French Finance Embraces AI, but the AMF Warns Governance Must Catch Up

Key Takeaways

• AI Adoption Is No Longer Experimental: 90 percent of French financial market participants are already using AI or plan to adopt it in the near term.
• Governance Is the Primary Risk: Data protection, accountability, and over-reliance on automation are the main concerns flagged by firms and regulators.
• Third-Party Dependence Raises New Questions: Heavy reliance on a small number of non-European AI providers increases concentration and oversight risks.
• Human Oversight Remains Critical: Most firms are formalising “human-in-the-loop” controls to prevent unchecked automation.
• Investor Protection Is the Next Test: As client-facing AI grows, regulators are watching closely for new risks to retail investors.

Deep Dive

A new study published by the Autorité des Marchés Financiers (AMF) finds that 90 percent of French financial market participants are already using AI or plan to do so within the next 12 months. More than half of those use cases are already live in production environments. Yet as adoption accelerates, the regulator is increasingly focused on the governance, data protection, and human oversight risks that come with embedding AI into core financial operations.

The report, AI use by financial market participants in France, is based on responses from 100 supervised entities, listed companies, and audit and advisory firms. It was conducted as part of a wider European initiative led by the European Securities and Markets Authority, reflecting growing regulatory concern that AI is moving faster than the controls designed to manage it.

The AMF’s findings confirm that AI is already deeply embedded across the sector, particularly in large firms. Generative AI stands out as the most widely used technology, and almost all large institutions expect their AI spending to increase over the next two years.

For now, however, AI remains largely an internal tool. Around 83 percent of reported use cases are focused on productivity and operational efficiency. Firms are using AI to extract and analyze data, monitor activity, summarize information, and assist with drafting regulatory and internal documents. Client-facing applications remain limited, accounting for just 17 percent of use cases, with only 1 percent directly tied to the provision of investment services.

That imbalance is not accidental. According to the AMF, firms appear cautious about deploying AI in ways that could directly affect investors, a hesitation driven in large part by unresolved governance and accountability questions.

Governance and Data Protection Top the Risk Register

While respondents widely acknowledged AI’s ability to cut costs and process large volumes of data, the study shows that governance risks are front of mind. Data protection, model transparency, and the danger of over-reliance on automated systems without sufficient human supervision were cited as the most significant concerns.

These risks are compounded by the way AI is being sourced. Most firms rely on off-the-shelf solutions from specialised third-party providers rather than developing systems in-house. The AMF notes a heavy dependence on a small number of non-European providers, raising questions about concentration risk, data localization, and long-term resilience. Hosting models are typically hybrid, combining internal infrastructure with commercial cloud services, adding another layer of complexity to oversight.

In response, 72 percent of surveyed entities report having implemented internal AI governance policies. These frameworks typically cover data security, access controls for large language models, model explainability, and formal “human-in-the-loop” requirements. Many firms also restrict employee access to public AI tools and emphasize training as a core control, recognizing that governance failures often stem from misuse rather than malicious intent.

Different Sectors, Similar Concerns

The study highlights sector-specific uses of AI, but the same governance themes recur across activities. Asset managers and investment services providers are using AI to strengthen compliance processes and support decision-making, while market infrastructures rely on it for transaction monitoring, market abuse detection, and cyber incident management. Listed companies and professional services firms are increasingly turning to AI for document-heavy tasks such as regulatory drafting and contractual review.

Across all of these areas, the AMF points to a common challenge of ensuring that responsibility remains clearly with management bodies, even when decisions are informed or assisted by automated systems. The rise of AI is also reshaping supervision itself. The AMF confirms that it has begun deploying AI within its own supervisory tools, using it to strengthen fraud detection, enhance market surveillance, and automate the analysis of regulatory documents. At the same time, the regulator stresses that supervisory expectations around accountability, transparency, and continuous oversight remain unchanged.

At the European and international level, work by International Organization of Securities Commissions reinforces that message. Management bodies remain responsible for AI systems, regardless of whether tools are developed internally or sourced from third parties.

For the AMF, particular attention is now turning to the gradual expansion of client-facing AI and the growing use of AI tools by retail investors. While these developments offer new opportunities, they also raise investor protection concerns around information quality, data security, and the absence of safeguards typically available to professional users.

“Building a common understanding of how AI is used and governed is essential,” said AMF Chair Marie-Anne Barbat-Layani. “It is the only way to ensure that existing rules are properly applied and, where necessary, adapted to protect investors and manage the risks associated with these technologies.”

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.