Who is accountable when the model decides

Put an AI system inside a critical operation and a quiet question follows it in. Under the accountability regime, who is the person responsible for what that system does.

The Financial Accountability Regime does not recognise a model as an accountable person. It recognises people. An accountable entity has to assign its senior responsibilities so that, between them, named individuals cover every part of the business. For the largest entities that assignment is written down, lodged, and kept current as an accountability statement for each person and an accountability map for the group. The test the regime applies is easy to state and hard to satisfy: for any material part of the operation, one identified person is accountable for the actions, decisions and outcomes in that area.

A model does not change that test. It changes how easy it is to pass. When a loan application, a claim, a fraud signal or a customer interaction is shaped by an AI system, the decision still has an owner. Accountability does not move to the supplier of the model, or to the team that deployed it, or to the system itself. It stays with the named person whose statement covers that operation. What changes is that the person is now accountable for something they may not fully see: a system that learns, drifts, and can behave in ways its own builders did not specify.

The common gap is timing. Accountability statements were written for the business as it was. The AI arrived afterwards. A claims process a named executive signed for two years ago is not the claims process running today if a model now triages the queue. If the statement was not revisited when the model went in, there is a live operation with no current owner on paper, and a named person carrying an outcome they were never mapped to.

The regulator has now made the expectation explicit. The April 2026 industry letter on AI asks for ownership and accountability across the whole AI lifecycle, from design and development through deployment, monitoring and decommissioning, and for human involvement in high-risk decisions. That is the language of an accountability map, applied to a model. It is no longer enough to name an owner for the function. The owner has to hold the model inside it, for as long as it runs and through the day it is retired.

So the useful question is not whether the entity has an AI policy. It is whether the accountability map and the AI inventory point at the same people. If the person accountable for a critical operation cannot name the models running inside it, the map is describing a business that no longer exists.

The Financial Accountability Regime commenced for banks in March 2024 and for insurers and superannuation trustees in March 2025, replacing the Banking Executive Accountability Regime. It is administered jointly by APRA and ASIC. It requires an accountable entity to ensure its accountable persons, between them, cover all parts of its operations, and it requires the largest entities to lodge accountability statements and an accountability map and keep them current. Separately, in April 2026 the regulator wrote to all regulated entities on AI, setting out an expectation of ownership and accountability across the AI lifecycle and human involvement in high-risk decisions. The operational risk standard CPS 230 applies to non-significant institutions from 1 July 2026.

Take one critical operation with an AI system inside it. Find the accountable person named for that operation, then read their accountability statement. Does it describe the model and the full lifecycle, or the process as it was before the model arrived. If it is the old process, that is a gap to close, and it is fixable before 1 July.

An AI inventory and an accountability map that never reference each other. If the list of models lives with the technology team and the list of accountable people lives with governance, no one is checking that every model inside a critical operation has a named human who owns its outcomes. That gap surfaces after the incident, not before.

My view: The accountability map is where this gets real. Most entities can produce an AI policy. Far fewer can point to the person who owns a specific model's outcomes. That gap is not a documentation problem. It is who answers when the model is wrong. Close it before the regulator asks the question for you.

If this was useful, the free Quick Check maps one critical operation against the accountability the regime expects, in about ten minutes.