AI Readiness in Financial Services: Navigating Regulation, Risk, and Reward
Created on 2026-02-06 09:43
Published on 2026-03-14 10:00
What I learned from HSBC, banking disasters, and the industry most transformed by AI
At HSBC Data Processing Malaysia, I witnessed one of the largest unrecovered losses in the bank’s history.
The process was BACS payments, the system that processes salaries, direct debits, and interbank transfers. This had been outsourced from Leicester, UK to Malaysia.
The problem: “Skeleton headcount because it was all a decision based on cost.”
Impressed Metal was a UK company whose weekly wages were processed through this system. Due to a processing error that should have been caught by human review, their weekly wages were paid twice. Double payment. Thousands of employees paid twice in the same week.
In any normal circumstance, you would reverse the payment or recover the funds. But the timing made recovery impossible. The money was gone. The loss was permanent.
Two extra full-time employees, doing the verification work that had been cut, would have caught it. But they had been removed because the process was “automated” and the oversight was deemed unnecessary.
I learned about Skeleton Crew AI before the term existed.
This experience shapes how I think about AI in financial services. The rewards are enormous. The risks are equally enormous. The margin for error is thin.
Why Financial Services Is Different
Financial services is not just another industry adopting AI. It is the industry where AI’s transformative potential and destructive potential are both maximized.
The data advantage:
Financial services organizations have data that most industries can only dream of.
Transaction histories. Customer behavior patterns. Risk events. Market movements. Credit histories. Payment flows.
This data is structured, quantified, and historical. It is exactly what AI systems need for training and operation.
The data advantage means financial services AI can be more powerful than AI in data-poor industries.
The trust imperative:
Financial services runs on trust. Customers entrust you with their money, their financial security, their futures.
Trust, once damaged, is extraordinarily difficult to rebuild. A bank that loses customer money through AI error faces consequences far beyond the immediate loss.
The trust imperative means financial services AI errors are more costly than errors elsewhere.
The regulatory reality:
Financial services is heavily regulated. Every jurisdiction has regulators with authority to investigate, sanction, and restrict.
AI in financial services must satisfy regulators who may not understand AI but who do understand their mandate to protect consumers and maintain financial stability.
The regulatory reality means financial services AI must be explainable, auditable, and governed in ways that other industries may not require.
The speed pressure:
Financial markets move fast. Decisions that take too long are worthless.
AI in financial services must operate at market speed. This creates pressure to automate, to remove human review, to trust the algorithm.
The speed pressure is where the BACS disaster happened. The verification was removed because it took time. The disaster followed.
The Unique AI Opportunities
Financial services offers AI opportunities that do not exist elsewhere.
Fraud detection:
Fraud detection is perhaps the most mature AI application in financial services.
AI can analyze transaction patterns, identify anomalies, and flag potential fraud faster and more accurately than human review. The data exists. The patterns are learnable. The value is clear.
Fraud detection AI can process millions of transactions in real-time, catching fraud that human review would miss entirely.
Credit decisioning:
Credit decisions have traditionally required significant human judgment. AI can assist or automate portions of this process.
AI can analyze creditworthiness across more variables than human analysts can consider. It can identify patterns in repayment behavior. It can segment risk more precisely.
But credit decisioning also illustrates AI risks. Biased training data produces biased decisions. Unexplainable models create regulatory problems. The stakes for individual customers are high.
Customer service:
Financial services customer service handles high volumes of inquiries, many of which are routine.
AI can address routine inquiries, freeing human agents for complex situations. AI can provide 24/7 service. AI can handle volume spikes that would overwhelm human capacity.
The Malaysian bank failure I have written about illustrates the risks. Customer service AI that does not understand local context damages relationships that banks depend on.
Risk management:
Risk management is inherently about pattern recognition and prediction, tasks where AI excels.
AI can monitor risk exposures in real-time. It can identify emerging risks before they materialize. It can stress-test portfolios against scenarios.
But risk management AI also creates new risks. Over-reliance on models that fail in unprecedented conditions. False confidence from AI that cannot predict genuine black swans.
Regulatory compliance:
Compliance is expensive and error-prone when done manually.
AI can monitor transactions for regulatory violations. It can flag potential issues for human review. It can produce audit trails and reports.
The irony is that compliance, one of AI’s clearest financial services applications, also creates regulatory questions about AI itself.
The Regulatory Landscape
AI in financial services operates within regulatory frameworks that vary by jurisdiction but share common concerns.
APAC regulatory variation:
Singapore’s MAS has been proactive in providing AI guidance. The FEAT (Fairness, Ethics, Accountability, Transparency) principles offer a framework.
Hong Kong’s HKMA has issued guidance on AI in banking, emphasizing governance, model risk management, and consumer protection.
Malaysia’s BNM has addressed technology risk more broadly, with AI-specific guidance still developing.
Indonesia’s OJK oversees financial services technology with attention to consumer protection and systemic risk.
Each jurisdiction has different approaches, different requirements, and different enforcement patterns.
Common regulatory concerns:
Across jurisdictions, regulators share certain concerns about AI.
Explainability. When AI makes decisions that affect customers, can you explain why? Regulators want to ensure that decisions are not arbitrary and that customers can understand and challenge them.
Bias. Does AI discriminate? Does it produce different outcomes for different groups in ways that may be illegal or unfair? Regulators increasingly require testing for discriminatory impact.
Model risk. What happens when AI models are wrong? Financial regulators have long-established frameworks for model risk management. AI models must fit within these frameworks.
Data protection. How is customer data used to train and operate AI? Data protection laws apply. Customer consent may be required.
Operational resilience. What happens when AI systems fail? Can the bank continue to operate? Are there fallback procedures?
The compliance advantage:
Here is a counterintuitive insight.
The regulatory burden in financial services can be a competitive advantage for AI adoption.
Organizations that build strong governance to satisfy regulators are building the Human Layer that enables AI success.
Governance is not the enemy of AI. Governance is what makes AI safe to scale.
Financial services organizations that have invested in governance because regulators required it may find they have better AI foundations than less-regulated industries that neglected governance because it was optional.
The Risk Management Imperative
Financial services organizations must manage AI risk with the same rigor they apply to other risks.
Model risk management:
Financial regulators have long required model risk management for quantitative models.
AI models are models. They should be subject to the same governance.
This means model validation before deployment. Ongoing performance monitoring. Independent review. Documentation of assumptions, limitations, and appropriate use.
Model risk management for AI is not a new discipline. It is an extension of existing discipline.
Operational risk:
AI systems can fail. When they fail in financial services, the consequences can be severe.
The BACS disaster was an operational failure. Human verification was removed to reduce cost. The system failed. The loss was unrecoverable.
Operational risk management for AI means understanding what happens when AI fails. Having fallback procedures. Maintaining human capability to operate without AI.
“Autonomous does not mean unsupervised,” as I learned in Kommando 69 training. AI systems need human oversight even when they operate autonomously.
Conduct risk:
AI that mistreats customers creates conduct risk.
Customer service AI that frustrates customers. Credit AI that discriminates. Advisory AI that provides unsuitable recommendations.
Conduct risk from AI can result in regulatory sanction, reputational damage, and litigation.
Managing conduct risk means testing AI for customer impact, monitoring outcomes, and addressing problems quickly.
Systemic risk:
If many financial institutions use similar AI systems, they may all fail in similar ways at the same time.
This creates systemic risk. Correlated failures that affect the financial system, not just individual institutions.
Regulators are beginning to think about AI-related systemic risk. Financial services organizations should think about it too.
What Financial Services Gets Right
Financial services is not starting from zero with AI governance.
Risk culture:
Financial services has developed risk culture over decades. Managing risk is part of organizational identity.
This risk culture transfers to AI risk. The instinct to ask “what could go wrong?” is already present.
Governance infrastructure:
Financial services has governance infrastructure that other industries lack.
Model risk management. Operational risk frameworks. Compliance functions. Audit capabilities.
This infrastructure can be extended to AI. The muscle memory exists.
Regulatory dialogue:
Financial services organizations have relationships with regulators. They know how to engage, how to explain, how to work within regulatory expectations.
This dialogue can include AI. Regulators often appreciate proactive engagement from organizations that help them understand new technologies.
Data discipline:
Financial services has had to maintain data discipline because of regulatory requirements.
Data quality. Data lineage. Data governance. These disciplines, imperfect as they may be, provide foundation for AI that other industries often lack.
What Financial Services Gets Wrong
Financial services also has patterns that undermine AI success.
The technology-first trap:
Financial services organizations often approach AI as a technology problem.
The CIO is tasked with AI strategy. Technology vendors are evaluated. Platforms are selected.
Meanwhile, the Human Layer is neglected. Leadership alignment is assumed. Data readiness is overestimated. Capability development is underinvested.
Technology-first approaches in financial services fail for the same reasons they fail elsewhere. The technology works. The organization does not change.
The innovation theater problem:
Large financial institutions often create innovation labs, AI centers of excellence, and similar structures.
These structures can become innovation theater. They produce demos, pilots, and proofs of concept. They do not produce scaled transformation.
MIT’s research found that centralized AI functions often underperform. AI that matters is deployed by business units to solve business problems, not by labs to demonstrate possibilities.
The vendor dependency trap:
Financial services organizations often look to vendors for AI solutions.
Vendors can provide valuable capability. But vendors cannot provide your context, your data, your institutional knowledge.
Over-reliance on vendors creates dependency without building internal capability. The 67% vs. 33% finding from MIT’s research, where partnerships outperform internal builds, requires that you bring the context while partners bring the technology.
The skeleton crew trap:
Cost pressure leads to removing human oversight from automated processes.
The BACS disaster is the extreme example. But smaller versions happen constantly.
Removing human review to save cost, trusting automation to catch errors, operating with minimum staffing because the system is “automated.”
Until the system fails and there is no one to catch it.
The Six Dimensions in Financial Services
Let me apply the AI Readiness framework to financial services specifically.
Leadership and Vision (22%)
Financial services leaders face competing pressures on AI.
Competitive pressure to move fast. Regulatory pressure to move carefully. Cost pressure to reduce headcount. Risk pressure to maintain controls.
Leaders must navigate these tensions explicitly. Unresolved tension between “move fast” and “manage risk” creates organizational confusion.
The vision question for financial services is specific. How will AI change our competitive position while satisfying our regulatory obligations and managing our risk exposure?
Leaders who can articulate this specific vision will lead effective transformation.
Data Readiness (20%)
Financial services has data. But data readiness is not just about having data.
Can you access your data across systems? Legacy infrastructure in financial services often creates silos that are difficult to bridge.
Is your data quality sufficient for AI? Transaction data may be high quality. Customer data may be less so.
Is your data governed appropriately for AI? Using customer data to train AI models may require consents you do not have.
Financial services organizations often overestimate data readiness because they have data. Having data is not readiness.
Skills and Capability (18%)
The Auditor Mindset is particularly important in financial services.
AI outputs must be verified. Credit decisions, risk assessments, customer recommendations all require human judgment about whether AI outputs are correct.
Financial services professionals are accustomed to analytical work. But the Auditor Mindset is different from analytical skills. It is about evaluating AI outputs, not creating analysis yourself.
Capability development must address this shift explicitly.
Process Maturity (15%)
Financial services processes often are more mature than other industries because of regulatory requirements.
But maturity for regulatory compliance is not the same as maturity for AI deployment.
Processes designed for human execution may not be suitable for AI augmentation. Handoffs between human and AI may not be designed. Exception handling may assume human judgment at every step.
Process redesign for AI may be required even when processes are mature for other purposes.
Governance and Ethics (15%)
Financial services has governance advantage. But AI creates new governance requirements.
How do you explain AI decisions to customers who have been declined credit?
How do you test for bias when you cannot access the training data your vendor used?
How do you maintain audit trails for AI that evolves over time?
These questions require governance that goes beyond traditional model risk management.
Culture and Change Capacity (10%)
Financial services culture often emphasizes risk aversion and control.
This can inhibit the experimentation that AI adoption requires.
Creating psychological safety for AI experimentation within a risk-conscious culture is challenging. The balance between “we manage risk carefully” and “we encourage experimentation” is difficult.
Organizations must signal explicitly that AI experimentation is expected and that learning from failure is valued.
Practical Guidance for Financial Services
Based on financial services’ specific context, here are priorities for AI readiness.
Build governance first, not last:
In financial services, governance is not an afterthought. It is the foundation that regulators require and that risk management demands.
Build your AI governance framework before you deploy AI at scale. Define decision rights. Establish accountability. Create policies for explainability, bias testing, and model risk management.
This is not bureaucracy. This is the governance that enables confident deployment.
Maintain human oversight:
The BACS disaster taught me that autonomous does not mean unsupervised.
Design human oversight into AI systems. Do not remove verification to save cost. Ensure humans can catch what AI misses.
The costs of oversight are visible. The costs of failure without oversight are catastrophic.
Address the Context Tax:
Financial services serving APAC markets faces the Context Tax I have written about.
AI trained on Western data may not work for Asian customers. Language complexity, communication patterns, relationship expectations all differ.
Test AI thoroughly in local contexts. Invest in local training data. Do not assume that vendor claims of Asian language support mean genuine Asian context understanding.
Engage regulators proactively:
Regulators are trying to understand AI. They appreciate organizations that help them.
Engage your regulators before they engage you. Explain what you are doing. Seek guidance. Build relationship.
Proactive engagement is better than reactive defense when things go wrong.
Build internal capability:
Depending on vendors without internal capability creates vulnerability.
Build internal understanding of AI sufficient to evaluate vendors, direct development, and exercise the Auditor Mindset.
You do not need to build AI internally. You need to understand it internally.
Financial services is where AI’s potential and AI’s risk are both maximized.
The data advantages are real. The regulatory expertise can be leveraged. The governance infrastructure can be extended.
But the risks are also real. The trust stakes are high. The regulatory scrutiny is intense. The margin for error is thin.
Two extra full-time employees would have caught the BACS error. They were removed because the process was “automated.”
That lesson stays with me. AI does not remove the need for human judgment. It makes human judgment more important.
What AI challenges are you facing in financial services? What regulatory considerations are shaping your approach?
The AI Readiness Scorecard assesses your organization across all six dimensions of the Human Layer. For financial services, the governance and data dimensions are particularly critical.
Comment “SCORECARD” below and I will send you access.
Financial services has both the greatest opportunity and the greatest risk in AI transformation. The question is whether you will navigate both successfully.