AI governance: Protecting data, powering insight

08 April 2025

As the financial services sector leans further into artificial intelligence (AI), making sure we have the right governance in place is absolutely critical. This isn’t just about ticking compliance boxes—it’s about ensuring the systems we rely on are secure, trustworthy, and built to protect the data we work with every day. At Likezero, we’re taking a practical and thoughtful approach to how we roll out AI, especially given how central sensitive banking and counterparty data are to what we do.

AI holds huge potential for automation, speed, and insight—but without the proper controls, it can also expose firms to operational, reputational, and compliance risks. That’s why governance isn’t an afterthought; it’s a cornerstone. It’s also why we’re engaging our legal clients and partners early and often, to help them see AI not as a threat, but as an opportunity to elevate the work they do.

How we’re keeping banks data secure

We work with some of the world’s biggest financial institutions, so security has to be baked into everything we do. Here’s how we’re handling that:

These aren’t just IT best practices, they’re part of building a secure AI ecosystem that our clients can trust. That includes our legal clients, who rely on us to help manage the complexity of high-volume, clause-rich contracts across multiple counterparties and timelines.

What about AI and cloud security?

As we bring Large Language Models (LLMs) into our workflows, we’re laser-focused on keeping client data safe, especially in cloud environments:

• We anonymise data before feeding it into models.

• Our AI capabilities are deployed exclusively within our secure data centre infrastructure, ensuring we maintain full control over the processing and storage of sensitive data.

• Our technology partners are selected based on rigorous due diligence, with particular emphasis on their ability to support our security, compliance, and performance requirements.

Following the lead of the industry’s largest firms, we understand that the cloud unlocks scale and speed—but only when it’s paired with a clear risk framework. That’s why we’re transparent about where data lives, how it’s processed, and how clients can remain in control.

Governance in practice at Likezero

Our approach to AI governance is grounded in transparency, security, and practicality. Here’s how that looks day to day:

• We make sure AI decisions can be explained: there’s no room for black-box outcomes in contract data.

• We respect data sovereignty: your data stays in jurisdictions that make sense for you and your regulators.

• We actively check for bias and fairness in how our models operate. We want results that stand up to scrutiny.

This aligns with the 3Rs approach promoted by the Big 5: Regulation, Reputation, and Realisation. AI has to be ethical, compliant, and deliver real, measurable value. We also see it as a tool for unlocking time, so legal and financial professionals can focus less on tedious clause comparisons and more on strategic analysis and risk optimisation.

Whether you’re managing risk exposure, reviewing detailed terms, or preparing for regulatory audits, our governance-first model is designed to keep you in control and ahead of the curve.

Compliance isn’t optional

We know the regulatory landscape is shifting quickly, especially around AI. Likezero stays ahead by:

• Following GDPR and similar privacy laws to the letter.

• Maintaining ISO 27001 certification to keep our security posture sharp.

• Keeping close tabs on evolving guidance from bodies like the FCA, EBA, and proposed EU AI regulations.

We’re also aligned with industry thought leaders in calling for principles-based frameworks that allow innovation while ensuring accountability. Governance is about designing systems that are not just compliant today, but future-ready.

What’s DORA got to do with it?

The Digital Operational Resilience Act (DORA) is an EU regulation designed to strengthen the financial sector’s ability to withstand and recover from ICT-related disruptions. It sets uniform requirements for risk management, incident reporting, testing, and oversight of third-party technology providers, ensuring firms can maintain operational continuity even in the face of cyber threats or system failures.

DORA has big implications for how firms manage technology and third-party risk. For us, that means:

• Building in resilience to everything AI touches.

• Holding our tech partners to high standards, just like we do internally.

• Making sure we’re ready to report and respond quickly if something goes wrong.

DORA adds weight behind what many firms are already doing—putting in place robust, repeatable processes for tech governance and operational continuity. And as AI becomes part of the digital fabric of legal and banking workflows, these measures are only going to matter more.

Staying ahead of cyber threats

AI can be powerful, but it can also become a target. We take a proactive approach:

Much like the leading audit firms recommend, our view is that cyber resilience and AI governance go hand in hand. Without one, you can’t have the other. We’ve embedded secure-by-design principles in how we build, train, and deploy our AI capabilities.

Wrapping up

There’s no shortcut to responsible AI. It takes the right tools, the right mindset, and the right guardrails. At Likezero, we’re committed to using AI in a way that supports our clients, meets regulatory standards, and most importantly, keeps data secure. It’s not about hype; it’s about trust, control, and getting it right.

Whether it’s a financial institution managing counterparty exposure or a legal team buried in annexes and amendments, our job is to make things clearer, faster, and safer.