TECHNOLOGY

Your AI is only as safe as your data and governance layer

Daniel Kenny, CEO of FutureVault, argues that as agentic AI enters financial services, the firms that win will not have the most powerful models — they will have the most defensible data governance layer underneath them.

Daniel Kenny
CEO, FutureVault
June 2026 · 12 min read
AI data governance and permission architecture for wealth management firms and family offices — FutureVault CEO Daniel Kenny

Across wealth management, the conversation about artificial intelligence has shifted in the last twelve months. The question is no longer whether AI will be deployed inside private wealth firms, family offices and private banks. It is how — and on what foundation. Agentic AI, the next generation of systems that can take action on a client's or firm's behalf rather than simply summarise documents, is moving from proof-of-concept into early operating practice. And it is exposing an uncomfortable truth: most firms are racing to deploy models on top of an information environment that was never built for them.

The risk profile of AI in wealth management is unlike anything the industry has handled before. Models inherit the data they are trained on and the permissions of the systems they are connected to. In a private banking environment, that includes tax returns, trust deeds, family balance sheets, signed power-of-attorney documents and confidential commercial agreements. The question every CEO, COO and CTO should be asking is not 'what can our AI do?' It is 'what data can our AI see, and who has decided that is appropriate?'

The governance layer is the product

For two decades, the dominant question in wealth technology was the application layer: which CRM, which portfolio system, which planning tool. The data layer underneath those tools was assumed to be a plumbing problem. Agentic AI changes that calculus entirely. When an autonomous system is reading across documents, account systems and email archives to take an action, the integrity, permissioning and provenance of that data is no longer a back-office concern. It is the product.

A defensible governance layer answers four questions for every data object inside the firm: who owns it, who can see it, how long is it retained, and who has accessed it in the last twelve months. Without crisp answers to those four questions, no amount of model sophistication will protect a firm from regulatory action, client complaint or reputational damage when something goes wrong. And in a firm of any scale, something will go wrong.

Permissioning beats prompting

Much of the current AI conversation centres on prompt engineering — how to instruct a model so it produces the right output. That is the wrong altitude. The first-order question in a regulated wealth environment is permissioning. Which user, acting on whose behalf, has the right to ask the model to read which documents? An AI that summarises a trust deed for an adviser who is not on the engagement is a breach of confidentiality whether or not the summary is accurate.

Most firms have permissioning models that were designed for a world in which a human user clicked on a folder. Agentic AI breaks that assumption. The agent acts at machine speed, reading dozens of documents to compose a single response. If the underlying permission model is folder-based rather than object-based — and assigned to the requesting agent rather than the human in the room — control has already been lost.

Provenance and the audit trail

The regulator's question will not be 'did your AI work?' It will be 'can you prove what your AI did?' Provenance — the immutable record of which data object was used to produce which output, on whose authority, at what time — is the unglamorous backbone of any defensible AI deployment in a regulated environment. Firms that bolt this on after a deployment will struggle. Firms that build it into the data layer from the outset have a structural advantage that compounds with every new use case.

What this means for family offices

Family offices face a sharper version of the same problem. They hold some of the most sensitive personal and commercial information in finance, often across multiple jurisdictions and entities, and they typically do so without the IT and risk infrastructure of a large institution. The temptation to plug a consumer AI tool into the office's document library is enormous. The downside is asymmetric: a single inappropriate disclosure to a beneficiary, an ex-spouse or a tax authority can be impossible to recover from.

The pragmatic path is not to refuse AI. It is to insist on a governance layer that is purpose-built for the family — versioned, permissioned, jurisdictionally aware and audit-ready — and to require that any AI capability sits on top of that layer rather than alongside it.

The next eighteen months

We expect the next eighteen months to separate firms cleanly. A first group will invest in their data and governance layer first, and deploy AI on a controlled foundation. A second group will deploy AI quickly on whatever data is to hand, and discover the cost when something is mis-handled. The first group will compound an advantage that is hard for competitors and regulators to challenge. The second group will spend the following year remediating.

The good news is that the technology to build a defensible governance layer exists and is mature. The harder work is organisational: deciding, at board level, that AI in your firm will only ever sit on data you have governed, permissioned and audited. That decision, taken early, is what separates firms that will be trusted with multi-generational wealth in the AI era from those that will not.

Daniel Kenny is CEO of FutureVault, a leader in secure document exchange and digital vault infrastructure for wealth management firms and family offices. This article represents the views of the author and is published by UK Private Wealth Magazine as a contributed perspective.
Subscribe FreeView Latest Edition