Investment firms have spent the last several years integrating AI into the parts of their operations where the returns looked clearest: research synthesis, compliance screening, trade monitoring, portfolio analysis. Most of that work has gone reasonably well. But a quieter problem has been building alongside it. As automation moves deeper into daily workflows, the industry must decide how and where to include human oversight.
When AI governance documents say humans are in the loop, day-to-day operations may tell a different story.
This is not, at its core, a technology problem. The tools firms are using are increasingly capable, and the infrastructure supporting them is more mature. The challenge relates to both organization and culture. How do you sustain meaningful human oversight at scale without turning every workflow into a bottleneck? How do you know when the review happening on paper is actually the review that matters?
Human oversight is easier to require than to sustain
Most investment firms that have deployed AI in risk-sensitive workflows have also put human review requirements around them. On paper, the oversight exists. In practice, the experience is more complicated.
Moody’s 2025 global study of 600 financial services risk and compliance professionals found that roughly 84% agree AI offers significant advantages. Even so, only 30% say they see those benefits clearly reflected in their day-to-day operations. The findings suggest confidence in the tools has moved faster than confidence in the systems meant to govern them.
When technology advances and the oversight model stands still, it starts to feel like friction. Review steps, once embedded into high-volume workflows, tend to compress over time. Queues grow, exceptions multiply, and the humans nominally in the loop begin to defer to AI outputs. Often, disagreeing with them requires justification that takes time they don’t have.
What began as a meaningful review quietly becomes ratification. The governance record looks good, but the judgment has already been delegated.
The bottleneck trap has made things worse
Many firms designed their oversight models during a period when AI was handling smaller, more discrete tasks. Now, automation has expanded across reconciliation, compliance monitoring, investor reporting, and research preparation. The volume of AI-generated outputs requiring human review has grown. The staffing and organizational capacity for that review has not kept pace.
The result is predictable: review steps that exist formally carry little real scrutiny. The reviewer lacks the time, context, or tools to engage meaningfully with what is in front of them.
Firms that tried to enforce strict human review on every AI output found their operations slowing to a crawl. Many responded by loosening the requirements, but this often occurs informally. They lack a clear framework for where the new line should be.
Over time, the oversight model starts to erode. Firms must be more deliberate about which decisions genuinely require human judgment, and design oversight around that distinction rather than applying uniform approval requirements across all automated outputs.
Fiduciary accountability still points to humans
Whatever operational accommodations firms make, the legal and regulatory architecture of investment management does not bend to accommodate them. The Investment Advisers Act of 1940 built its core obligations, the duty of care and the duty of loyalty, around human discretion and judgment. AI makes those duties harder to discharge consistently.
FINRA’s 2026 Regulatory Oversight Report reinforces the point from a supervisory direction. Its dedicated section on generative AI makes clear that AI agents acting without human validation in portfolio recommendations, trade execution, or client communications create direct supervisory exposure. The guidance requires that firms demonstrate they understand what their automated systems are doing and that humans remain accountable for the outcomes.
Three human oversight models that investment firms are using today
The industry has not arrived at a single, best -practice approach. What is emerging instead is a spectrum, with different models appropriate for different risk levels and workflow types. Moody’s research provides a useful framework for understanding how firms are drawing these distinctions in practice.
Human in the loop
In this model, a human takes part in every decision cycle. AI aggregates data and surfaces a recommendation, but a professional reviews and signs off before the AI takes any action. This approach provides the highest level of assurance and most directly satisfies regulatory expectations. It is appropriate for high-risk outputs: investment recommendations, unusual trading patterns, client communications, and compliance determinations that could carry enforcement exposure. The trade-off is that it does not scale well. Applied to high-volume, lower-risk processes, it becomes the bottleneck problem described above.
Human on the loop
Here, AI makes decisions within defined parameters, but a human monitors the process and retains the right to intervene. This model is increasingly common in medium-risk, high-volume processes like reconciliation exception handling, compliance flag triage, and investor reporting preparation. It is more operationally sustainable than human-in-the-loop at scale, but it requires robust monitoring infrastructure to be meaningful. If the human in the loop lacks visibility into what the AI is doing, the oversight becomes nominal rather than real.
Human out of the loop
Fully autonomous AI operation, without human review of individual decisions. Only about 5% of risk and compliance professionals say they are comfortable with fully autonomous systems, and that group is concentrated largely at fintechs operating at the boundaries of current practice. For investment firms managing client assets under fiduciary obligations, this model is appropriate only for genuinely low-risk, rules-based processes where the parameters are well-defined, the outputs are auditable, and the business and regulatory stakes of an error are limited. The test is whether the firm can defend the decision to remove human judgment from that part of the process entirely.
In Moody’s survey, 42% of respondents believe human oversight is mandatory and that this view is not going to change as AI becomes more capable. What is shifting is the level within the organization at which oversight operates. For lower-risk, routine work, oversight is moving from operational decision-making toward quality assurance and quality control/
Culture is the variable firms underestimate
The three oversight models above are frameworks. Whether they function in practice depends almost entirely on organizational culture, and that is where many firms are struggling most.
Research from Addepar articulates part of the problem clearly: effective oversight is about ensuring AI systems accurately reflect how the firm actually operates. That is a much harder task, and it requires sustained human engagement with AI systems as operational stewardship. When the culture treats human review as a box to check on the way to a decision that has already been made, oversight degrades even when the formal structure is in place.
There is also a subtler dynamic at play. Research on human-AI collaboration in investment contexts shows that people tend to trust advice presented as coming from a human more than equivalent advice labeled as AI-generated, even when the content is identical. This suggests that the deference to AI outputs observed in practice may reflect a broader uncertainty among analysts and compliance professionals about when their judgment actually adds value relative to a model’s output. Building cultures in which professional judgment is exercised actively requires deliberate attention from leadership.
What the better-performing firms are doing differently
The firms that are managing this well share a few characteristics that are less about technology choices and more about organizational design. They do the following:
- Define oversight roles deliberately. Instead of applying uniform review requirements across all automated workflows, they have mapped their AI deployments against risk tiers and assigned oversight responsibilities that match those tiers. The people conducting high-stakes reviews have the time, context, and tools to do them meaningfully.
- Treat oversight as a capability that requires investment. Accenture’s 2025 technology research found that 77% of executives believe AI’s value can only be unlocked when systems are built on a foundation of trust defined in terms of accuracy, consistency, predictability, and traceability. Traceability is a human oversight requirement. It means that when something goes wrong, or when a regulator asks, someone can explain what happened and why. Firms that have made that kind of auditability a design requirement are better positioned to demonstrate meaningful oversight when it matters.
- Recognize that oversight and speed are not inherently in conflict. The goal is to ensure the right review at the right stage, with the infrastructure to make that review fast and well-informed. That often means better tooling for the humans doing the reviewing: clear exception workflows, accessible audit trails, and monitoring dashboards that surface the signals that genuinely warrant attention rather than flooding reviewers with noise.
The human oversight model is still being written
Regulators, industry bodies, and leading firms are still working out what responsible AI oversight looks like across investment workflows. The Alternative Investment Management Association recommends that advisers establish governance committees, model validation programs, vendor oversight protocols, and human-in-the-loop controls. It frames AI governance explicitly as “an extension of fiduciary oversight.”
The CFA Institute has raised the same question: when AI trades, who is responsible? The answer, across every regulatory jurisdiction currently active on this issue, is the human fiduciary. That principle is not going to change.
What will change is the tooling and organizational design that makes meaningful oversight practical at scale. The firms establishing clear frameworks, investing in monitoring infrastructure, and cultivating cultures where professional judgment is expected and rewarded will be better positioned when regulatory expectations sharpen further. More importantly, they will have built something their competitors cannot easily replicate: operating models in which human oversight is embedded in the work.
How Option One Technologies supports investment firms with human oversight
Option One Technologies works with investment companies, hedge funds, private equity firms, and asset managers to build the operational and technology foundation that makes this kind of oversight sustainable. To learn more about how we can help your firm build AI-ready infrastructure with governance built in, contact our team.
