AI Compliance Essentials for Small Financial Services Teams

What it covers

This focused two-day workshop covers the AI-relevant touchpoints of DORA, MiFID II, and the EU AI Act as they apply to small brokerages, wealth managers, and fintechs. Participants learn to assess model risk at a practical level, audit client-communication archiving practices, and apply vendor due diligence templates when procuring AI tools. The format combines short regulatory briefings with hands-on scenario exercises, so teams leave with usable checklists and a compliance gap map specific to their firm.

What you'll be able to do

• Identify which EU AI Act risk categories apply to tools your firm currently uses or plans to procure
• Complete a vendor due diligence checklist for an AI provider and flag material risks
• Map your firm's client-communication archiving workflow against MiFID II and DORA requirements
• Apply a lightweight model-risk scoring template to assess a new AI-driven feature or product
• Produce a prioritised compliance gap map that can be presented to senior leadership or regulators

Topics covered

• EU AI Act obligations relevant to financial services firms
• DORA ICT risk requirements and AI system resilience
• MiFID II touchpoints: suitability, best execution, and AI-generated advice
• Light-touch model risk assessment for non-technical teams
• Marketing AI rules and compliant client-communication drafting
• Client-communication archiving obligations when using AI tools
• Vendor due diligence: evaluating AI providers and third-party model risk
• Building a compliance gap map and prioritised remediation checklist

Delivery

Delivered in-person or via live virtual classroom over two consecutive days (6–8 hours each). Materials include a regulatory quick-reference card, a vendor due diligence template, a model-risk lite scoring sheet, and an archiving audit checklist. Approximately 40% instruction and 60% guided case-work using anonymised scenarios drawn from small financial services firms. A follow-up 90-minute Q&A session is recommended two to four weeks post-workshop.

What makes it work

• Assigning a named compliance owner for AI tools immediately after the workshop, even part-time
• Embedding the vendor due diligence template into existing procurement workflows before the next tool purchase
• Scheduling a quarterly internal review of the compliance gap map to track remediation progress
• Securing brief senior management sign-off on the gap map to create accountability and resource allocation

Common mistakes

• Assuming DORA and the EU AI Act only apply to large institutions and delaying compliance work until regulators intervene
• Procuring AI vendors without any due diligence process, exposing the firm to third-party model and data risk
• Using AI tools for client communications without verifying archiving compatibility, creating MiFID II record-keeping gaps
• Treating model risk as a purely technical concern and excluding compliance and ops staff from oversight processes

Providers to consider

• Finos / FINTECH Circle (EU regulatory AI programmes)www.fintechcircle.com →
• Compliance & Risk Academy (UK)www.complianceandrisks.com →
• DataScientest (FR — AI Act & compliance tracks)datascientest.com →
• Riskonnect Training (EU risk & compliance workshops)www.riskonnect.com →

Sources

• EU AI Act — Official Text and Annexes (EUR-Lex) →
• DORA Regulation — Digital Operational Resilience Act (European Commission) →