Artificial intelligence governance is rapidly becoming one of the defining compliance challenges facing businesses and regulators worldwide, according to Artem Romanov, Senior Compliance Manager, Freedom Holding Corp., AI Compliance Committee Member, Compliance and Business Ethics Association.
Speaking at the 12th International Compliance Forum, presented by ECOMMBX, Romanov delivered a presentation titled ‘Trustworthy AI Is a Compliance Problem - Not a Technical One,’ arguing that organisations can no longer treat AI oversight as solely an engineering issue.
“Engineers can build the model,” Romanov said. “They cannot decide who is accountable when it harms someone.”
He noted that courts and regulators are increasingly placing responsibility on the organisations deploying AI systems, rather than on the technology itself.
Romanov opened his presentation by pointing to the accelerating pace of AI-related incidents compared with the slower development of governance frameworks.
Citing data from the Stanford AI Index Reports 2025 and 2026, he said documented AI incidents increased from 233 in 2024 to 362 in 2025, representing year-on-year growth of 56.4%.
At the same time, the percentage of organisations rating their AI incident response capabilities as “excellent” reportedly fell from 28% to 18%, while the share of organisations experiencing three to five AI incidents annually rose from 30% to 50%.
“We are deploying AI faster than we are learning to govern it,” Romanov warned.
Throughout the presentation, he used a series of high-profile legal and regulatory cases to demonstrate how AI-related accountability is increasingly being tested in courts and enforcement actions.
One example involved the Canadian case Moffatt v. Air Canada, in which a chatbot incorrectly informed a customer that bereavement fares could be applied retroactively. Romanov noted that Air Canada attempted to argue that the chatbot was “a separate legal entity,” but the tribunal rejected that argument and awarded compensation.
“There is no AI shield in commercial law,” Romanov said. “You own your AI.”
He also referenced the EEOC v. iTutorGroup case in the United States, described as the first AI hiring discrimination settlement, where AI software automatically rejected female applicants aged 55 and above and male applicants aged 60 and above before any human review.
According to Romanov, the case highlighted how algorithmic discrimination can create substantial legal exposure for employers and technology providers alike.
Another major case discussed was Mobley v. Workday, which Romanov said marked a significant shift towards vendor liability in AI governance.
He explained that the lawsuit challenged AI-driven recruitment tools after a job applicant over the age of 40 alleged repeated rejections through automated hiring systems.
“Procurement of AI is a compliance act,” Romanov said. “Vendors can be agents. Contracts are exposure caps.”
Romanov also focused heavily on regulatory developments surrounding generative AI and data protection.
He referenced enforcement action by Italy’s data protection authority against OpenAI, which cited concerns including lack of lawful basis for data processing, inadequate transparency and insufficient age verification safeguards.
In addition, he highlighted a series of GDPR-related enforcement actions involving Clearview AI across multiple European jurisdictions, with combined penalties approaching €95 million.
Even where fines are not fully enforced, Romanov argued that they still reshape markets by influencing procurement decisions, insurance pricing and shareholder scrutiny.
“Your vendor’s exposure is your exposure,” he told delegates.
The presentation also examined the rapid transition from voluntary AI ethics frameworks to mandatory AI compliance obligations.
Romanov cited several emerging international frameworks and regulatory initiatives, including the EU AI Act, the Council of Europe AI Convention, ISO/IEC 42001, the NIST AI Risk Management Framework, DORA and updated financial sector guidance from regulators.
“For a financial holding group: three regulators, one model,” he noted.
Despite the growing compliance burden, Romanov argued that governance should not be viewed as an obstacle to innovation.
“Compliance is not the brake. Compliance is the gearbox,” he said.
He pointed to Gartner research suggesting that organisations with mature AI governance programmes are significantly more likely to achieve strong governance and AI effectiveness outcomes.
Romanov also argued that well-designed compliance structures can accelerate deployment by enabling faster approvals, stronger internal trust and improved investment confidence.
He noted that ISO/IEC 42001 certification is increasingly becoming a procurement requirement among major enterprise technology providers and buyers.
Concluding the presentation, Romanov outlined three immediate actions for compliance teams.
The first was to inventory every AI system operating within an organisation, arguing that companies “cannot govern what they cannot see.”
The second was to elevate AI oversight to board-level accountability, particularly as regulators increasingly expect governance structures at the highest organisational level.
The third was to treat ISO/IEC 42001 certification as a procurement requirement rather than a box-ticking exercise.
“These are not the goals,” Romanov said. “These are the starting line.”
Diamond Sponsor: ECOMMBX
Platinum Sponsor: Freedom Holding Corp.
Gold Sponsors: Treppides, XM
Silver Sponsors: Complyport, KPMG, Moebius, Zygos
Supporters: ACAMS Cyprus Chapter, ACCA, ACEMPI, CCA, ICAEW, Primetel, The Marshall Islands Registry
With the support of: ACB, ACFE, Cyprus Bar Association, CIF, CFA Society, CYFA, Institute of Internal Auditors
Communication Sponsors: CBN News, GOLD, IN Business
