September 2025

The honeymoon era of AI experimentation in financial services is ending. What began as pilots and proofs-of-concept has now matured into mission-critical operations, and with that maturity comes an uncompromising imperative: regulatory compliance.

As of 1 February 2025, the EU’s restrictions on unacceptable-risk AI systems became enforceable. For banks, this marks a turning point: AI governance is no longer optional; it is mandatory.

The regulations apply to all companies operating in the EU, regardless of where they are headquartered, and penalties for non-compliance can reach €35 million or 7% of global annual turnover.

But compliance is not just about avoiding fines. For banks, it is about building trustworthy, auditable AI systems that protect customer confidence, satisfy supervisors, and unlock long-term strategic value.

Imperfect Data, Pragmatic Compliance

In our earlier article, “The Practical Reality: Insights Cannot Wait for Perfect Data”, we argued that banks cannot afford to delay insight generation while waiting for pristine data. That principle holds true in compliance: perfect data is not required, but traceable, explainable, and continuously improving data is essential.

This perspective bridges operational reality with regulatory expectation. Banks must begin with the data they have, applying lineage, monitoring, and governance incrementally rather than waiting for an elusive “perfect state.”

Blind Spots Banks Cannot Ignore

1. Data Lineage Is Now a Supervisory Expectation

High-risk AI applications—such as credit scoring, AML monitoring, and insurance underwriting—require full accountability. Supervisors will demand clear answers to where data originated, how it has been transformed, and how it impacts decisions.

2. Third-Party AI Isn’t a Free Pass

The Bank of England and FCA gained authority in January 2025 to directly supervise critical third-party providers—including cloud and AI vendors (The Guardian). This marks a shift: banks remain fully responsible for outsourced AI, no matter how compelling the vendor’s promises.

3. Compliance Isn’t Static

The EU AI Act is being phased in through 2025 and beyond, with provisions on general-purpose AI enforced since August 2025. Meanwhile, the UK pursues a principles-based approach, relying on the Senior Managers Regime and Consumer Duty to police AI adoption (FCA). Banks must prepare for a world where compliance frameworks evolve continuously, not in five-year cycles.

Building Compliance Into AI, Even With Imperfect Data

Start With What You Have

Banks that wait for perfect data will be left behind. Instead, leading institutions are:

• Cataloguing and classifying existing datasets.
• Implementing automated lineage tracking to document transformations.
• Embedding real-time quality monitoring into production systems.

This incremental approach ensures compliance progress begins today—not after a multiyear data overhaul.

Governing the Model Lifecycle

Compliance extends beyond data to the entire model pipeline:

• Documentation from concept to retirement.
• Bias detection and mitigation baked into model development.
• Performance monitoring tied to both business outcomes and regulatory expectations.

Explainability by Design

The FCA has made clear that “black box” AI is incompatible with responsible banking. Banks using AI for customer due diligence, credit scoring, or fraud detection must ensure explainability is intrinsic, not retrofitted.

Lessons From the Market: Banks Already Moving

Several UK banks are demonstrating how to balance innovation with compliance:

• NatWest’s collaboration with OpenAI, announced in March 2025, upgraded its chatbot “Cora” and employee assistant “AskArchie.” Early results: 150% uplift in customer satisfaction and reduced call-centre reliance, while embedding explainability safeguards (Reuters).
• HSBC is piloting AI agents to automate back-office processes, potentially handling up to 90% of administrative tasks and targeting $1.5 billion in annual savings by 2026. Compliance by design is central to these initiatives, ensuring efficiency gains are regulator-ready (Financial News).

These examples highlight a crucial truth: compliance-first innovation is an accelerator.

Academic Signals: Where Banking AI Governance Is Heading

Emerging research reinforces what regulators and practitioners already sense:

• A July 2025 study on AI Governance in European Banks argues for a compliance-first design philosophy, tying AI Act requirements directly into model governance frameworks (SSRN).
• Comparative analysis from February 2025 highlights how the UK’s flexible, principles-based approach contrasts with the EU’s prescriptive model—each offering different strengths in balancing innovation and oversight (arXiv).
• Sustainability-focused research is emerging, urging banks to integrate AI’s carbon footprint into compliance frameworks—aligning AI oversight with ESG obligations under EU CSRD and CSDDD (arXiv).

Together, these findings suggest the next competitive frontier: banks that align AI governance with broader prudential and sustainability priorities will secure both regulatory approval and market leadership.

From Obligation to Advantage

Banks that treat compliance as a cost centre will always be on the defensive. Those that embed compliance into every layer of AI development and deployment (from messy data foundations to advanced model governance), will unlock real advantages:

• Faster innovation cycles through compliance-ready pipelines.
• Stronger trust from customers and regulators alike.
• Sustainable resilience as regulations and risks evolve.

The question for banking leaders is no longer whether to invest in AI but whether their AI can thrive in a regulated environment. Those who commit to compliance-by-design today will be tomorrow’s market leaders.

Ready to build compliance into your AI strategy from day one? At Calimere Point, we’ve helped global banking giants and asset managers navigate the intersection of AI innovation and regulatory compliance. Contact us to learn how our battle-tested approach can accelerate your AI implementations while ensuring full regulatory compliance.