AI Adoption in Financial Institutions: Balancing Growth and Governance

In September 2025, 87 banks and 49 insurers across Europe, the Middle East and South Africa participated in the 2025 EMEA Model Risk Management (MRM) Survey. The survey covered questions around their current practices in MRM, maturity, issues, and future endeavours by participants. In this post, we present a deep dive on the outcomes of the survey around questions of 1) how and for what banks and insurers use AI, and 2) what hurdles they encounter.

To What Extent Are Financial Institutions Using AI?

The trend in use of Artificial Intelligence (AI) points upwards. In 2025, two thirds of banks and insurers use models with AI or Machine Learning (ML) techniques.¹ However, given the overall surge of AI vendors and AI use over the past two years, the increase since 2023 seems relatively small.² Upon closer inspection, we see that there is a significant increase in small institutions: for small banks, AI use increased from 22% to 52% since 2023, and for small insurers, use increased from 27% to 46% since 2023. As large banks and insurers have continuously been investing into AI and ML infrastructure already before the explosion of low-code and vendor-supplied solutions since 2023, their use increased comparatively slowly. For small financial institutions, on the other hand, the last two years saw a great increase due to the much more readily available Software as a Service (SaaS) solutions and the cost of internal development decreasing due to low-code development platforms. Further, the proliferation in AI use over the past 2 years was largely due to increased use of Generative AI (GenAI), with 94% of large banks³ and 62% of small banks⁴ using GenAI in 2025.

For the future, we expect the gap in adoption between small and large players to continue closing. For smaller institutions, however, operational efficiency gains might not always be as significant as for large organisations, as smaller players tend to have leaner processes and less legacy data to begin with. What will distinguish market leaders in the future will not be the sheer adoption rate of AI, but rather how well they re-design processes, organisational set-up, and people change management to benefit from the efficiency gains AI can provide.

What Are Financial Institutions Using AI for?

Across both banks and insurers, the top use cases for AI techniques in models are for fraud detection, such as Anti-Money Laundering (AML) and Know-Your-Customer (KYC), where 58% of banks and 30% of insurers use AI, and for Customer Experience (CX), where 53% of banks and 37% of insurers use AI.

Figure 1: Top use cases for AI techniques (Deloitte’s 2025 EMEA Model Risk Management Survey)

Given the regulatory mandate to perform AML and KYC activities, as well as the highly manual and mechanic nature of these activities, the high use of AI in these tasks comes as no surprise. In our work, we see AI models be frequently employed for fraud detection in one of two ways: either to increase the accuracy when detecting fraudulent transactions, or otherwise to increase the coverage of detection to be able to intercept new risk patterns, for example arising through cryptocurrency transactions or environmental risk.

Using AI for customer experience, such as predictive marketing, personalisation of offers, or customer chatbots is frequently seen as an easy use case to start gaining efficiency through AI. Due to the rapid rise in offerings of consumer-level AI and GenAI services, chatbots have become more accessible to many organisations. Additionally, the availability of GenAI models sees a tendency towards hyper-personalisation of the customer experience, in which not only the choice of product that is presented to the customer has been AI-predicted, but the entire sales pitch is customised based on previous interaction points of the customer.

Turning to the MRM process itself, 40% of participating banks are either already using or planning to use AI to enhance their overall MRM process; insurers are slower to adopt with only 16%. Frequently targeted use cases within MRM include document creation, such as validation report writing, as well as code creation, either assisting developers or building challenger models for validators. Further, AI is applied to assess compliance of documentation and reports with either external regulations or internal policy, or to provide a chatbot to answer questions about them.

What Risks Do Popular Use Cases Carry?

While fraud detection, customer experience and report/documentation writing are frequently seen as easy-entry use cases to pilot the use of AI, it is important not to underestimate the risks associated with them.

While customer experience and report writing use cases generally do not fall under the ‘high risk’ category of the EU AI Act, these applications can neverthel,^5,6,7 commenting negatively on the employing company⁸, or even enabling attackers to gain unauthorized access to the company’s customer support systems.⁹ The high non-determinism of both the user-input and the chatbot outputs mean that many risks cannot be easily identified through up-front validation.

Figure 2: Risk profile of popular use cases

Similarly, for use cases of GenAI creating documentation, incidents of documents containing factual errors and hallucinated sources or references have occurred. As GenAI increasingly generates documents that once relied on human expertise, the assumption of authorial competence no longer applies and hence GenAI-produced documents require much closer review processes.

What Are Common Hurdles to Utilizing AI Applications?

More than half of survey participants named transparency and explainability as a hurdle, a reflection of the increasing use of vendor solutions instead of in-house built AI tools and the increasing complexity of AI methodology as solutions move from ‘simple’ ML techniques to entire Agentic AI workforces. This increasing complexity is also reflected by 39% of respondents naming internal skills and capabilities as a challenge to AI implementation. While willingness of employees to engage with AI was not cited as a significant hurdle, 24% of overall respondents cite rigidity of the existing processes as a blocker to using AI; however only 3% of small banks. This shows that bigger institutions, despite more capacity to invest in AI, also face additional hurdles in terms of needing to reorganise legacy processes and work on data quality and availability in existing data systems. Further hurdles cited are fairness concerns (34% of respondents), safety and security (32%), regulatory landscape (34%) and generally risks posed by AI (46%) clearly showing, that risk management questions are far from answered, both from a technical and strategy perspective.

How Then Can Banks and Insurers Expand Their Use of AI Through Safe Governance of Risks?

The way to win is not through blind AI adoption wherever possible, but through strategic investments with well-defined guardrails.¹⁰ To select strategic use cases where AI can benefit your organisation, evaluate opportunities across 1) how well your business processes & people are set-up for AI use, 2) the complexity & technical questions of your AI use case, and whether 3) risks are identified and controlled. To ensure smooth adoption of AI use cases once they have been developed, audit your deployment and change-management process for AI concerns around stakeholder buy-in, user training, phased rollouts, and key performance indicators (KPI) for monitoring and adoption. Leaning into local teams' ability to quickly develop AI solutions that suit their needs is important to keep momentum going, but providing a clear frame of what controls across the AI lifecycle exist in your organisation ensures that AI investment pays off in the long run.

For the full insights around the use of AI in banks and insurers, you can read the survey report here.

Sources:

1. Note that this does not include use of Generative AI applications.

2. 56% of banks in our survey used AI in 2023, 67% in 2025 (11 points increase), 53% of insurers in our survey used AI in 2023, 57% in 2025 (4 points increase).

3. Large banks/insurers in the survey are defined as banks with a balance sheet total of more than EUR 100 billion.

4. Small banks/insurers in the survey are defined as banks with a balance sheet total of less than EUR 30 billion.

5. IT specialist tricked ChatGPT into revealing Windows product keys. Here's how it happened. dev.ua. July 2025.

6. Air Canada chatbot promised a discount. Now the airline has to pay it.. The Washington Post. February 2024.

7. Expedia’s chatbot instructs on how to make a Molotov cocktail . cybernews. September 2025. 

8. Delivery firm’s AI chatbot swears at customer and criticises company. Independent. January 2024.

9. Lenovo chatbot breach highlights AI security blind spots in customer-facing systems. CSO. August 2025.

10. Forrester predicts that ungoverned GenAI in commercial applications will cost more than $10billion, source: 2026 Predictions Guide For B2B Marketing, Sales, And Product