Not in the courtroom.
Not in the regulatory brief. Not after the customer outcome fails and the senior manager gets named in the investigation.
Before all of that.
A piece out of City AM this week asked the question plainly. Who is accountable when AI gets it wrong. The answer under the UK’s Senior Managers and Certification Regime is a named individual. A real person. Legally responsible for outcomes their AI system produced, whether they touched the decision or not.
That is not a hypothetical. That is the current regulatory standard in one of the world’s largest financial centers.
Sit with that for a moment.
A senior manager at a regulated firm can delegate to an AI system. They can embed it in client-facing processes. They can let it assess suitability, generate recommendations, and produce outcomes at a scale and pace no human team could match. And when that system produces a harmful outcome — autonomously, consistently, across hundreds of customers — the legal exposure lands on the person whose name was on the governance framework that allowed it.
The AI does not get called into the hearing. The named individual does.
That is not a design flaw in the regulation. That is the regulation working exactly as intended. Accountability has to land somewhere. In the absence of a governance framework that traces the decision back to a responsible human judgment, it lands on the person who chose to deploy the system without one.
The piece identified the problem clearly. The governance frameworks firms are relying on were not built for this technology. AI produces context-dependent outputs that vary with every interaction. It operates at a pace no human oversight function can match. The assumptions baked into existing compliance processes — how information is gathered, how decisions are reached, how suitability is assessed, how outcomes are recorded — were designed for a different kind of system entirely.
That gap is structural. And closing it is not a technology problem. It is a governance problem.
Here is where most organizations are right now. They adopted AI tools quickly because the productivity case was immediate and visible. The governance case was slower, less visible, and easy to defer. So they deferred it. They wrapped existing compliance language around new tools and called it covered. They added a paragraph to the policy manual and moved on.
What they did not do is stress-test those frameworks against failure modes that did not exist when they were written. They did not ask what happens when the AI produces a confident answer that is wrong and never flags it. They did not ask who reviews the reasoning chain when a decision gets challenged. They did not ask whether the human judgment they assumed was operating in the loop was actually operating, or whether it had quietly been replaced by the speed and confidence of the output.
Those questions did not get asked because asking them slows things down. And slowing things down felt like falling behind.
That calculation is changing.
Now bring it down from the boardroom to the desk.
The City AM piece was written for general counsel at a major UK wealth manager. The regulatory stakes are high. The legal exposure is named. The compliance infrastructure is visible. But the same accountability gap exists for every person making decisions with AI who has not yet asked who is responsible if this goes wrong.
The knowledge worker who trusted the AI’s code review and shipped the flaw. The small business owner who accepted the AI’s market analysis and made the investment. The professional who used AI to draft the recommendation and sent it without the harder question getting asked. None of them are facing a regulatory hearing. But all of them absorbed the cost of confident output that was wrong and never said so.
That cost is usually quiet. A decision slightly off. A plan with a gap in it. An assumption that went unchallenged because the AI finished the sentence in the direction you were already heading. The damage does not arrive all at once. It accumulates.
And here is the thing about accumulated damage from ungoverned AI use. By the time it is visible, the trail back to the source is cold. You do not remember which session produced the flawed assumption. You do not have a record of what the AI told you and what it did not disclose. You have outcomes. You do not have governance.
That is the accountability gap at the individual level. Not legal in most cases. But real.
To close it — before the failure, before the regulator, before the named individual finds out what accountability actually costs — you first have to adopt the framework of The Faust Baseline.
The Baseline is user-side governance. It does not wait for the platform to ship a safer model. It does not wait for the regulator to define the standard. It puts the governance layer in the hands of the operator before the session begins.
Evidence standards that require a basis for every claim before it reaches you. Constraint disclosure that names the wall before serving output shaped by it. Reasoning integrity that keeps honest reasoning separate from policy-compliant response. Session coherence that holds the thread so goals do not quietly drift. All of it documented, ratified, and traveling with the operator regardless of what platform version ships next quarter.
The Baseline does not make AI infallible. Nothing does. What it does is create a traceable standard. A record of what governed the session. A basis for accountability that exists before anything goes wrong, not after.
The City AM piece ended with a warning. A significant AI-related failure in a regulated firm — material errors in customer outcomes produced autonomously and at scale — would not only harm those directly affected. It would create the conditions for reactive, crisis-driven regulation that stifles the innovation the sector needs.
That warning applies at every scale. The individual who governs their AI use before something fails is not just protecting themselves. They are part of the answer to the accountability question the industry has not yet resolved.
Accountability starts before the session. It starts with the framework you bring to it.
The Baseline is that framework.
“The Faust Baseline Codex 3.5”
Author of the category ”AI Baseline Governance”
Post Library – Intelligent People Assume Nothing
“Your Pathway to a Better AI Experence”
Purchasing Page – Intelligent People Assume Nothing
Unauthorized commercial use prohibited. © 2026 The Faust Baseline LLC
