When regulators write a checklist for AI, the trader needs one too

A regulator's checklist becomes public

On 25 May 2026, the International Organization of Securities Commissions published its Supervisory Toolkit for AI Use in Capital Markets. The report is non-binding. It is also unusually specific. It sets out the questions a regulator should ask when an exchange, broker, asset manager, or trading firm deploys an AI system, and it covers the full lifecycle from traditional machine learning models to generative and agentic systems.

The toolkit organises supervision around seven areas: governance and accountability, model development and testing, data quality and management, monitoring and controls, outsourcing and third party providers, market conduct risks, and operational resilience. The framing is what matters. IOSCO is telling regulated firms that AI is no longer an isolated innovation project. It is operational infrastructure that requires continuous testing, validation, monitoring, and supervisory evidence.

What the framework is really saying

The substance of the toolkit is more interesting than its legal status. IOSCO is signalling that AI risks usually emerge from combinations of factors rather than from a single model failure. The report names model drift, adversarial attacks, data poisoning, bias, and single points of failure. It also flags the new agentic systems, which have planning capabilities, long-term memory, and access to external tools, and warns that interactions between components could produce emergent behaviour or cascading failures.

Translated into trading vocabulary, the regulator is describing failure modes. A model that worked in one regime stops working in another. A data pipeline that was clean becomes contaminated. A vendor that was reliable changes its terms. A combination of small flaws produces a large loss. None of this is new to anyone who has thought about systems for a living. What is new is that the supervisory community has now written it down in one place.

The supervision problem moves down to the desk

The toolkit is written for regulators supervising firms. The interesting question for Magomedova is what happens at the layer below, where the individual trader sits with a platform, a broker, and an account. That trader has no compliance department. They are their own model risk function. They are also their own incident response team.

The structural answer is uncomfortable. If a regulator now expects a regulated firm to maintain pre-deployment, post-deployment, and ongoing validation of its AI systems, the retail trader using AI features inside a broker app is sitting downstream of a process they cannot see. They cannot inspect the model. They cannot audit the training data. They cannot watch for drift. What they can do is build their own perimeter around the tool.

What a personal toolkit looks like

A personal AI toolkit borrows the same seven categories and translates them downward. Governance becomes a written rule about which decisions the trader will and will not delegate. Model testing becomes a journal of the cases where the AI signal disagreed with the plan, with the outcome recorded in both directions. Data quality becomes a habit of checking what the model actually saw before the trade. Monitoring becomes a weekly review of which features were used and which were ignored.

Outsourcing becomes the most honest question of the four. The trader using a broker's AI features has outsourced part of their cognition to a counterparty whose incentives are not identical to their own. That is not a reason to refuse the tool. It is a reason to size the tool's influence the same way a position is sized. Small. Visible. Reversible.

AI is a powerful tool. But tools do not replace responsibility.

Agentic systems and the limits of automation

The toolkit pays particular attention to agentic AI, which the report describes as systems with planning, memory, and access to external tools. In retail trading, the equivalent is a platform feature that does not merely suggest a trade but executes it, manages the position, and adjusts size without the trader pressing a button each time. The convenience is genuine. The risk is that the trader no longer has a record of why each position exists.

An account whose trades are not understandable to its owner is not the owner's account in any meaningful sense. The losses still belong to the trader. The decisions do not. That asymmetry is the failure mode the IOSCO report is circling, and it is the same failure mode Magomedova has described at the level of a single screen. A regulator can require disclosure and lifecycle testing from a firm. The individual trader has to require it from themselves.

Returning to the principle

The toolkit is welcome. Supervision that asks better questions produces better firms. None of that supervision reaches the moment when a retail trader, alone in the evening, is offered a confident signal and a default position size by a piece of software whose training they will never see. At that moment the only governance that operates is the trader's own.

For Magomedova, that is the principle the new framework reinforces rather than replaces. Discipline is not something a regulator can install. It is the artefact a trader builds in the weeks when nothing is going wrong, so that it is already there when something does.