Banking AI Moves At The Speed Of Data Visibility And Regulatory Guardrails

AI adoption in banking moves at the speed of the systems underneath it. Leaders may talk about cost reduction, workflow optimization, and efficiency, but the easy wins rarely touch the real bottleneck: core processes shaped by legacy data infrastructure, strict compliance rules, and decades of accumulated complexity. A copilot can summarize emails or speed up code, but plugging a modern large language model into twenty-year-old banking systems is where the work gets expensive, slow, and heavily scrutinized. In regulated industries, the model is rarely the hardest part. The harder question is whether the data is visible, the decision is explainable, and the process can survive a regulator asking why.

As the former Head of Technology at Westpac Group and the Founder of the independent advisory practice Kshetra, Dinesh Singh Panwar faces this problem every day. He has overseen a massive portfolio of enterprise systems, led several AI-heavy programs, including large-scale automated PII redaction projects, and won an International Innovation Award at the Appian World Forum for deploying a Mortgage Assessor AI into live banking operations. Alongside personal AI projects and public talks on compliance automation, he has long advocated for a specific approach to AI in banking: the pace of AI adoption is always dictated by data plumbing and regulatory guardrails.

"AI is actually not a problem," Panwar says. "We can work out the regulations and guardrails around it. But then, to use it across the board, we need to ensure all data in this product system is visible."

Three lanes, three speeds

Panwar suggests that the disconnect between capability and deployment is visible the moment you break adoption into lanes. Many firms found it relatively straightforward to roll out basic copilot tools to support goals like easy email polishing, summarization, and low-regulatory-risk productivity wins. It's even been the case that Panwar's group has accelerated development and software maintenance using AI. But with these wins come consequences down the road. Because coding is just one phase of the software lifecycle, moving faster at the start naturally pushes the testing and assurance bottleneck further down the pipeline.

With basic copilot tools, the early benefits are mostly framed as productivity gains, and the hard ROI remains unclear. "We are just saying productivity gain, productivity gain," Panwar says. "And a lot of the backlog of redundancy has been pushed out as what I might call AI washing." That is, while there are significant gains on the front end, clearing out inefficiencies, a lot of that work is simply pushed further down the pipeline. The coding lane creates a different problem: "Software is getting built faster and faster, but there are not enough people to test it and push it out to production," he says. Because many engineering leaders expect user acceptance testing to remain human-driven due to strict regulatory scrutiny, teams must account for this constraint and invest heavily in upstream test automation.

The mortgage assessor problem

The process gets much more complicated when organizations try to incorporate AI directly into core business workflows. Panwar's award-winning Mortgage Assessor pilot reduced a four- to five-day decision process to roughly five seconds (in a controlled environment). Technically, the system could ingest policy documents and lending rules and produce a decision almost instantly. But, because banking decisions must be explainable, attempting to move this kind of experimental system into full production brings immediate regulatory scrutiny.

"If regulators ask, why did you give a loan to this person? Or why did you not give a loan?" Panwar says. "We can't say, 'ChatGPT said so.'" Noting that consumer trust is central to banking, he sees regulatory friction as a competitive defense rather than just an obstacle. "We won't experiment with AI on a business process that deals with customer data, because trust is the main business of banking. Otherwise, Facebook or Google could do what we do."

Data swamps: Where 99% isn't good enough

Locked out of public model outputs for sensitive decisions, many banks are looking inward and coming to terms with their own messy data. The most valuable context is trapped in decades-old systems and inconsistent stores. To begin modernizing twenty-year-old infrastructure, organizations lean on tools that can abstract and expose specific data from legacy platforms. Without these targeted solutions, much of the information scattered across old and new systems remains completely invisible to AI.

"Data lakes have turned into data swamps," Panwar says. "Only the newer applications have moved to data lakes, and all the data is still sitting where it belongs. If you wait for those programs to complete, we'll be waiting years before we can give AI access to that data."

Rather than waiting years to clean the entire swamp, he recommends picking a single use case, mapping the workflow, and testing where AI might help. That approach aligns with other AI risk and scalability frameworks that emphasize targeted controls. "Pick a use case and run with it, iterate on it, and then go figure these things out," he says. "Because sometimes the regulatory aspect is different for different use cases."

Accuracy requirements show a similar split. In some domains, regulatory frameworks demand perfection; in others, the target is simply "good enough" relative to past practice. In Australia, tax file numbers and other personal identifiable information must be handled with 100% accuracy. Panwar's teams have long used machine learning, including IBM's tooling, to reach roughly 99% accuracy on those tasks. But regulation still demands that last percentage point.

"The regulation says 100% accuracy. So what we usually do is we have some sort of human-in-the-loop situation where we throw the exceptions into a human queue," Panwar says. That raises costs, but routing edge cases to people is far cheaper than handling every record manually. In other areas, like fraud detection, there is more room to experiment. "There is no clear regulation on what is deemed a fraud or a financial crime. It is all about applying data science behind it," he says. "We were not 100% even before AI. In those pioneering use cases, there are no strict guidelines for how it should be handled. If we are better than our competition, that is good enough."

Show me the money

For several large financial institutions, this operational push is being compounded by board-level pressure. New executive-level data and AI roles have been created to coordinate adoption. Inside IT, leaders want to reduce outsourcing and increase time-to-production. And for customer-facing processes, security teams are heavily involved in any discussion that touches sensitive data, especially when more agentic AI systems are considered.

So far, much of the spending has gone into pilots and platform capabilities. The next phase will be a closer examination of costs and returns. That aligns with wider research on AI investment ROI, which suggests many companies are still struggling to turn experiments into measurable gains.

The high cost of API tokens is already forcing a strategic pivot. "Six months down the line, leadership is going to demand to see the money," Panwar says. To manage those costs, banks are exploring the development of smaller, cheaper internal models. "There's one theory that banks don't need a PhD-level model to do banking," he says. "And if it's cheaper to run in our own internal data center, that may be a viable alternative."

What gets unlocked when the plumbing works

The reason the data and explainability problems matter so much is that almost everything banks want to do next sits atop them. Panwar's most interesting prediction is about the front end: regulated industries spent the last decade pushing customers out of conversations and into structured digital forms, capturing every interaction in unambiguous fields. He thinks AI is about to reverse that.

"A few years ago, all of the regulated industries moved from conversational interactions like going to the branches and chatting to digital," Panwar says. "With the advent of AI, the customer interaction will convert back into chat interaction. A customer just says what they want. And the AI's natural language processing should convert it into what they mean."

But that reversal only works if the swamp gets cleaned up first. A customer describing a loan request in their own words is useless if the AI translating it can't see the policies, the customer history, or the lending rules embedded in twenty-year-old systems. The conversational front end is the payoff of fixing the boring infrastructure underneath. The same is true on the edge: on-device models that handle accents, languages, and voice-to-structured-input only deliver value if the backend they're feeding can actually act on what comes through.

That is the real story of regulated AI in 2026: moving away from a focus on models and prioritizing the lane it's running in, the regulator it has to explain itself to, and the legacy plumbing it has to reach through. "That is going to be fascinating," Panwar says. "How people ask for services is where I think one of the bigger transitions will happen."