- Balanced AI Insights
- Posts
- What Finance Workflows Are Most Exposed Under New AI Rules
What Finance Workflows Are Most Exposed Under New AI Rules
Also: Infographic—What’s in a Good AI Use Policy
Anna Tiomina
July 15, 2025
I’ve long been an advocate for having an internal AI use policy—something lightweight, practical, and owned by the business. But the deeper I’ve gone into the emerging AI governance landscape, the more I’ve realized this isn’t just about best practices anymore.
There are already formal requirements that apply to many finance workflows, especially if you’re using AI for credit, forecasting, hiring, or reporting. And while the EU’s AI Act is the most comprehensive so far, it’s not just Europe. The U.S., Canada, and others are moving quickly—but not in sync.
This topic is too big for a single newsletter. But it’s important to start somewhere—by knowing where your exposure is today, and how to track what’s changing.
In this edition, I’ve pulled together what I’m calling a map—a practical guide to understanding which of your finance workflows are most likely to fall under regulation, and what you can do about it now.
📢 Upcoming Events for Finance Leaders – Save the Dates!
Fractional CFO Corner (July 2025)
🗓️ Monday, July 21
🕚 11:00 AM – 12:30 PM CDT
📍 AI Finance Club (Live Virtual Session)
If you're already part of the AI Finance Club, mark your calendar—I'll be hosting our regular Fractional CFO Corner, where we dive into practical AI use cases, real-world questions, and what’s changing for finance leaders every month.
If you’re not a member yet, now’s a great time to join. Hope to see you there!
The Balanced View: Mapping AI Exposure in Your Finance Team
As AI becomes part of daily finance work, regulators are stepping in—especially in the EU, but increasingly across U.S. states and other global markets. From forecasting and credit scoring to hiring and internal controls, the tools finance teams rely on are now being watched more closely than ever.
The question is no longer if you’re exposed, but where and how to respond.
Which finance workflows are considered “high-risk” under new AI laws?
Let’s break this down by use case. These are the workflows finance teams are using today—many without realizing they may now fall under legal or regulatory scrutiny.
1. Credit Scoring (B2B or B2C)
Why it’s high-risk: Any AI that helps assess risk or assign payment terms is considered high-impact under the EU AI Act and several U.S. state laws.
Yes—even if you’ve developed a custom GPT to help define payment terms for your clients (one of my clients has).
This also applies to tools that pull in credit bureau data or use internal behavior models to adjust credit limits.
2. Fraud Detection
Why it’s high-risk: These systems often operate automatically, flagging activity without human input. Regulators care about bias, accuracy, and oversight.
If your ERP or treasury software includes AI-driven fraud flags, you need to understand how it works—and who’s reviewing the decisions it makes.
3. Forecasting and Budgeting
Why it’s borderline: Forecasting isn’t explicitly regulated, but if it influences investor decisions, board reports, or financial disclosures, it’s likely in scope.
Yes—even if you’re “just” using a lightweight AI dashboard to create your monthly investor updates.
4. Hiring, Promotion, or Evaluation
Why it’s high-risk: Covered by employment AI laws in the EU and New York. Requires documentation, bias testing, and transparency.
Even if you’re not the one running the AI tools, your department’s use of employee performance data might still be affected.
5. Internal Controls and Compliance
Why it’s emerging-risk: Not always flagged explicitly, but the SEC and EU regulators are closely watching AI used in internal audit, SOX compliance, and risk flagging.
Any tool that influences your ability to identify financial misstatements, report errors, or control failures should be reviewed under these new expectations.
6. Pricing, Modeling, and Public Reporting
Why it’s situational: AI-generated summaries, pricing logic, or financial models that end up in investor or customer materials may require disclosure and auditability.
My company is based in the U.S. but works with European customers. Do EU rules apply to us?
They very likely do.
If your finance processes:
Use data from EU customers or employees
Involve vendors that process data in the EU
Offer services to EU-based businesses
...then the EU AI Act may apply—even if your headquarters are elsewhere.
For example, if you’re generating risk scores using client data stored in Germany, or if your investor summaries include inputs from European market analysis, you could fall under EU jurisdiction.
How can I tell if my team is exposed?
Use this checklist as a conversation starter with your leadership, compliance, and IT teams:
Question | If Yes… |
|---|---|
Do AI tools influence credit decisions or payment terms? | High-risk — may require documentation, bias review, and human oversight |
Is AI used in hiring or evaluating employees? | High-risk under employment laws in the EU and NYC |
Do you use AI-generated outputs in reports to customers, investors, or regulators? | Audit trails and disclosure may be needed |
Are fraud detection or anomaly flags AI-generated? | Must be reviewed and documented for transparency |
Do tools process EU or Canadian user data? | You are likely in scope for foreign compliance—even if you’re U.S.-based |
Do you rely on third-party tools (like ERP or FP&A platforms) with embedded AI? | You are still accountable for the outcomes, even if the vendor built the AI |
What should we do next?
Here’s the playbook I recommend for all finance leaders—especially those working internationally or with investor exposure.
1. Map AI Use Across Workflows
Start with what’s already in use. Look beyond ChatGPT to include embedded AI in NetSuite, Microsoft Copilot, Adaptive Planning, HR systems, and fraud tools.
2. Classify and Prioritize by Risk
Use a red-yellow-green model:
Red (high-risk): Credit, hiring, fraud, public-facing models
Yellow (medium): Forecasting, budgeting, internal dashboards
Green (low): Research, sandbox tools, personal productivity
3. Review Contracts and Vendor Claims
Ask for documentation. Where is data processed? What compliance standards are met? Are you allowed to disable AI features?
4. Document Internally
Even a one-page log of each AI tool’s purpose, data flow, and human review checkpoints can serve you later—during audits, vendor assessments, or internal reviews.
5. Strengthen Your Governance Process
A basic AI policy used to be enough to get started.
But that moment has passed, especially if your company operates in the EU or uses AI in high-impact workflows.
Today, an ad hoc approach exposes you to real risk.
If you're unsure how to approach this, I’m happy to help review your workflows, map risks, or guide your team in building an appropriate governance framework.
Infographic: What’s in a Good AI Use Policy
This quick-reference framework shows the key elements of a well-governed AI use policy, plus the common pitfalls that could get your team into trouble.
Feel free to use it yourself or share it with others who need it.
Closing Thoughts
The rules are changing, the tools are evolving, and the pressure on finance teams to “get it right” is growing. If you’re unsure where to start—or just want a second set of eyes on your current workflows or risk exposure—I’m here to help.
Next week, we’ll go deeper into how to build an AI policy that actually reflects the current regulatory landscape—not just general principles, but the real requirements that now apply in finance, compliance, and operations.
See you then.
We Want Your Feedback!
This newsletter is for you, and we want to make it as valuable as possible. Please reply to this email with your questions, comments, or topics you'd like to see covered in future issues. Your input shapes our content!
Want to dive deeper into balanced AI adoption for your finance team? Or do you want to hire an AI-powered CFO? Book a consultation!
Did you find this newsletter helpful? Forward it to a colleague who might benefit!
Until next Tuesday, keep balancing!
Anna Tiomina
AI-Powered CFO
Reply