AI Enablement for Banking

The structural opportunity in banking is the largest in financial services — and the hardest to convert

Banking has been doing "AI" for years. Fraud models, credit scorecards, RPA, customer chatbots, GenAI pilots. Some of it works. None of it has materially changed the way most banks actually operate. The cost-to-income ratio is flat or improving slowly. Operations headcount has not meaningfully changed. Throughput is incrementally faster but qualitatively the same.

The reason is not the technology. It is that banking has structural features that make AI enablement specifically hard — and the firms that solve those structural problems first will pull away from their peers in ways that will be very difficult to close.

This service is built for that work.

Is this you?

• You have 30+ AI initiatives in your portfolio — and you couldn't honestly tell the board which of them are compounding.
• Your KYC/AML team has industry-standard false positive rates (above 90%) and the analysts spend their time on cases that turn out to be fine.
• Your credit decisioning is on a model that was last meaningfully updated 18+ months ago — and the path to changing it goes through five committees, three cloud providers, and a quarterly release cycle.
• You have invested in a customer chatbot that handles 25% of contacts and your overall cost-to-serve has barely moved.
• Your regulatory reporting is a quarterly sprint that consumes 60% of the team's capacity and produces submissions that are increasingly being scrutinised for narrative quality, not just numbers.
• You are watching AI-native challenger banks compress your cost base by 30%+ and you cannot see how to respond without rebuilding your operating model.
• The PRA, FCA, or your home regulator has started asking pointed questions about how you govern AI in production — and your answer is mostly paperwork.

If three or more of these are true, you are in the right conversation.

Where we focus in banking

Five priority value streams account for almost all of the structural opportunity in a typical Tier 1 or Tier 2 bank. We sequence the work based on which one has the highest combined cost, risk, and customer-outcome impact for your specific situation.

1. KYC, AML, and customer due diligence

The canonical augmentation-vs-redesign trap. Most banks have added AI tools to KYC: document classification, sanction screening, alert prioritisation. None of these change the workflow shape. The redesigned version handles routine cases end-to-end with full audit trails and concentrates analyst attention on the genuinely ambiguous ones. Team is smaller but each role is more specialised, more consequential, and harder to do.

Regulatory frame: EU AI Act high-risk classification for biometric identity, PRA SS1/23 model risk on triage and risk-scoring models, FCA AML expectations, DORA for any third-party identity vendors.

2. Credit decisioning and underwriting

Almost every bank has a credit model. Most are decades old in their architecture, scored in isolation from the underlying customer relationship, and updated on long cycles. The model is rarely the bottleneck — the bottleneck is the decision rights between model and human, the data layer feeding the model, and the governance machinery around model risk.

Regulatory frame: EU AI Act explicitly names credit scoring and creditworthiness as high-risk. PRA SS1/23 model risk core territory. FCA Consumer Duty requires demonstrable good outcomes for retail customers, especially vulnerable ones.

3. Fraud and transaction monitoring

The value stream where the data flywheel is most achievable, because labelled outcomes (fraud / not fraud) come back relatively quickly. A working flywheel here produces fraud detection that is structurally better than any off-the-shelf vendor — because it has been trained on your specific customer base, transaction patterns, and fraud typologies. Most banks have models in production. Few have working flywheels.

Regulatory frame: PRA SS1/23 model risk, FCA SYSC, DORA for any cloud-based ML platform.

4. Regulatory reporting

Consumes 5–15% of total operations cost in most large banks. Runs on a quarterly sprint cycle that exhausts the team. The cognitive backbone is small — data validity, anomaly detection, narrative drafting, materiality judgment, attestation — and most of it is now automatable. The blocker is not the model; it is the data layer, the decision rights around materiality and attestation, and the governance evidence the regulator wants to see.

Regulatory frame: PRA SS1/23 (anomaly model), BCBS 239 (data quality and lineage), the relevant prudential reporting rules. Done well, the redesign improves your supervisory posture rather than threatening it.

5. Customer operations and complaint handling

Under FCA Consumer Duty, customer outcomes are now a first-class regulatory concern. AI-driven customer ops that produce poor outcomes for vulnerable customers will be scrutinised. The redesigned version is not "more chatbot." It is a customer ops workflow where the system handles routine cases end-to-end, agents focus on complex relationships and exception handling, and Consumer Duty outcome monitoring is continuous rather than quarterly.

Regulatory frame: FCA Consumer Duty (core), FCA SYSC, DORA, EU AI Act for any voice biometric authentication.

What we actually do in a banking engagement

Our work spans the same five enablement pillars as our flagship AI Enablement service, but tailored to banking realities:

• Production function redesign — workflow rebuilds in BPMN 2.0, anchored to one priority value stream and sequenced from there
• Action-data layer architecture — built around customer wide-rows, transaction event streams, and observable lineage from core banking through to the model
• Decision systems and feedback loops — decision logs, override rate tracking, structured feedback curation, continuous retraining cycles
• Operating model and roles — first-line accountability, system supervisor roles, exception handler career paths
• Embedded governance — three-lines-of-defence for AI, evidence as a by-product of build, regulatory dialogue with the PRA and FCA built into the cadence

The difference in banking is the depth of legacy. Most workflows touch core banking systems that were built before the iPhone. The redesign work has to navigate that constraint deliberately, which is why we treat the data layer rebuild as part of the workflow programme rather than a separate "data foundation" project that will get cut.

How a typical banking engagement runs

Phase 1 — Diagnostic (Weeks 1–6)

We map your existing AI portfolio against the compounding test, triage your use cases against PRA SS1/23 and EU AI Act, run an honest current-state mapping of one priority value stream (usually KYC/AML or regulatory reporting because the ROI is large and the data layer is at least partially understood), and produce a defensibility memo against your highest-risk in-production models.

Outputs: AI portfolio audit, regulatory triage, current-state map of priority workflow, defensibility memo, board-ready strategic narrative.

Phase 2 — Strategy & Blueprint (Weeks 7–14)

We design the future-state operating model for your priority value stream, including action-data layer architecture, decision rights matrix, governance machinery, and the operating model implications. We embed second-line risk in the design phase and walk the supervisor through the approach early.

Outputs: Operating model blueprint, redesigned workflow specification, data architecture, decision rights matrix, governance framework, sequenced implementation roadmap.

Phase 3 — Activation & Delivery (Months 4–18)

We embed alongside your operations, technology, and risk teams to lead the rebuild. Data layer first, then workflow, then governance instrumentation, then the role design changes that hold it all together. Throughout, we maintain regulatory dialogue and produce evidence that is queryable on demand for any specific decision.

Outputs: Live redesigned workflow with measurable outcomes, action-data platform that subsequent workflows can reuse, embedded governance machinery, named first-line owners, retrained operators in the new role design.

Engagement models

Every banking engagement is scoped to your specific operating model, priority value stream, regulatory environment, and the political complexity of your institution. We commit to pricing transparently once we understand your situation. We work to your scope and budget rather than asking you to choose from a price list.

Banking Diagnostic (~6 weeks) — A focused diagnostic on one priority value stream (usually KYC/AML or regulatory reporting because the return is large and the data layer is partially understood). Portfolio audit, regulatory triage against PRA SS1/23 and the EU AI Act, current-state mapping, and a board-ready strategic narrative.

Banking Strategy & Blueprint (~12–14 weeks) — The full Phase 1 + Phase 2 engagement. Operating model blueprint, redesigned priority workflow, data architecture, governance framework, and sequenced 18-month roadmap. The most common starting point for serious enablement work in a Tier 1 or Tier 2 bank.

Banking Transformation Programme (9–24 months) — Strategy plus hands-on delivery across one or more priority value streams. Senior practitioners embedded alongside your operations, technology, and risk teams, leading the workflow rebuilds, overseeing data layer implementation, and running the change programme.

Executive Advisory Retainer (ongoing) — For banks already executing on an enablement strategy who want senior advisory access. Monthly working sessions, ad-hoc reviews, and direct support for the executive sponsor.

For a detailed breakdown of each shape, a comprehensive FAQ on how we scope, and a scope-and-budget conversation form, see our engagements page.

Why this work is harder in banking than anywhere else

A few honest observations from running this work inside Tier 1 banks:

The legacy depth is real. Forty to a hundred core systems, many of them decades old, with brittle integrations and undocumented data semantics. Redesigning a workflow usually means renegotiating with the system that owns the upstream data, which usually means a multi-year roadmap inside another team's ownership. We have learned to anchor data work to the workflow rebuild rather than running it as a parallel programme that will be cut.

The political surface area is enormous. Operations, technology, risk, compliance, finance, HR, audit, and (sometimes) the regulator's view of senior accountability all touch every redesign. Coordinating that is the actual work — and it is organisational work, not technical work. The executive sponsor's job is political cover; nothing else compensates for its absence.

The risk-aversion culture protects you and slows you down. The same muscle memory that has kept the bank out of operational disasters for decades will kill the velocity that AI enablement requires unless it is deliberately repurposed. We work with risk teams to redirect that muscle memory toward embedded governance rather than gate-based slowdown.

The talent shift is structural. The new role archetypes — workflow designers, system supervisors, exception handlers, feedback curators, embedded second-line risk partners — don't yet exist in most banks. Hiring them, growing them from operators, and integrating them into the operating model is a programme in itself.

This is exactly why the banks that do this work first will be impossible to catch by 2030. The institutional muscle takes years to build.

Who this is for

We work best with banks that meet at least three of the following:

• £500M+ in operating cost — the structural opportunity is largest where the legacy operating model is mature enough to redesign and the stakes are high enough to justify the effort
• Executive sponsor at COO, CTO, CRO, or Chief Transformation Officer level — anything below that ceiling tends to get blocked by the structural changes the work requires
• A real (not theoretical) AI ambition — you are either trying to defend market position from AI-native challengers or trying to take share in a specific value stream
• Regulatory exposure that makes governance non-negotiable — PRA, FCA, ECB, or equivalent supervisory relationships
• Some existing AI portfolio to triage — we can work from greenfield, but most of our value comes from being honest about what is compounding and what is not

We do not work with banks looking for a single workshop, an accelerator-style programme, or "AI strategy in a box." This is structural redesign work that takes 24–36 months to land properly.

Frequently asked questions

How is this different from your flagship AI Enablement service?

The flagship AI Enablement service is sector-agnostic. This is the same engagement structure with a banking-specific lens: the value streams we focus on, the regulatory frame we apply, the operating model patterns we use, and the sector-specific failure modes we know to avoid. If you are a bank, start here.

Do you work with both Tier 1 and Tier 2 banks?

Yes. The work is similar but the sequencing is different. Tier 1 banks need more political coordination and longer Phase 1 timelines. Tier 2 banks typically have fewer internal stakeholders to align, which can shorten the governance cycle — though they usually have less existing data and model risk infrastructure to reuse. We tailor the engagement to both ends of this spectrum.

How does this fit with our existing model risk framework under PRA SS1/23?

Embedded. We treat SS1/23 as the supervisory baseline and design the workflow, data layer, decision rights, and governance to satisfy its expectations as a by-product of build — not as a retrofitted compliance exercise. By the end of Phase 1 you should be able to walk the PRA through the redesigned workflow with full evidence.

What about credit risk models specifically — are those in scope?

Yes, with the caveat that credit risk is one of the most heavily regulated AI use cases in banking and the redesign work has to engage your existing model risk function (and often the regulator) from day one. We have the relationships and the regulatory fluency to make that work.

Can we start with one value stream and expand later?

That is exactly how we recommend you do it. Phase 1 picks one priority workflow. Phase 2 redesigns it end-to-end. Phase 3 extends to adjacent workflows that can reuse the data layer and governance machinery. By month 18 you should have 3–5 workflows operating AI-native and the muscle memory to keep going.

What if our regulator is not the PRA or FCA?

We work across UK, EU, and increasingly US regulatory regimes. The structural framework is the same; the specific supervisory expectations differ. We will tailor the regulatory frame to your environment.

What this looks like in practice

For an anonymised example of this engagement structure in a real banking environment, see our case study on redesigning KYC end-to-end at a Tier 1 European Bank. It walks through the 18-month engagement: the starting position (14 active AI initiatives, 11 of them not compounding, PRA pressure on model risk governance), the diagnostic findings, what we redesigned across the five enablement pillars, and the outcomes that landed (73% reduction in analyst time per case, 67% straight-through on routine cases, decision logs queryable on demand, PRA-ready model risk file delivered on first review).

Start here

The first step is an executive working session — 90 minutes, no deck, no pitch. We use the time to understand your current operating model, your AI portfolio, the regulatory environment you operate in, and the value streams where the structural opportunity is largest. If we are a fit, we scope the diagnostic. If we are not, we say so and point you in a more useful direction.

For supporting depth, see the pillar essay on what AI enablement actually means, the FS Sector Playbook, and the AI Enablement Maturity Diagnostic (25 questions, 5 minutes, instant per-pillar breakdown). For training, our AI Enablement for Operations Leaders course goes deep on the strategic framework.