The AI trading governance framework question dominating brokerage boardrooms right now is not whether to launch AI-enabled products. It is whether the firm’s existing oversight structure can actually supervise them once they go live.
Three platforms have moved quickly. Robinhood launched its Agentic Accounts in late May 2026, ring-fencing the feature so that an AI agent can only access funds a user specifically deposits into a dedicated agentic account, separate from the main portfolio. eToro unveiled a new AI-first mobile app on 7 July 2026, built around its proactive AI agent Tori. ThinkMarkets launched ChelseaAI, which became available to ThinkTrader account holders on 2 June 2026, allowing traders to connect large language models including ChatGPT, Claude, and Grok to live accounts via an MCP (Model Context Protocol) server, a standard way for AI tools to connect securely to external services.
All three products reflect the same underlying shift: AI is becoming another interface through which retail clients access financial markets. The question is how regulators and compliance teams should think about that.
Why the AI Trading Governance Framework Already Exists
The argument that AI trading requires an entirely new regulatory rulebook does not hold up well under scrutiny. Financial markets have permitted automated execution for decades. Traders have long used Expert Advisors on MetaTrader, algorithmic connections via FIX APIs (a standard communications protocol between trading systems), and quantitative models that execute without human intervention on every tick. The principle has always been the same: the client sets the strategy, the broker provides the market access.
AI changes the input method, not the underlying relationship. Instead of writing code, a client describes a strategy in plain English. The model translates that into an executable order. Provided the investment decision originates with the client rather than the machine, the regulatory character of the activity is broadly unchanged.
In the UK, that means looking first at Consumer Duty, the Senior Managers and Certification Regime, operational resilience requirements, and outsourcing expectations before reaching for any AI-specific rulebook. The same logic applies in the United States, where existing supervisory obligations, business continuity requirements, and operational controls already set a framework for new products and new distribution channels.
The more productive compliance conversation focuses on operational risk. Can the firm reconstruct the exact chain from a client’s original prompt to the order executed in the market? What happens if the underlying model becomes unavailable mid-session? How does the firm govern model updates where identical prompts begin producing different outputs? What latency exists between instruction and execution during periods of market stress? These are not AI-specific questions. They are the same operational resilience questions that have always applied to automated trading systems.
Sandboxing and Spending Limits: How Platforms Are Managing Risk
The design choices the three platforms have made are worth examining, because they reveal a shared instinct to constrain agent permissions tightly from the outset.
Robinhood’s structure is the most granular. The agentic account is isolated by design, so an AI agent cannot reach into a user’s main holdings. Robinhood also launched an Agentic Credit Card alongside the trading feature, assigning the AI agent a separate virtual card number, not the customer’s actual card number, which can be deleted at any time. Purchases made by the agent still earn 3% cash back, consistent with the standard Robinhood Gold card benefit. Users must set a spending limit and can require manual approval for each transaction. Connecting an AI agent to the service requires directing it through Robinhood’s own MCP server. Robinhood announced these features at its ‘The World is Flat’ global expansion event, held at the Old Royal Naval College in London.
ThinkMarkets took a similar approach to permission scoping. According to Finance Magnates, CEO Nauman Anees stated the AI ‘can execute trades, but not access funds,’ with traders controlling which order types fall within the agent’s scope. That is a meaningful distinction: execution permissions and fund-access permissions are treated as separate, and only the former is granted to the AI.
eToro’s Tori agent, relaunched in April 2026 with real-time social-media intelligence integration, sits closer to the advisory end of the spectrum. The further a product moves from pure execution toward investment recommendations, the more complex the regulatory analysis becomes, because advice and discretionary management carry their own regulatory obligations distinct from order routing.
That distinction, between execution tools and advisory agents, is where the real compliance line sits. Regulators will not ask whether a product uses AI. They will ask whether the governance framework around it was capable of supervising whatever the AI actually did. The platforms launching now appear to understand that. Whether their internal audit trails, operational resilience testing, and permission structures hold up under scrutiny is the question that will define the next phase.

