The pressure on banks and financial services firms to deploy AI is coming from every direction. Neobanks and fintech challengers are turning the screw with AI-led innovations that set new benchmarks for rapid product development. In turn, customer expectations have shifted permanently toward instant, hyper-personalised services across every channel. At the same time, boards are demanding measurable returns on the billions already committed to AI, expecting efficiency savings and demonstrable ROI.
Today, we are starting to see banks deploy agents across loan origination, KYC, fraud detection, and customer service triage, with AI now firmly at the top of the strategic agenda. The question for leaders across the industry is whether the governance needed to deploy AI responsibly is keeping pace. The question is no longer whether banks will adopt agentic AI, but how quickly they can scale it safely. Indeed, according to McKinsey’s Global Banking Annual Review 2025 banks which fail to embrace AI risk losing up to $170bn in profits.
Why governance isn’t keeping up
Compliance is nothing new for financial services. Model risk management, capital adequacy, audit trails, and three lines of defence are second nature to all in the sector. But agentic AI introduces new complexities that such frameworks were not built to manage. For example, model explainability, data security across multi-vendor agent estates, and continuous oversight of dynamic behaviour all sit outside the parameters of traditional governance, that are forcing rapid reconsideration of risk management approaches.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
Structurally, model risk frameworks were designed for deterministic statistical models that produce the same output for the same input, and they can be tested, validated, documented, and explained to regulators. Agentic AI does not behave that way. Agents are probabilistic, reasoning and acting dynamically, which means the same prompt can produce different paths through a process depending on context, history, and the tools available. Governing them safely requires a redesign of existing frameworks.
In addition, regulatory pressure is intensifying alongside technical complexity. The EU AI Act established the first legal framework on AI, with auditability, explainability, and human oversight requirements that apply across cross-border operations. The Federal Reserve and OCC have updated SR 11-7 guidance to bring AI models inside the model risk management perimeter. Individual accountability regimes are raising personal liability for senior leaders responsible for AI decisions. And the technology that banks are deploying as a competitive weapon is itself creating new threats. Cyber-attacks, deepfake fraud, and synthetic identity fraud are scaling at volumes that traditional rule-based barriers cannot match, raising the cost of ungoverned AI considerably.
The result is a trust gap and points to why agentic AI adoption remains low. For example, while many banks and financial services organizations are experimenting with AI agents, research finds just 11% of use cases reached production over the last year, with 66% admitting to compliance concerns with AI agents. Banks remain unable to scale what they cannot audit, explain, or control, and 84% state the business risk of AI in day-to-day processes holds them back.
Rethinking governance as an enabler
Unlocking governance is the key to closing this gap. The organisations pulling ahead of competitors are the ones rethinking governance from the ground up, rather than bolting it on as a last-minute consideration.
To achieve this, banks need continuous oversight of agent behaviour in flight rather than one-off approval checkpoints at the start. They need accountability by design, with clarity from day one about what agents decide autonomously, where confidence thresholds trigger escalation, and where a human must be involved before action is taken. And they need clear, enforceable end-to-end processes where every decision is recorded by default. This approach forms the foundation of safe agentic deployment for operations that matter, without slowing deployment.
For most banks, the missing piece is architectural. Individual agents, whether built in-house or sourced from vendors, cannot deliver this kind of governance on their own. What is needed is an orchestration layer above them.
This is the role of agentic orchestration: coordinating AI agents, people, and core systems across end-to-end processes under enforced policy, creating the transparency and control that true governance demands. Such an approach allows banks to embed approvals, thresholds, and escalation paths into the process itself. For example, an agent might draft a customer communication or recommend a settlement, while the process enforces approval thresholds for high-value payouts, fraud indicators, or unusual patterns before anything is executed. It also captures a complete audit trail automatically, giving regulators clear evidence of how decisions were made. By design, it is agent-agnostic, working across whichever AI models, vendors, and systems a bank uses.
Looking ahead
AI capabilities continue to evolve at a rapid rate.
Success will therefore be measured by how effectively banks build the governance foundation to scale AI safely and with control. The institutions that will be successful will not be the ones running the most pilots. Instead, banks and financial services firms that use governance as an enabler will be able to put AI into production with confidence, auditability, and accountability, powering mission-critical operations. That foundation is what turns AI from a promising capability into a durable competitive advantage, and it is what separates the financial institutions that scale from the ones that stall.
Jawwad Rasheed, Financial Services Advisory Lead, Camunda
