A senior partner at a mid-sized wealth management firm told me recently that she’d spent six months evaluating AI tools, sat through fourteen product demos, and still couldn’t answer one basic question: what will this actually do in my firm, on a Tuesday afternoon, when a paraplanner needs it to work? That question is the right one. The demos never answer it.
The AI market in 2026 is not short of capability. It is short of honesty about the gap between what a system can do in a controlled environment and what it will do reliably in yours. This article is an attempt to close that gap, for a specific kind of firm, without either dismissing AI or overselling it.
What can today’s AI actually do well
The clearest honest answer: today’s AI is very good at working with text that already exists.
Summarising a lengthy document, drafting a first version of a letter from structured notes, extracting key terms from a contract, reformatting data between systems, answering questions about a fixed knowledge base, these are tasks where current AI performs reliably and where the productivity gains are real and measurable. For a financial planning firm, that covers a meaningful portion of the administrative and documentation work that currently occupies highly paid people.
The reason it performs well here is structural. Language models are trained to predict plausible text. When the task is “produce text that looks like this source material, structured in this way”, the model is doing exactly what it was built for. The ceiling is high and the floor is higher than most people expect.
The question isn’t whether AI can help your firm. It’s whether you’ve found the right task for the capability that actually exists.
Where AI falls down, and why it matters in a regulated context
This is equally clear: today’s AI is unreliable when it needs to be correct rather than plausible.
Language models hallucinate. They generate text that reads as confident and well-structured but contains errors, sometimes minor, sometimes fundamental. This is not a bug that vendors are about to fix. It is a property of how these systems work and it will carry on like this. These models do not know what they don’t know. When it lacks information, it fills the gap with what sounds right.
For most consumer applications, this is a minor inconvenience. For a firm producing a suitability report, a client communication, or any document that sits under FCA scrutiny, it is a serious operational risk. Any AI output used in a regulated document or decision requires human review before it is finalised. This is not optional, and no vendor can responsibly tell you otherwise.
The sub-1% hallucination rate achievable with “grounded” AI, systems constrained to answer only from a specific, defined knowledge base rather than from general training, is meaningfully better [1]. Tools operating this way have a material compliance advantage for regulated use cases. But even then, the human review step does not disappear. It narrows the risk; it does not eliminate it.
The governance gap is the real risk right now
There is a pattern emerging that is worth naming plainly. Executives are making decisions about AI deployment, including decisions about staffing and process redesign, based on an understanding of what AI can do that does not match the operational reality of running it day to day [2]. The consequence is not primarily a technology failure. It is a governance failure: the gap between what a firm’s AI tools are theoretically capable of and what the firm’s processes, oversight structures, and staff can actually manage.
The FCA and Bank of England issued a joint statement earlier this month signalling that AI governance for UK-regulated firms is moving from voluntary best practice toward active regulatory expectation [3]. The direction of travel is clear, even if the specific rules are still forming.
What this means practically is that deploying AI without documented oversight, defined human review points, and clear accountability for outputs is no longer just a reputational question. It is the kind of operational control gap that regulators will ask about.
What to do, a practical starting point for a firm your size
This does not need to be a large project. It needs to be honest.
First, map what AI is already in use. This is more work than it sounds. Staff are using AI tools, ChatGPT, Copilot, Gemini, others, whether or not there is a policy permitting it. Before you can govern it, you need to know where it is. A structured conversation with team leads, not an audit, is usually enough to surface the picture quickly.
Second, separate the tasks where AI is low-risk from those where it isn’t. Drafting a first-pass meeting summary from structured notes: low-risk, easy to review, human has full context to catch errors. Generating content that goes into a suitability letter with minimal oversight: high-risk, difficult to catch errors under time pressure, regulatory exposure is real. Most firms have both types of use in play simultaneously, without having made that distinction explicitly.
Third, establish a review step for any AI output that touches a regulated document or client communication. Not a committee. Not a policy document that no one reads. A practical habit: the person who uses the AI output is also the person responsible for checking it before it goes anywhere. That accountability needs to be explicit.
Fourth, apply the same supplier due diligence to AI tools that you’d apply to any critical third party. Where does the data go? Who hosts it? What are the data retention and deletion terms? For firms that cannot route client data through public cloud infrastructure, on-premise or private deployment options are now a commercial reality, not a specialist procurement [4]. These are legitimate questions to put to any AI vendor.
The capability levels worth knowing
When I work with firms on AI decisions, I use a simple three-level framework to avoid both underinvestment and overengineering.
Level 1 (education): The answer already exists inside a tool you pay for. A better prompt, a template, fifteen minutes of guidance. Free or nearly free, available today. Most firms are sitting on significant untapped capability here.
Level 2 (integration): Two or three tools that need to talk to each other. Configuration work, not engineering. Typically days to weeks and a few hundred to a few thousand pounds. This is where automation of routine workflows lives.
Level 3 (custom build): Real engineering. Bespoke pipelines, complex logic, four to twelve weeks, scoped carefully. Only when the problem genuinely needs it.
We always try Level 1 first. The majority of firms who contact me thinking they need a Level 3 build actually need Level 1 or 2. That’s not a criticism, the vendor market actively obscures this, because Level 3 is where the revenue is.
The honest summary
Current AI is genuinely useful for a financial advice firm. It can reduce the time spent on documentation, drafting, and information retrieval in ways that are meaningful and measurable. It is not reliable as an autonomous decision-maker, not safe to deploy without human oversight in regulated contexts, and not a substitute for the judgement that your qualified staff apply to client situations.
The firms getting real value from AI right now are not the ones that deployed the most tools. They are the ones that identified specific, bounded tasks where AI genuinely helps, built simple review habits around the output, and avoided the governance gap that makes regulators nervous.
If you’d like to think through what that looks like for your firm specifically, a discovery call with Cordrey Consulting is a good place to start.
This article is for informational purposes only and does not constitute regulated financial advice or a compliance opinion. Consult a qualified compliance professional for advice specific to your firm.
Sources
- [1] Google / NotebookLM documentation on grounded generation, referenced in context of sub-1% hallucination rate when constrained to uploaded documents. Vendor-sourced.
- [2] AI Digest briefing summary, 2026-05-30, executive decision-making risk; underlying theme drawn from general industry reporting on AI governance maturity gaps. Internal briefing, not for citation, reflects pattern across multiple published sources including McKinsey Global Institute AI adoption research.
- [3] FCA and Bank of England joint statement on AI governance, May 2026, signalling shift from voluntary best practice toward active regulatory expectation for UK-regulated firms.
- [4] Dell, OpenAI on-premise partnership announcement, May 2026, confirming managed, regulated deployment paths as a commercial product category for regulated professional services firms.