Adapt2 AI Adapt2 AI Practical AI consulting
Book a working session
Thoughts

AI transformation for regulated firms: hype vs reality

The shift from AI-sceptic to AI-believer doesn't happen at a demo. It happens when a real workflow runs end-to-end and you can answer the questions that actually matter.

Feb 12, 2026 5 min read

There is a moment that flips you from AI-sceptic to AI-believer in a regulated firm.

It isn't when someone shows you a cool demo. It is when a real workflow runs end-to-end, on real client artefacts, and you can answer the questions that actually matter.

  • What data did it touch?
  • What did it generate?
  • Who reviewed it?
  • What changed before it went out the door?
  • Where is the evidence if someone asks six months from now?

If you can't answer those, you don't have an "AI rollout". You have shadow AI. And in Australian financial planning (and most professional services), shadow AI isn't a strategy. It is a liability.

Which brings us to the current hype: the claim that agentic AI will reshape professional services in the next three to six months. It is a compelling hypothesis. It is also incomplete.

The hypothesis: massive gains, fast

If you look at the work inside a practice, the opportunity is obvious. Most of the day isn't "high art". It is repeatable workflow. Drafting client communications. Creating or cleaning file notes. Checking completeness against a standard. Extracting and structuring information from a pack of documents. Finding exceptions and routing them to the right person.

This is exactly where agentic workflows shine. Not because the model is "smart". Because the process is structured enough to be supervised, repeatable, and measurable.

The hype gets the leverage right. It isn't 10% improvements. It is 5x, 10x, sometimes more, when you remove rework loops. The "fast" part is where firms get hurt.

The reality: implementation is the bottleneck

Most established firms aren't a clean-slate environment. They have legacy CRMs. Shared drives with decades of documents. Inconsistent templates and naming. "We all do it slightly differently" workflows.

Agentic AI doesn't magically make that go away. It amplifies what you already are. If your workflow is inconsistent, your outputs will be inconsistent. If your data is messy, your retrieval will be messy. If nobody is accountable for the final artefact, AI will just make it faster to create confusion.

The work is curation, boundary-setting, and change management. That is the bottleneck. The good news is AI can accelerate that work too. It can classify and de-duplicate documents, extract and normalise key fields from messy packs, generate first drafts of SOPs and checklists from real examples, and identify missing steps and common exceptions.

You still have to decide the rules of the road, though. That part doesn't delegate.

Regulatory reality: you need a supervision-ready operating model

In Australian financial planning, "try it and see" has limits. Firms and teams carry real obligations. The risk isn't theoretical. The harm isn't hypothetical. And the compliance posture isn't static. It evolves, sometimes uncomfortably, as guidance and expectations change.

If your plan is "let everyone use whatever tool they want, and we will write a policy later", you have already lost. If you can't show an audit trail, you can't defend it. If the tool can access everything, it isn't a workflow. It is an uncontrolled system.

This is why the best early agentic use cases aren't "automated advice". They are compliance-first and efficiency-first. Flag risks for review, don't auto-decide. Draft with approvals, don't auto-send. Check completeness, don't invent missing facts.

Build supervision into the system, not into a slide deck.

The phased strategy: crawl, walk, run (in days)

Most firms hear "phased" and think "10-week program". That isn't what this is. In this market, phased means ship one workflow safely, then repeat.

Crawl: define "safe" and pick one workflow

This is where most AI initiatives fail, because it isn't glamorous. It is also the work that makes everything else deployable. The crawl phase is a set of decisions.

  • What data is allowed? What is not?
  • What tools are approved? What is blocked?
  • What must be logged? Where is it stored? For how long?
  • Where do we require human-in-the-loop?
  • What is the exception path when confidence is low?

Then pick one workflow. Not ten. One. Pick a team, set a boundary, define what a good outcome looks like.

If you are a compliance lead, you want a workflow that produces evidence. If you are a practice lead, you want a workflow that gives time back without adding risk. Good crawl candidates are workflows that are already repeatable and already supervised, but currently waste time. Client comms drafts that still require adviser approval. File note completeness checks against a standard. Intake and triage of a client document pack.

Walk: ship the workflow with guardrails

This is where agentic AI earns its keep. "Ship" doesn't mean "we built a prompt". It means you can point to controls. A defined draft, review, send gate. A clear retrieval boundary (what sources can be used). A logging approach (inputs, outputs, approvals, exceptions). A failure mode plan (what happens when the system is unsure).

This is also where the "implementation hurdle" becomes manageable, because you aren't trying to remodel the whole business. You are making one workflow repeatable. Once one workflow is shipped with the right operating pack, adoption gets easier. People stop improvising. That is how you reduce shadow AI.

Run: scale with an assurance cadence

The run phase isn't "roll out 50 agents and hope". It is a cadence. Review what is working. Tighten controls where needed. Update playbooks as tools change. Add the next workflow from the backlog.

This is where governed teams win. You can standardise across practices and demonstrate a consistent supervision-ready approach, rather than arguing about which tool someone used in a one-off scenario.

Where to start

Forget the 10-week program. Forget the enterprise AI strategy. Pick one workflow where the value is obvious and the risk is manageable, then ship it with guardrails your compliance team can actually stand behind.

If you can point to what gets logged, who approves outputs, and what happens when something goes wrong, you are ahead of most firms. If you can't, that is the gap to close first.

Which workflow would you ship this week if you had to stand behind it? If you want a second opinion, start with a AI Fitness Review.