A bank once asked me to "add AI to trading." I asked them which desk, against what benchmark, and how they'd attribute the P&L. The room went quiet. That's the tell. When someone wants AI in finance and can't say which workflow or how they'll measure it, they've read a magazine, not a problem.
I've spent enough time near financial systems to flinch at any sentence starting "AI will transform finance." Markets are about the most adversarial, heavily instrumented environment software ever runs in. The useful question is narrow: which workflows does AI actually change the economics of, and what does it cost you to keep them compliant?
The business press answers badly. It obsesses over trading and advice, which are the two places AI delivers least to most institutions. The returns are in the functions nobody photographs: risk, compliance, document grinding.
Four things that work
Roughly in order of how reliably I've seen them pay back:
| Workflow | What the model does | Where the value lands |
|---|---|---|
| Fraud detection | Scores each transaction in real time | Lower losses and fewer false declines |
| AML monitoring | Re-ranks suspicious-activity alerts | Same coverage, far less analyst time |
| Document processing | Reads and structures KYC, contracts, claims | Replaces offshore keying, often better |
| Credit underwriting | Adds cashflow signals to thin-file applicants | Wider lending — if you fairness-test it |
Real-time fraud scoring is now table stakes at any retail bank. The good systems cut losses and stop declining your card at a hotel desk. Both numbers moving the right way at once is how you know the model is real and not theatre.
AML — the obligation to surface suspicious patterns — is the cleanest win I see. Legacy rules engines flag oceans of perfectly innocent activity and bury the compliance team. A model that re-ranks those alerts by genuine suspicion doesn't touch your risk coverage. It changes how many human-hours you burn to get there. That's a cost story, and cost stories are easy to defend to a board.
Document processing and underwriting both work, both carry a tail. Underwriting on alternative data widens access for people with thin files — and bakes in fresh bias if you skip disparate-impact testing. Same technique either way. The discipline is what separates inclusion from a regulatory finding.
Where I push back
"AI stock picks" for retail. Quant funds have used machine learning for decades and pay their researchers more than the rest of the firm combined, because the signal-to-noise in markets is brutal. Anything sold to retail as AI-powered stock selection is marketing in a lab coat. Treat the phrase as a disqualifier.
Robo-advisors. Most contain almost no AI. The allocation logic is a few rules plus tax-loss harvesting. Useful, fine, not what the brochure implies. Name it accurately and it's a decent product.
Customer-facing advice bots. The constraint isn't capability, it's liability. A model that improvises a commitment to a product the bank doesn't sell creates a regulatory exposure, not a support ticket. This matures slowly, behind tight rails.
What a real project looks like
A mid-sized European retail bank was flagging around 4% of all transactions for AML review, the vast majority false positives. The instinct is to rip the system out. Don't. Replacement means re-validating the entire control with the regulator — months of work before a single benefit lands.
So we left it. We bolted on a second-stage model trained on two years of the analysts' own dispositions and used it to re-order the existing queue. Same screens, same process, same audited control underneath. Analysts just worked a queue where the top was worth their attention. False positives fell sharply, the backlog cleared inside a quarter, nobody lost a job. The head of compliance told me later the surprise was that her team was doing actual investigative work again instead of clearing noise.
I tell that story a lot because it's the principle: in regulated functions, the cheapest path to value is augmenting an approved control, not swapping it.
The governance you don't get to skip
Model risk is a first-class cost, not an afterthought. Four things I'd hold any deployment to:
- No generative model in a decision loop without evals. A hallucinated fact in a lending or suitability decision is a regulatory matter, full stop. Keep generative tools to drafting and summarisation behind a human.
- Work with the model-risk frameworks, not around them. SR 11-7 in the US, SS 1/23 in the UK — sensible engineering discipline written in regulator's language. Treat them as the spec, not a checklist you fight.
- Monitor for drift continuously. Financial models decay as conditions shift. Catch the degradation before your regulator does.
- Fairness-test, then keep testing. Credit and insurance decisions change people's lives. Disparate-impact testing is a standing control, not a launch gate you clear once.
The teams that get this right put data science, risk and compliance in the same room from the start. Build it the other way and you get one of two failures: clever systems you can't deploy, or deployed systems that never should have shipped. Decide which room those conversations happen in before you decide which model to buy.
