AI Trading Doesn't Need New Rules. It Needs Better Governance.

Tuesday, 07/07/2026 | 11:00 GMT by Aydin Bonabi
  • AI trading doesn't need a new rulebook. Strong governance, audit trails, operational resilience and accountability matter more than the technology itself.
  • The real compliance challenge isn't AI—it's supervision. Firms must prove they can control, monitor and explain every AI-driven trade from prompt to execution.
AI in trading

"Legal & Compliance, can we launch this?" It is probably one of the most common questions being asked inside brokerage boardrooms today.

Trading Automation Is Moving from EAs to AI

Robinhood has launched Agentic Accounts. eToro now allows clients to create AI-powered portfolios through a simple conversation. ThinkMarkets has introduced ChelseaAI, enabling traders to execute orders using natural language. AI is quickly becoming another interface through which retail clients access financial markets.

If I were sitting in that product approval meeting as General Counsel or Chief Compliance Officer, my answer would probably be yes. Not because there are no risks, but because I'm not convinced those risks require an entirely new regulatory framework. I've long argued that artificial intelligence should be regulated through existing financial services obligations rather than AI-specific rulebooks. Technology evolves faster than regulation ever will. Good regulation should therefore focus on outcomes, governance, and accountability, not on the technology itself.

Read more: FCA's Landmark AI Review Lands After the Agents Already Arrived

Viewed through that lens, AI-enabled trading is less revolutionary than it first appears. Financial markets have permitted automated execution for decades. Traders have long deployed Expert Advisors through MetaTrader, connected algorithms through FIX APIs, and built sophisticated quantitative models that execute trades automatically. The principle has always been the same: the client determines the investment strategy, while the broker provides access to the market. AI merely changes how those instructions are expressed and formed.

Instead of writing code, the client writes in plain English. Instead of programming a strategy, they describe it conversationally. The AI simply translates those instructions into executable orders. Assuming the investment decision continues to originate with the client, I struggle to see why this should be viewed as an entirely new category of regulated activity.

Broker's Governance and Operational Risk Framework Is the Key

Hence, instead of spending weeks debating artificial intelligence, I would spend my time understanding the firm's governance and operational risk framework. Before approving the product, I would want the business and engineering teams to walk me through the entire lifecycle of a trade from the client's initial prompt to the execution of the order in the market.

I would want to understand how the AI is authenticated before accessing a client's account, what permissions it receives, and whether those permissions can be appropriately constrained. I would expect complete audit trails capable of reconstructing the client's original instruction, the AI's interpretation, and the order ultimately executed. If a dispute arose six months later, could the firm explain exactly what happened?

I’d expect the business/engineering team to answer the following questions. How does the product behave if the underlying model becomes unavailable? How are model updates governed if identical prompts begin producing different outputs? What latency exists between instruction and execution during periods of market stress? Have these scenarios been tested? Are they incorporated into the firm's broader operational resilience program?

To me, those are far more interesting questions than whether the product uses artificial intelligence. More importantly, they are not new questions.

Are the Existing Rules Enough for AI?

In the UK, I would naturally look to existing obligations such as Consumer Duty, the Senior Managers and Certification Regime, operational resilience requirements, and outsourcing expectations. The same philosophy applies elsewhere. In the United States, I would expect firms to look first to their existing supervisory obligations, governance arrangements like business continuity, disaster recovery, and operational controls, before searching for AI-specific regulation.

Firms have always been expected to supervise new products, new technologies, and new channels of distribution. AI should be no different.

That does not mean every AI product presents the same level of risk. There is an important distinction between an AI that executes a client's own instructions and one that begins recommending investments or making discretionary decisions. The further a product moves away from execution and toward advice, the more complex the regulatory analysis becomes. That is why the products currently entering the market are taking different approaches. Some remain execution tools.

Others are beginning to explore autonomous portfolio management. Those differences matter. But they do not change my starting point. If the business asked whether it could launch an AI-enabled trading product tomorrow, I would probably approve it (with loads of disclosures, of course). I would simply remind them that regulators are unlikely to ask whether the product uses artificial intelligence. They are far more likely to ask whether the firm's governance framework was capable of supervising it.

And, in my experience, that has always been the real question.

"Legal & Compliance, can we launch this?" It is probably one of the most common questions being asked inside brokerage boardrooms today.

Trading Automation Is Moving from EAs to AI

Robinhood has launched Agentic Accounts. eToro now allows clients to create AI-powered portfolios through a simple conversation. ThinkMarkets has introduced ChelseaAI, enabling traders to execute orders using natural language. AI is quickly becoming another interface through which retail clients access financial markets.

If I were sitting in that product approval meeting as General Counsel or Chief Compliance Officer, my answer would probably be yes. Not because there are no risks, but because I'm not convinced those risks require an entirely new regulatory framework. I've long argued that artificial intelligence should be regulated through existing financial services obligations rather than AI-specific rulebooks. Technology evolves faster than regulation ever will. Good regulation should therefore focus on outcomes, governance, and accountability, not on the technology itself.

Read more: FCA's Landmark AI Review Lands After the Agents Already Arrived

Viewed through that lens, AI-enabled trading is less revolutionary than it first appears. Financial markets have permitted automated execution for decades. Traders have long deployed Expert Advisors through MetaTrader, connected algorithms through FIX APIs, and built sophisticated quantitative models that execute trades automatically. The principle has always been the same: the client determines the investment strategy, while the broker provides access to the market. AI merely changes how those instructions are expressed and formed.

Instead of writing code, the client writes in plain English. Instead of programming a strategy, they describe it conversationally. The AI simply translates those instructions into executable orders. Assuming the investment decision continues to originate with the client, I struggle to see why this should be viewed as an entirely new category of regulated activity.

Broker's Governance and Operational Risk Framework Is the Key

Hence, instead of spending weeks debating artificial intelligence, I would spend my time understanding the firm's governance and operational risk framework. Before approving the product, I would want the business and engineering teams to walk me through the entire lifecycle of a trade from the client's initial prompt to the execution of the order in the market.

I would want to understand how the AI is authenticated before accessing a client's account, what permissions it receives, and whether those permissions can be appropriately constrained. I would expect complete audit trails capable of reconstructing the client's original instruction, the AI's interpretation, and the order ultimately executed. If a dispute arose six months later, could the firm explain exactly what happened?

I’d expect the business/engineering team to answer the following questions. How does the product behave if the underlying model becomes unavailable? How are model updates governed if identical prompts begin producing different outputs? What latency exists between instruction and execution during periods of market stress? Have these scenarios been tested? Are they incorporated into the firm's broader operational resilience program?

To me, those are far more interesting questions than whether the product uses artificial intelligence. More importantly, they are not new questions.

Are the Existing Rules Enough for AI?

In the UK, I would naturally look to existing obligations such as Consumer Duty, the Senior Managers and Certification Regime, operational resilience requirements, and outsourcing expectations. The same philosophy applies elsewhere. In the United States, I would expect firms to look first to their existing supervisory obligations, governance arrangements like business continuity, disaster recovery, and operational controls, before searching for AI-specific regulation.

Firms have always been expected to supervise new products, new technologies, and new channels of distribution. AI should be no different.

That does not mean every AI product presents the same level of risk. There is an important distinction between an AI that executes a client's own instructions and one that begins recommending investments or making discretionary decisions. The further a product moves away from execution and toward advice, the more complex the regulatory analysis becomes. That is why the products currently entering the market are taking different approaches. Some remain execution tools.

Others are beginning to explore autonomous portfolio management. Those differences matter. But they do not change my starting point. If the business asked whether it could launch an AI-enabled trading product tomorrow, I would probably approve it (with loads of disclosures, of course). I would simply remind them that regulators are unlikely to ask whether the product uses artificial intelligence. They are far more likely to ask whether the firm's governance framework was capable of supervising it.

And, in my experience, that has always been the real question.

About the Author: Aydin Bonabi
Aydin Bonabi
  • 4 Articles
  • 1 Follower
About the Author: Aydin Bonabi
A regulatory lawyer with hands-on experience at FXCM and Rabobank, I’ve spent my career inside the fast-moving FX/CFD world. Seeing firsthand how compliance challenges slow businesses down, I built Surveill—an AI-powered solution that bridges law, technology, and operational efficiency.
  • 4 Articles
  • 1 Follower

More from the Author

Retail FX

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}