FIX APIs, and built sophisticatedquantitative models that execute trades automatically. The principle has alwaysbeen the same: the client determines the investment strategy, while the brokerprovides access to the market.AI merely changes how those instructions are expressed andformed.Instead of writing code, the client writes in plain English.Instead of programming a strategy, they describe it conversationally. The AIsimply translates those instructions into executable orders.Assuming the investment decision continues to originate withthe client, I struggle to see why this should be viewed as an entirely newcategory of regulated activity.Fundamentals just entered the agentic era.Your agent can now read P/E ratio, market cap, 52-week range, and dividend history to shape your strategy. Live for US customers today. pic.twitter.com/CLJ1hz2Fqd— Robinhood (@RobinhoodApp) July 6, 2026Broker's Governance and Operational Risk Framework Is the KeyHence, instead of spending weeks debating artificialintelligence, I would spend my time understanding the firm's governance andoperational risk framework. Before approving the product, I would want thebusiness and engineering teams to walk me through the entire lifecycle of atrade from the client's initial prompt to the execution of the order in themarket.I would want to understand how the AI is authenticatedbefore accessing a client's account, what permissions it receives, and whetherthose permissions can be appropriately constrained. I would expect completeaudit trails capable of reconstructing the client's original instruction, theAI's interpretation, and the order ultimately executed. If a dispute arose sixmonths later, could the firm explain exactly what happened?I’d expect the business/engineering team to answer thefollowing questions. How does the product behave if the underlying modelbecomes unavailable? How are model updates governed if identical prompts beginproducing different outputs? What latency exists between instruction andexecution during periods of market stress? Have these scenarios been tested?Are they incorporated into the firm's broader operational resilience program?To me, those are far more interesting questions than whetherthe product uses artificial intelligence. More importantly, they are not newquestions.Are the Existing Rules Enough for AI?In the UK, I would naturally look to existing obligationssuch as Consumer Duty, the Senior Managers and Certification Regime,operational resilience requirements, and outsourcing expectations. The samephilosophy applies elsewhere. In the United States, I would expect firms tolook first to their existing supervisory obligations, governance arrangementslike business continuity, disaster recovery, and operational controls, beforesearching for AI-specific regulation. Firms have always been expected to supervisenew products, new technologies, and new channels of distribution. AI should beno different.That does not mean every AI product presents the same levelof risk.There is an important distinction between an AI thatexecutes a client's own instructions and one that begins recommendinginvestments or making discretionary decisions. The further a product moves awayfrom execution and toward advice, the more complex the regulatory analysisbecomes. That is why the products currently entering the market are takingdifferent approaches. Some remain execution tools. Others are beginning toexplore autonomous portfolio management.Those differences matter.But they do not change my starting point.If the business asked whether it could launch an AI-enabledtrading product tomorrow, I would probably approve it (with loads ofdisclosures, of course).I would simply remind them that regulators are unlikely toask whether the product uses artificial intelligence. They are far more likelyto ask whether the firm's governance framework was capable of supervising it.And, in my experience, that has always been the realquestion.This article was written by Aydin Bonabi at www.financemagnates.com.