Merchant fraud and risk leaders should adopt a more proportionate approach to AI governance as regulators increase scrutiny of artificial intelligence in financial services, according to an AI specialist responding to the Financial Conduct Authority’s latest review of emerging technologies.
The FCA’s recent review highlights how AI has the potential to transform financial services while also amplifying risks around cyber crime, fraud and consumer protection. Among its recommendations is giving regulators stronger powers to oversee AI deployment as adoption accelerates across customer-facing operations.
Sally Hodgin (pictured), Principal AI Consultant at global customer experience systems integrator Connect, believes organisations should avoid treating every AI application as presenting the same level of fraud and operational risk.
“The key questions should be what data an AI system can access, what actions it is authorised to take, how significant the outcome is, and whether organisations can explain, test and audit its decisions,” she said. “Governance should be proportionate to those factors.”
The comments reinforce the importance of understanding how AI is deployed within payment journeys, customer authentication, dispute management and fraud prevention workflows, rather than viewing AI as a single technology category.
Hodgin argues that the greatest risks emerge when AI systems move beyond providing recommendations and begin taking actions on behalf of customers or businesses, making robust oversight and auditability increasingly important.
She also warns against relying exclusively on large, general-purpose language models for high-risk customer interactions.
“The real test is not whether an AI system performs well in a pilot, but whether it can operate reliably in live customer environments,” she said. “In financial services, that means accurately recognising customer information, handling defined processes predictably and operating within secure, auditable frameworks.”
Instead, Connect advocates a “right-sized” approach to AI deployment, combining specialist models, deterministic controls and secure system architectures for high-volume, customer-critical processes, while reserving larger AI models for tasks that genuinely require advanced reasoning and contextual judgement.
The approach is particularly relevant as merchants, payment providers and financial institutions increasingly deploy AI across fraud detection, customer support and identity verification. Ensuring models are appropriately governed, explainable and aligned to the level of operational risk will be essential to maintaining customer trust while satisfying growing regulatory expectations.
As AI becomes more deeply embedded in fraud prevention and payment ecosystems, merchant risk teams are likely to face increasing pressure to demonstrate that automated decision-making is not only effective, but transparent, controllable and resilient against emerging fraud threats.


