Regulating AI in Real Time: SupTech and Bank Oversight

Simon Carver

Welcome back to The Human Workforce Podcast. I’m Simon Carver, and today we’re looking at a shift that, honestly, would have sounded a little extreme not long ago. The most powerful AI in banking today may not belong to the banks. More and more, regulators are no longer standing outside the system, reviewing what happened last quarter and sending follow-up questions a month later. They’re moving inside the flow itself, building AI that can monitor, interpret, and challenge financial decisions almost as they happen. And that changes the balance of power in a very serious way.

Lachlan Reed

Yeah, and that’s the bit that makes your ears prick up. We’re not just talking about banks automating bits and pieces anymore. We’re talking about autonomous systems making decisions at speed, and the referee’s gone, right, if that’s the game now, we need machines too. Which is a bit wild. Your AI’s out there doing the job, and somewhere over its shoulder there’s another AI squinting at it like a suspicious neighbour over the fence.

Simon Carver

Exactly. Traditional oversight was built for a slower world. You had reporting cycles, manual reviews, periodic audits, static models, and lots of documentation assembled after the fact. That approach assumes decisions are relatively discrete, relatively understandable, and made at a pace humans can revisit. But if autonomous systems are pricing, approving, routing, flagging, or acting continuously, then oversight that arrives weeks later is not really oversight. It’s archaeology.

Lachlan Reed

That’s it. You can’t regulate a Formula 1 race with a clipboard and a stopwatch. By the time you’ve scribbled down lap one, three cars have crashed, two have pitted, and someone’s won. Same thing here. If the system’s making decisions in real time, the old quarterly-review setup is basically rocking up after the barbecue and asking who lit the fire.

Simon Carver

And underneath that is a deeper issue. This is no longer just compliance in the old sense. It’s becoming a question of control, accountability, even what I’d call algorithmic sovereignty. Who gets to define acceptable behavior when machine agents are acting inside financial systems? The institution that built the model? The regulator supervising the market? The courts, later, when something goes wrong? Those boundaries are being renegotiated.

Lachlan Reed

And there’s a practical headache too. A lot of people still picture regulation as forms, checklists, maybe a grim PDF. But that doesn’t fit autonomous finance. If an AI agent can make a chain of decisions faster than a human team can even spot the pattern, then the regulator can’t just be an observer. They’ve gotta be, well, an active participant. Watching continuously, not just peeking in after the horse has bolted and pinched the ute.

Simon Carver

Right. Continuous surveillance sounds harsh, but that’s where this appears to be heading. Not because regulators suddenly want to become software companies for fun, but because the thing they are supervising has changed shape. If institutions deploy intelligent systems that adapt, optimize, and act with increasing autonomy, then supervisors need comparable tools just to maintain visibility.

Lachlan Reed

Which is why this feels a bit like an arms race, doesn’t it? Banks build smarter autonomous systems to move faster, cut friction, maybe manage risk better. Regulators answer by building smarter supervisory systems to see deeper and respond faster. Nobody really gets to stay analog in that setup. Even the watchdog needs upgrades.

Simon Carver

And for people working in finance, I think this matters more than it first appears. The story is not simply that machines are replacing decisions. The story is that every institution now has to prove its machine decisions can be governed. That’s a very different standard. It means your operating model, your controls, your documentation, and your human accountability all have to evolve together.

Lachlan Reed

Yeah. The job’s not just building the clever thing anymore. It’s building the clever thing so it can be watched, questioned, and if needed, stopped. Which, I’ll be honest, is less sexy than the demo day version of AI. But it’s the real-world version. And usually the real world turns up wearing steel-capped boots.

Simon Carver

So let’s talk about what regulators are actually doing. The broad term here is SupTech, supervisory technology. And the important point is that regulators are starting to use AI to supervise AI. That can mean bots monitoring bank data lakes in real time, systems detecting flash-risk patterns or behavioral anomalies, and large language models scanning consumer complaints for signs of bias or misconduct. In other words, supervision becomes computational.

Lachlan Reed

Yeah, fighting fire with fire. Or maybe fighting bots with bigger bots. So now your AI isn’t just doing the job, it’s being watched by another AI that reports it. Very comforting. Like your coworker, your boss, and internal audit all got rolled into one robot and none of them laugh at your jokes.

Simon Carver

And what that changes is speed. If the regulator can see patterns as they emerge, not months later, then intervention can also happen earlier. That matters for risk, for consumer harm, and for market stability. It also means regulators are becoming, in a real sense, technology organizations themselves. They need data infrastructure, model capabilities, and technical talent just to keep up with the systems they oversee.

Lachlan Reed

And then you hit the next wall: explainability. Because if a bank says, well, the model decided it, that’s not gonna cut it anymore. Black-box AI starts looking less like innovation and more like liability. If a customer gets denied, charged, flagged, or nudged by a machine, someone’s gotta explain why in plain English. Not in weird model soup.

Simon Carver

That is quickly becoming the legal center of gravity. The expectation, from what we can see in the source material, is moving toward human-readable audit trails, traceable decision paths, and outputs that can be defended in court. If you cannot explain the decision, you may not be able to deploy the system responsibly. Some people will hear that as a brake on innovation. I tend to see it as the price of using autonomy in high-consequence environments.

Lachlan Reed

I’m with you, mostly. Though I can hear the builders groaning already. Because the messy truth is some of the flashiest systems are also the hardest to unpack. But finance isn’t a toy aisle. If the thing can move money, affect credit, or whack a customer with a bad outcome, “trust us, the model vibes were strong” is not a legal strategy. Not even close.

Simon Carver

And this gets even more complex with agentic payments and consent. We are moving from human authorization, click by click, toward programmatic mandates where an AI agent may act on a user’s goals. That shifts the liability conversation. Responsibility may be tied less to each individual action and more to the instruction framework behind it. We spent years designing security around passwords, approvals, and explicit user actions. Now the challenge is how to govern systems acting on delegated intent.

Lachlan Reed

Yeah, that one’s a brain-bender. We spent decades securing passwords, now we’re trusting goals. That’s a huge change. If I tell an agent, keep my cash flow smooth, cut costs, pay suppliers on time, and then it does something wonky, what exactly did I consent to? The action? The objective? The boundaries? Even a kangaroo could trip over that one.

Simon Carver

Which is why standards matter. The EU AI Act is especially important here because it pushes financial AI systems toward a high-risk framing, with conformity assessments and broader compliance pressure. Even firms outside Europe may feel the effect if they operate globally. We’ve seen this before: one major regulatory regime can become a practical global standard because multinational institutions don’t want ten different rulebooks.

Lachlan Reed

And there’s a useful flip side to all this, which is sandboxes. Regulators aren’t only saying no. They’re also setting up places to test things safely, co-testing environments, even digital twins of financial systems where you can see how a new model behaves before it’s let loose in the wild. Which is probably smarter than the old method of launching first and then acting shocked when it chews through the furniture.

Simon Carver

That may be the most constructive part of the story. The future of banking will increasingly be tested before it exists. And that leads to the bigger reframing. A safe bank is no longer defined only by capital reserves. It is defined by governed algorithms, transparent decisions, and accountable humans. The most valuable people in finance are not just operators or technologists. They are governors of intelligent systems.

Lachlan Reed

Yeah. That’s the real promotion path hiding in plain sight. Not just can you build it, run it, or sell it, but can you govern it when it starts acting at speed. Can you explain it, challenge it, and own it when things go pear-shaped. That’s the job. Good one, Simon.

Simon Carver

Thanks, Lachlan. And thanks for listening, everyone. We’ll keep following where AI changes not just work, but authority itself. See you next time.

Lachlan Reed

Catch you next time.