IOSCO ¦ Final Report: Supervisory Toolkit for AI Use in Capital Markets

IOSCO’s AI Supervisory Toolkit Signals a New Phase in Market Surveillance

IOSCO’s new Supervisory Toolkit for AI Use in Capital Markets marks an important shift in how regulators are expected to oversee artificial intelligence in financial markets. Rather than treating AI as a distant innovation topic, the report frames it as an active supervisory issue with direct implications for investor protection, market integrity, and financial stability.

AI is no longer confined to pilots or experimental projects. Financial firms are increasingly deploying it in fraud detection, compliance, client engagement, risk management, trading support, and portfolio optimization. At the same time, the technology is becoming more capable, more opaque, and more deeply embedded in business-critical functions. That combination creates a supervisory challenge that is too large to ignore.

Why this matters for financial crime risk

For financial crime specialists, the report is especially relevant because many of the most common AI use cases sit close to the controls that detect, prevent, and report suspicious activity. AI is already being used for fraud detection, transaction monitoring, sanctions screening support, cyber threat identification, and compliance automation. That means failures in AI governance can quickly become failures in financial crime controls.

IOSCO points to a key concern: advanced AI can be helpful in identifying suspicious patterns, but it can also introduce new blind spots. Poor data, weak oversight, third-party dependence, and misleading outputs may all reduce the reliability of controls that firms increasingly rely on to detect misconduct. In practice, that can mean missed alerts, false positives, inconsistent decisions, and weakened audit trails.

The report also highlights the risk of “hallucinations” in generative AI, where a system produces outputs that sound credible but are wrong. In a financial crime context, that is not just a technology flaw. It can affect customer due diligence (CDD), investigation support, internal escalation, and the quality of reports sent to supervisors or law enforcement.

Bastian Schwind-Wagner _Follow

"IOSCO’s new supervisory toolkit shows that AI is a core regulatory concern in capital markets, not just a technology trend. AI used in fraud detection, AML, sanctions, and compliance must be governed, tested, and documented as carefully as any other critical control.

The report also makes one point especially well: firms remain responsible even when AI is outsourced. As supervisors focus more on transparency, recordkeeping, and third-party risk, firms that cannot explain how their AI systems work, or prove that they are under control, will face growing regulatory pressure."

GenAI and Agentic AI raise the stakes

One of the most striking aspects of the report is its recognition that the risk profile changes as AI becomes more autonomous. IOSCO notes the rapid rise of generative AI, but also draws attention to emerging Agentic AI systems. These tools can plan tasks, use external tools, access data, and carry out actions with less direct human input.

That matters because more autonomy means less predictability. A system that can search, decide, and act across multiple steps may create risks that are harder to detect and harder to contain. IOSCO warns that poorly designed prompts, weak safeguards, and insufficient testing can lead to data compromise, exfiltration, operational failures, and cybersecurity issues. The concern is not limited to market conduct. It extends to how firms protect sensitive information, preserve information barriers, and avoid abuse of internal systems.

This is a reminder that AI governance cannot sit only with technology functions. It has to involve compliance, legal, risk, operations, and senior management. Where firms use AI to support monitoring or investigations, they need clear rules on what the system can see, what it can do, and who is accountable when it gets things wrong.

Supervisory expectations are becoming more concrete

The report does not create binding rules, but it does offer a structured supervisory framework.

IOSCO groups its toolkit around three layers:

1. areas of supervisory consideration,
2. tools for oversight, and
3. indicators and data sources for monitoring AI use.

That structure is important because it shows how regulators are likely to approach the topic in practice. They are not waiting for a single global AI law. Instead, they are applying existing regulatory principles to AI through governance, disclosure, recordkeeping, reporting, and third-party oversight.

IOSCO’s emphasis on proportionality is especially relevant. The report says supervisors should adjust expectations based on the risk of the use case. A low-risk back-office chatbot should not face the same scrutiny as an AI system used in trading, suitability, client advice, or fraud monitoring. But the larger or more systemic the firm, the higher the expectation may be, even for apparently lower-risk use cases.

That approach is likely to resonate with financial crime supervisors. A firm may view an AI tool as an efficiency gain, but if it supports AML monitoring, fraud detection, or transaction review at scale, weak controls can have serious consequences.

Governance is the first line of defense

A major theme of the report is governance. IOSCO repeatedly stresses that firms need clear accountability, board oversight, documented policies, and a firm-wide inventory of AI systems. That sounds basic, but it is often where problems begin.

The report points to common weaknesses such as no formal AI governance framework, no clear senior management responsibility, insufficient understanding of system design, poor training, and weak approval processes. For financial crime teams, this should sound familiar. These are the same governance gaps that often undermine fraud controls, sanctions controls, and AML monitoring.

IOSCO also says firms should have lifecycle controls from design through retirement. That means AI should not be assessed only before launch. It should be validated, monitored, updated, and eventually retired under controlled conditions. That is particularly important where AI models are fed by changing data or where outputs influence customer treatment, investigations, or suspicious activity decisions.

Third-party reliance is a major concern

Another strong theme in the report is outsourcing and dependency risk. IOSCO warns that many firms rely on third-party AI providers, cloud services, and shared infrastructure. That can create concentration risk and single points of failure.

This matters a great deal in financial crime. If multiple firms use the same vendor for screening, monitoring, or investigative support, a flaw in that vendor’s product can spread quickly across the sector. The report notes that firms remain fully responsible for outsourced functions, even when the technology is supplied by someone else.

IOSCO recommends due diligence, ongoing monitoring, testing using the firm’s own data, contingency planning, and contractual rights that permit oversight and audit. It also highlights the need to assess whether third-party transparency is sufficient and, if not, whether compensating controls are in place.

That is a practical warning to compliance teams. Vendor marketing should not be mistaken for vendor assurance. If a provider cannot explain how a model works, what data it uses, how it is updated, or how it performs under stress, the firm still has to prove that its own controls are strong enough.

Disclosure and AI-washing are now regulatory issues

The report also gives strong attention to disclosure. IOSCO says firms should clearly tell clients when AI is being used, explain the material limitations and risks, and avoid promotional claims that overstate capability.

This is where financial crime and conduct risk start to overlap. If a firm markets an AI-driven compliance or fraud solution as “best in class” or “fully autonomous” without evidence, that can amount to misleading disclosure. IOSCO explicitly refers to “AI-washing” and notes that some regulators have already seen false or exaggerated claims about AI use, implementation, and performance.

That warning extends beyond external marketing. Firms should also think about internal disclosure to boards, senior management, and supervisors. If a model is presented as reliable but is actually heavily dependent on manual review, unstable data, or frequent overrides, the governance picture is distorted.

Recordkeeping and reporting will be critical

IOSCO’s report is also a reminder that if AI cannot be documented, it cannot be properly supervised. The toolkit emphasizes recordkeeping across the full lifecycle, including design decisions, training data, model changes, outputs, incidents, overrides, and remediation actions.

For financial crime functions, this is especially important because many AI-assisted decisions may need to be reviewed later by auditors, regulators, investigators, or courts. If a firm cannot show why an alert was generated, why a customer was flagged, or why a case was escalated or closed, it may struggle to defend its controls.

The report suggests that supervisors may increasingly ask for AI inventories, validation records, incident logs, monitoring metrics, and information about third-party dependencies. It also notes that reporting should be timely and sufficiently detailed to support oversight without imposing unnecessary burden.

Monitoring will become more data-driven

IOSCO closes the toolkit with suggested indicators for supervisory monitoring, including AI adoption rates, production deployment, third-party dependency, incident frequency, model drift, and sector-specific performance metrics. In other words, regulators will want to see not just whether firms say they have AI governance, but whether the evidence supports it.

For firms, this implies a more measurable supervisory environment. Claims about model accuracy, bias controls, human oversight, and operational resilience will need to be backed by data. Over time, that may push the market toward more consistent testing standards and better evidence of control effectiveness.

The message for firms and financial crime teams

The report does not say that AI should be slowed down or discouraged. In fact, IOSCO accepts that AI can improve efficiency, enhance fraud detection, strengthen risk management, and support better client services. But it also makes clear that adoption without governance is not acceptable.

AI tools should be treated as regulated control infrastructure, not as convenience software. Firms need clear ownership, strong testing, reliable records, third-party oversight, and careful disclosure. They also need to be ready for systems that are more autonomous, less predictable, and harder to explain than the tools they replaced.

The regulatory direction is visible. Supervisors are moving toward risk-based, proportionate oversight that focuses on how AI is actually used, what harm it could cause, and whether the firm can demonstrate effective control. For institutions using AI in fraud, AML, or compliance, that means the bar is rising.