Financial Services Firms Rapidly Integrate AI, but Validation and Third-Party Oversight Still Lag, Survey Finds

NEW YORK & LONDON--(BUSINESS WIRE)--Financial services firms have entered a new phase of AI adoption, moving from exploration to full operational integration, according to the 2025 AI Benchmarking Survey by ACA Group (ACA) and the National Society of Compliance Professionals (NSCP).

This year’s survey found that 71% of firms now formally use AI, a 26-point increase from 2024, underscoring a major inflection point for the industry. This includes 11% who are using AI tools for both internal and external purposes, up from 8% in 2024. Firms are embedding AI into compliance, research, and operational processes, and more are establishing acceptable-use policies, governance committees, and recordkeeping procedures.

The 2025 AI Benchmarking Survey, conducted online in September and October, gathered responses from hundreds of compliance professionals, including chief compliance officers (CCOs), chief legal officers, and information security leaders, representing both ACA clients and NSCP members.

“Firms have moved past the experimental phase and are now using AI to drive real outcomes,” said Aaron Pinnick, Senior Manager, Thought Leadership, ACA. “We’re seeing measurable efficiency gains and more robust governance structures taking hold, but also recognition that oversight needs to catch up. Validation of AI outputs, technical controls, and third-party monitoring of AI use will determine how sustainable these early gains prove to be.”

Other key findings include:

• AI is delivering measurable efficiency gains: More than half of compliance leaders (53%) now report that AI has improved their programs’ efficiency, up from 31% last year. The share seeing “no impact” dropped from 68% to 43%, indicating that the technology’s benefits are becoming tangible. Among CCOs, AI is most used for policy and procedure development (69%), monitoring and testing activities (63%), and communication and training (60%).
• Firms are closing the AI policy gap: Seventy percent (70%) of firms reported having established policies and protocols to govern employees’ AI use, with another 23% reporting that they were in the process of drafting policies. Only 6% of firms reported not having any employee AI use policy, down from 18% in 2024.
• Governance structures are forming, but remain inconsistent: Nearly half of firms have formal AI governance committees in place (48%, up from 32%). However, only 28% test or validate AI outputs, revealing that oversight and accuracy controls still lag in adoption.
• Cybersecurity practices trail awareness: While 71% of firms train employees on AI-related cyber risks, few have implemented technical controls such as access restrictions, network segmentation, or vulnerability testing of AI tools, with no more than 30% of firms using any of these controls.
• Third-party oversight is the next challenge: Only 24% of firms have policies governing third-party AI use, and 43% perform enhanced due diligence on AI vendors.

“We were happy to participate in this survey for the second year,” said Melissa Loner, Chief Operating Officer and Incoming CEO of the NSCP. “The information is insightful to gauge how the compliance industry is evolving with AI, which helps us identify how we can continue to support the ongoing evolution.”

The results of the 2025 AI Benchmarking Survey will be released during a webcast on November 5, and the full survey report will be available on ACA’s website the week of November 10.

About the Survey Respondents

Participants included compliance and risk leaders from across the financial services industry, spanning asset management, private markets, and wealth advisory firms of varying sizes and regulatory profiles.

Most respondents were from medium-sized firms (11–50 employees), managing $1 billion to $10 billion in RAUM. Asset managers made up 42% of participants, followed by private market and alternative investment advisers.

About ACA

ACA is the leading governance, risk, and compliance (GRC) advisor in financial services. For over 20 years, ACA has empowered clients to launch, grow, and protect their businesses. Its global team of 1,400 professionals includes former regulators and industry practitioners. ACA’s innovative approach integrates advisory, managed services, distribution solutions, and analytics with its ComplianceAlpha® technology platform. For more information, visit www.acaglobal.com.

About NSCP

Founded in 1986, the National Society of Compliance Professionals (NSCP) is the leading non-profit membership organization for compliance professionals in the financial services industry. NSCP provides its members with education, advocacy, and resources to support effective compliance programs. Learn more at nscp.org.