From pilots to production
Almost every financial institution we work with has AI activity under way. Most have multiple pilots, several proofs-of-concept, a steering committee, and at least one ambitious narrative for the board. Far fewer have AI in production at scale - integrated into business processes, with measurable impact on outcomes, and the governance to satisfy regulators and senior management. The gap between the two is the central challenge of the next eighteen months.
The institutions making the transition are not those with the most exotic models. They are the institutions that have made hard organisational choices: where to centralise versus federate AI capability, how to govern the lifecycle from data to deployment, and how to integrate AI use cases with the core change agenda of the institution rather than running them as a parallel innovation programme.
The use cases that work
In our experience, the highest-yield production use cases cluster in three areas. Credit and underwriting decisioning, where AI is being used to enrich rather than replace traditional credit models, with material impact on approval rates and default performance. Financial crime and fraud detection, where machine learning is now standard practice in tier-one institutions and rapidly becoming so in the rest of the market. And regulatory and operational reporting automation, where the combination of language models and structured data is genuinely changing the economics of finance and risk operations.
Customer-facing generative AI - chatbots, advisors, content generation - has produced more headlines than realised value to date. The institutions investing here are right to do so, but should be clear-eyed about the timeframe, the regulatory complexity, and the operating model investment required to make it work.
Governance, not just models
The most common failure pattern we see is institutions building strong AI engineering capability without the equivalent investment in governance, risk and validation. As AI moves into customer-affecting and regulatory-relevant decisions, the governance burden moves with it - and the existing model risk management framework, designed for traditional statistical models, will not stretch to cover modern AI without deliberate redesign.
Boards and second-line risk functions are increasingly asking the right questions: how is AI inventoried and tiered for risk; how are models validated and challenged; how is bias monitored over time; how is data lineage maintained as models evolve. Firms unable to answer these questions clearly will find their AI agendas constrained by their own internal risk function, and rightly so.
How to sequence the next 12 months
We recommend a deliberately staged approach. The first quarter is for portfolio rationalisation - cutting the number of pilots, focusing on three to five high-value use cases, and being honest about what is genuinely ready for scale. The second is for governance build-out - inventory, risk tiering, validation framework, monitoring. The second half of the year is when production scaling becomes possible, with the foundations to scale into the second year and beyond.
Institutions that try to scale before governance is in place will hit a wall - either internally, when risk functions intervene, or externally, when regulators ask the questions for which there is no good answer. The institutions getting this right are sequencing capability and control together, in lockstep, on the way to something genuinely transformational.