Finance & Economy

AI in finance in 2026 sits between substantial efficiency gains in research and documentation and one of the densest regulatory regimes worldwide. This hub page shows which tasks in banking, insurance and asset management actually benefit from AI in practice, where BaFin, FINMA, SEC, FINRA, DORA and the EU AI Act draw hard lines, and how productive setups in DACH wealth managers and US bank-IT teams actually look. Deliberately without trading-bot marketing — autonomous investment decisioning remains legally and practically unviable.

Where does AI pay off in Finance & Economy?

Market research and trend synthesis is the most common entry point. Perplexity or Claude with long context read analyst reports, annual filings and press releases, extract key statements and produce structured market overviews. Realistic time gain per sector update: 6 hours down to 1.5 hours. Important: source attribution is mandatory because hallucination risk on KPIs is real and directly costs money on bad recommendations.

Investment letter drafts is the second lever in asset management. From client profile, investment strategy and current market data, the LLM generates a complete letter draft that the licensed advisor reviews, customizes and signs off. Consistency goes up, time per letter drops by an estimated 60 %. Prerequisite: client data is pseudonymized before LLM call, the advisor remains the final authority — not out of courtesy but because §31 WpHG, FIDLEG and the SEC/FINRA suitability rules (Reg BI in the US) assign advisory responsibility strictly to a licensed person.

Compliance documentation and KYC support is the third area. AI structures incoming KYC documents, checks plausibility and suggests risk classifications — the AML officer makes the final call. For suspicious-activity pre-screening the LLM helps surface patterns a human rarely catches across 200 transactions. SAR/STR filings themselves remain manually drafted and signed.

Multilingual client correspondence is the fourth lever. DeepL Pro for accurate translation, Claude or ChatGPT for stylistic polish in the target language. Quarterly updates to international investors, complaint replies and onboarding mails run in 8–12 languages without an external translation agency. Prerequisite: a glossary of regulatorily relevant terms — mistranslations of “risk class” or “recommendation” can have regulatory consequences.

Quarterly-report drafts and investor relations is the fifth area. Based on financial figures and prior-quarter reports the LLM produces a structured first draft that the CFO and IR team finalize. Cross-quarter consistency improves measurably because the model uses the last four reports as few-shot context. Final review stays human because misstatements in quarterly reports are sensitive under ad-hoc disclosure rules in Europe and SEC Reg FD / Sarbanes-Oxley in the US.

Internal regulatory knowledge base is the sixth lever. A RAG setup against MaRisk, KAGB, Solvency II, BaFin circulars, SEC releases and FINRA notices answers 70 % of recurring compliance questions from the operating business. The compliance team is freed up without anyone relying on the model’s parametric knowledge of regulation. Quarterly refresh of source documents plus clear versioning is more important than the choice of model — outdated circulars in the index are a bigger compliance trap than a slightly weaker LLM.

Practice examples from DACH and the US

Both setups follow the same pattern: AI assists in research, documentation and correspondence; regulatorily sensitive decisions remain human or run through compliance plus advisor sign-off. The tool stack follows the supervisory posture — DORA-compliant third-party contract and MaRisk-aligned IT outsourcing are prerequisites, not optimizations.

Zurich-based wealth manager (120 staff, FINMA-licensed). Claude Enterprise as primary LLM for investment-letter drafts to private clients, ChatGPT Enterprise as a second tool for market research. Workflow: from client profile and the in-house investment strategy Claude generates a complete letter draft in German or English, the responsible advisor reviews professionally, adds personal accents and signs off. Effect after nine months: time per letter down from 75 to 28 minutes, output per advisor per week up by 65 %. Stumbling block: in the early weeks the model occasionally cited performance figures from training data instead of from the current RAG context. After introducing a “only cite data from context” prompt plus explicit source tags the wrong-data rate dropped to near zero. FINMA-aligned IT outsourcing was updated before rollout, the compliance officer has sample-review rights on all AI drafts.

Frankfurt bank-IT team (300 IT staff, BaFin-supervised). Microsoft Copilot Studio plus Cursor for test-coverage boost in core-banking system development. Workflow: Cursor proposes unit tests for every new function, Copilot Studio orchestrates test generation across multiple code repos. Test coverage rose from 47 % to 81 % in six months, time-to-production for regulatory releases dropped by 35 %. DORA-compliant third-party contracts with Microsoft and Anthropic were finalized before rollout; the concentration-risk review identified the need for a multi-vendor strategy — the team now deliberately uses two LLM providers to avoid lock-in. Important: AI generates only tests and boilerplate; critical logic stays human-written and four-eyes reviewed, as MaRisk AT 7.2 demands for core-banking software.

Risks & compliance — the five pillars

Finance is among the densest regulatory fields worldwide. These five pillars must be worked through before any AI rollout.

Banking and securities supervision (BaFin, FINMA, SEC, FINRA): Requirements for automated investment advice, robo-advisory and AI-driven risk assessment are specified in MaRisk, MaComp, FINMA Circular 2018/3, SEC Reg BI and FINRA Rule 2111 (suitability). Required: documented outsourcing strategy, risk management, periodic audits. Robo-advisory that issues investment recommendations autonomously needs separate supervisory authorization — AI as a draft tool for licensed advisors is much simpler.

DORA and US operational-resilience equivalents: DORA fully applicable since 17 Jan 2025. LLM providers become critical third-party providers when supporting critical functions: audit rights, data-localization clauses, exit strategies and ICT risk-management framework are contractual duties. In the US, FFIEC vendor-management guidance and OCC Bulletin 2013-29 cover similar ground. Concentration risks must be actively monitored — multi-vendor strategy for strategic LLM workloads is best practice 2026.

GDPR / GLBA + banking and sectoral secrecy: Banking secrecy, insurance secrecy, the German criminal code §203 and US Gramm-Leach-Bliley layer on top of GDPR/state privacy laws (CCPA, NYDFS Cybersecurity Rule). Cloud LLMs without regional hosting and a documented pseudonymization pipeline are effectively excluded. Right to erasure / consumer-rights requests extend to AI logs and generated drafts. Sub-processor list must be reviewed — a single misaligned sub-processor can make the transfer Schrems-II-problematic.

EU AI Act + high-risk: Credit scoring, insurance risk assessment and automated investment advice fall under Annex III as high-risk systems. Required: conformity assessment, risk management, logging, human oversight, transparency to clients. Penalties up to EUR 35 million or 7 % of global turnover. Tools like ChatGPT used as a pure draft helper for advisors usually fall outside — the workflow’s intended use decides.

AML/KYC and anti-money-laundering: The Geldwäschegesetz, FinmaG, US Bank Secrecy Act and FinCEN guidance assign personal responsibility for SAR/STR filings to the AML officer. AI may assist — suspicious-pattern suggestions, document plausibility, pre-screening — but not decide. BaFin Circular 5/2023 is explicit: fully automated KYC classification is not permitted; FinCEN’s 2024 statements on AI-driven monitoring make the same point.

What does NOT work: Using AI as the final authority for investment recommendations. Letting KYC decisions be made without human validation. Selling LLM output as a “predictive trading signal” — marketing-law sensitive, supervisorily risky and rarely better than a well-calibrated classical model. Using consumer-tier plans (ChatGPT Plus, Claude Pro personal) for client or bank data.

Related topics

Foundations: Generative AI explains language models, RAG architectures and why long-context models matter for quarterly-report work. The comparison ChatGPT vs. Claude shows which generalist suits long financial texts and context-rich client letters better — Claude tends to lead on long context and conservative answer behavior under regulated oversight. Related use cases: Public Sector & Law for the compliance-sister area, Software Development & IT for the bank-IT sister, and Customer Support & Service for multilingual investor hotlines.

A deeper understanding of regulatory risks (EU AI Act, DORA, SEC, BaFin) is offered by our chapter AI Risks. Credit-scoring bias and the 2019 Apple Card incident (lower limits for women with identical income) show the direct discrimination dimension — covered in Bias & Fairness, including ECOA, BaFin and equal-credit obligations. Compliance reports and client letters benefit from strict output constraints and negative prompting against impermissible investment advice — patterns in the Prompt Engineering guide.