At a closed-door DataIQ peer exchange, a curated selection of senior global banking data and AI leaders shared their views around:
- Automating governance
- Visibility across AI use
- Balancing speed and control
The insights below reflect the outcome of the discussion, highlighting their practical approaches to modernising AI governance through automation and human accountability.
Build AI governance into existing risk processes
Successful AI governance does not require a parallel operating model. Instead, banks are finding greater success by integrating AI oversight into the governance frameworks they already trust.
“Risk cannot be outsourced… we’re not automating the decisioning around risk.”
Rather than introducing new approval processes, organisations are:
- Embedding AI-specific questions into existing supplier risk assessments:
- Legal reviews
- Information security checks
- Data governance workflows
This allows AI risks to be assessed alongside operational, technology, and compliance risks, reducing duplication while encouraging business teams to remain accountable for the AI solutions introduced. This supports regulatory expectations around resilience and risk management as AI becomes a component of established governance.
Automation has a clear role to play, but organisations should automate administrative processes rather than governance decisions themselves. Decisions around risk acceptance, model suitability, and regulatory implications continue to require experienced human judgement.
Govern by category, not use case
Organisations are moving from governing use cases to governing categories. Common applications can be grouped into standard governance pathways, allowing low-risk use cases to progress more quickly while reserving detailed assessment for applications involving:
- Customer decisions
- Sensitive data
- Regulatory obligations
For banks, this approach offers a pragmatic way to increase governance capacity without compromising oversight. Organisations are seeing greater returns from relatively straightforward workflow automation than from sophisticated AI governance tools.
Automated approval workflows, centralised registers of AI applications, dashboards monitoring usage patterns, and operational metrics, alongside reporting on AI adoption, are delivering measurable efficiencies. AI-assisted governance, such as using agents to interpret policy requirements or answer governance queries, remains at an earlier stage of maturity.
Leaders are experimenting with these capabilities, helping teams interpret emerging regulations such as the EU AI Act. Leaders stressed that these tools remain advisory with human validation essential.
Improve visibility across an expanding AI landscape
Maintaining visibility over AI usage remains one of the greatest governance challenges. Organisations reported reasonable oversight of internally developed models, but significantly less confidence regarding AI capabilities introduced through third-party software providers. Solution providers continue to release new GenAI features at pace, often changing underlying models or introducing additional functionality with limited advance notice.
Changes to embedded AI capabilities have implications for banks depending heavily on external platforms, creating contractual and operational risk around:
- Data privacy
- Regulatory compliance
- Customer trust
One leader shared the example of Microsoft enabling Claude in Copilot without enterprise protection terms, raising immediate contractual and privacy concerns. Another noted Microsoft:
“accidentally gave everybody access to build their own agents”.
Organisations are investing in behavioural analytics to understand internal AI use:
- Prompt activity
- Identifying unusual usage patterns
- Analysing adoption trends
These provide insight into shadow AI, inappropriate data handling, or capability gaps that traditional governance processes overlook, providing governance teams with earlier warning of emerging risks and opportunities.
Governance should enable innovation, not discourage it
Governance processes designed around compliance can unintentionally discourage early engagement. If approval mechanisms are perceived as barriers, business teams are more likely to experiment independently, reducing visibility.
Instead, organisations are repositioning governance as an enablement function that supports innovation and transparency by providing:
- Advisory support during experimentation
- Enhanced team understandings of governance expectations before projects reach production
- Clearer pathways for responsible adoption
AI is exposing weaknesses in foundational data governance and banks must:
- Revisit access controls
- Strengthen data lineage
- Improve metadata management
- Review retention policies as AI increases the value and sensitivity of enterprise data
AI has intensified the importance of getting these fundamentals right. To support this, organisations are introducing maturity frameworks that align governance expectations with the lifecycle of an AI initiative. One example divided development into four stages:
- Experiment
- Explore
- Exploit
- Exhaust
Early experimentation involving synthetic or non-production data requires relatively light governance, while production deployment triggers full operational, regulatory, and risk management controls. Formal decommissioning completes the lifecycle. This staged approach helps encourage innovation without allowing immature solutions to scale.
Finally, legal and contractual considerations have a growing number of contracts containing broad restrictions on AI usage that risk becoming impractical as AI capabilities embed.
Rather than accepting blanket prohibitions, organisations are negotiating around responsible AI principles, established governance policies, and proportionate risk management. This provides flexibility while maintaining safeguards.
Turning governance into competitive advantage
The discussion reinforced that effective banking AI governance is becoming an operational capability enabling organisations to adopt AI with confidence while meeting demanding regulatory and customer expectations.
The organisations making progress are:
- Modernising existing governance frameworks
- Automating repeatable processes
- Improving visibility across AI estates
- Embedding governance into the innovation lifecycle
As AI adoption accelerates, governance that is scalable, transparent, and collaborative will become a strategic differentiator and not an operational constraint.
These insights come directly from data and AI leaders in financial services organisations tackling these challenges. To highlight your thinking, exchange lived experiences with peers, and shape the next wave of industry insights, join us at an exclusive DataIQ session:
Developing Data and AI Talent in High Maturity Organisations
Governing Critical Data Elements: Best Practice for Mature Regulated Organisations in the US


