Walk into a gathering of senior executives today and you’re unlikely to miss a mention of Artificial Intelligence (AI). Business leaders across industries are grappling with AI’s immense potential to transform processes, enhance decision-making, and improve customer experience. Few sectors have the delicate task of balancing opportunities with risk such as banking and financial services.
The power of AI in financial services is clear; from fraud detection to customer service support to personalised financial advice, companies are piloting a host of AI use cases in critical and support operations. Some are already showing business value, yet the same codes and output that dazzle with the promise of efficiency and accuracy also pose serious risks if not designed and governed responsibly.
Why 2025-2026 is a crucial period for AI Governance
Regulators are trying to keep pace with the dizzying developments in the AI world. Some regions have taken early steps to create guardrails around its use. For example:
1. The EU AI Act:
The world’s first comprehensive law launched in 2024 will become fully applicable in 2026. Parts of Banking, lending, fraud and KYC are considered “high-risk” under the Act, which means banks must run conformity assessments, maintain robust risk management systems and governance protocols. Non-compliance could result in fines of up to €35 million or 7% of global annual turnover.
2. The UK Approach:
While the UK does not have an overarching law for now, banks must contend with laws around Consumer Duty, GDPR Article 22, Equality Act and the SMCR.
3. Digital Operational Resilience Act (DORA):
The Act was brought in to help digital resilience in financial services. This requires robust operational testing, third-party risk management, and incident reporting, all of which consider developments in AI.
For banks and financial institutions in the region this creates a complex patchwork of obligations which are susceptible to change. This means compliance by design must be baked into their systems and operations across jurisdictions so that costly rework can be avoided or done with minimal disruption.
If you’re still reading, as a bank executive you must be wondering what on earth do we do?
The Three Key Questions Every Leader Must Answer
1. Is it fair?
Could the model unintentionally discriminate against a protected group? This requires rigorous testing, re-testing and mitigation to ensure that the delta is no greater than 5% per protected class.
2. Can we explain it?
When something goes wrong, say incorrectly flagging a transaction or declining a loan, can a banker, customer or regulator understand why this happened? The target should be customer satisfaction scores of 80% or more.
3. Who is accountable?
AI needs oversight and every material model should have a clear structure with a named senior management function owners, model inventories, and change logs. There can’t be any gaps.
Bake this into the approach, compliance shifts from a tick-box exercise ripe for inefficiencies to compliance by design in financial services.
Compliance should be approached as a dynamic project carved into the AI lifecycle, from strategy & design to development & testing, to deployment, to monitoring & review, and finally governance & compliance.
The Maturity Ladder
In a five-level model, most banks fall between Level 2 (aware) and Level 3 (defined) on the maturity ladder. The jump to Level 4 (managed) will require investment into platform guardrails and policy-as-code following the steps outlined above. The target is level 5 (optimised), which is audit-ready by design, and where models explainable, resilient and are efficient.
The traps to avoid:
- Don’t treat governance as a one-off policy exercise
- Don’t chase the most complex model if an interpretable one meets the bar
- Don’t assume your vendor’s AI is your vendor’s problem
Banks that can explain decisions, be transparent and fair will be able to innovate faster and deploy AI at scale with confidence.
At Maveric, we believe that growing and innovating can be done at scale, resiliently and with measurable impact without comprising on responsible AI and governance. For 25 years, we have worked with banks and financial institutions of all sizes and across three continents, solving contextual challenges with innovative solutions that only an agile provider with bold ideas and deep industry knowledge can address.
With the six Ps and 90-day plan, underpinned by our proprietary AI@Scale framework, we help banks establish compliance by design in financial services.
