AI has moved from pilots to production. Banks, insurers and fintechs are using it to personalize service, sharpen underwriting, fight fraud/financial crime, and streamline back-office work. The upside is material, but so are new responsibilities under rules like the EU AI Act and guidance from supervisors.

Why AI, and why now?

Two shifts happened together: model quality (especially large language models) and enterprise economics. McKinsey estimates $200–$340B in annual value potential for banking alone, largely via productivity and decision support. That’s roughly a 2.8–4.7% lift to sector revenues. McKinsey & Company

Adoption is broadening in regulated markets. The Bank of England/FCA’s latest survey found 75% of UK financial firms already using AI, with use cases expanding into decisioning and risk. Bank of England

Front-line change: from generic flows to intelligent help

Hyper-personalized service. Bank of America’s “Erica” shows how AI scales service without exploding headcount: it surpassed 2 billion client interactions in 2024 and 2.5 billion by early 2025, handling ~2 million interactions per day. Bank of America+1

Smarter credit decisions. Underwriting is shifting from static scorecards to explainable ML that reads cash-flow and behavioral patterns. In the EU, credit scoring/credit-worthiness AI is formally “high-risk” under the AI Act—triggering obligations around data quality, transparency, human oversight and conformity assessment (CE-marking). EUR-Lex

Middle & back office: where value (and risk) multiplies

Payments fraud & scams. Network-level AI is now core infrastructure. Mastercard says generative-AI techniques doubled the speed of detecting potentially compromised cards; their public pages note doubling the detection rate before criminals can use them. Visa reports blocking $40B in attempted fraud in 2023, and continues to roll out AI-enabled scam disruption. Visa+3Mastercard+3Mastercard+3

Financial crime (AML/CFT). After years of “alert fatigue,” ML is lifting true positives while cutting noise. HSBC, co-developing with Google, reports finding 2–4× more suspicious activity with >60% fewer alerts in pilots and rollout. HSBC+1

Investment & risk. On the buy side, platforms like BlackRock Aladdin embed analytics, risk and workflow across the investment stack; domain-tuned LLMs such as BloombergGPT point to faster research/discovery across filings and news—still with humans accountable. BlackRock+2BlackRock+2

Governance is catching up: accountability first

Supervisors are moving from watching to playbooks:

• EU AI Act (2024): risk-based regime now in force. Credit scoring is high-risk; providers/deployers must meet strict obligations (risk management, data governance, human oversight, transparency, and conformity). EUR-Lex

• ESMA (EU markets regulator): firms remain fully responsible for outcomes when using AI (including third-party tools) in MiFID retail investment services; boards must understand and oversee usage. Reuters+1

• Global prudential view: BIS and the FSB urge central banks and supervisors to “raise their game” on AI—citing both productivity upside and correlated-model/systemic risks. Financial Times+1

Pakistan snapshot: onboarding, identity and data rails

For readers in Pakistan, the foundations for AI-assisted finance are strengthening:

• SBP’s 2025 Consolidated Customer Onboarding Framework: formalizes video-KYC, biometric checks (via NADRA), better turnaround standards, and a single rulebook for banks/EMIs—making it easier to layer AI-driven fraud and AML analytics on top. State Bank of Pakistan+1

• Shared e-KYC platform (PBA/SBP): banks are being connected to a shared KYC utility (with blockchain underpinnings) to re-use verified KYC—lowering friction and cost, with appropriate consent and security. Pakistan Banks+1

What leaders should do next

• Prioritize “centers of friction.” Start where impact is measurable: onboarding, collections, investigations, advisor productivity, and fraud/AML. Tie each use case to hard outcomes (approval lift without higher losses, fraud catch-rate vs. false positives, cycle-time, hours saved). McKinsey & Company

• Stand up an AI control tower. Maintain an inventory of models, owners, policies, validation results, drift monitors, and incident workflows. Map every use case to its regulatory category (e.g., EU high-risk) and keep audit-ready documentation. EUR-Lex

• Engineer explainability. Where laws or consumer fairness demand it (e.g., lending adverse action), prefer techniques that support reason codes and keep data lineage intact. ESMA’s guidance and the AI Act both emphasize human oversight and client-interest duties. ESMA+1

• Harden data & identity. Unify customer/transaction/device data under robust governance; plug into national identity rails (e.g., NADRA) and shared e-KYC to improve signal quality—and model performance. State Bank of Pakistan+1

• Measure like a business. Use A/B pilots with holdouts; don’t ship based on model metrics alone—ship on business value with risk under control. McKinsey & Company

Realistic use-case menu for 2025

• AI copilots for relationship managers and finance teams: summarize financials, prep call briefs, draft follow-ups, and surface risk flags from internal docs—always with retrieval controls and human approval. (Adoption is firm-wide at several global banks.) Reuters

• Cash-flow underwriting for SMEs: combine bank feeds, invoices and tax data into explainable scores and dynamic limits—designed to meet high-risk governance where applicable. EUR-Lex

• Real-time scam defense: blend scheme-network signals (Visa/Mastercard) with bank-side behavior models to block payments before funds leave. Reuters+1

• AML case automation: triage, enrich and draft narratives with LLMs; early results show 2–4× more genuine detections and far fewer false alerts when paired with human investigators. HSBC

References (selected)

• McKinsey — Generative AI value in banking ($200–$340B; 2.8–4.7% revenue). McKinsey & Company

• Bank of England & FCA — Artificial intelligence in UK financial services (2024) (75?option). Bank of England

• EU AI Act (Regulation (EU) 2024/1689) — High-risk obligations; explicit coverage of credit scoring/credit-worthiness. EUR-Lex

• Mastercard — generative-AI doubles speed/rate of compromised-card detection. Mastercard+1

• Visa — $40B in attempted fraud blocked in 2023; continuing AI-enabled scam disruption. Reuters+1

• HSBC + Google Cloud — 2–4× more suspicious activity detected; alerts down >60%. HSBC+1

• BlackRock Aladdin — unified risk/portfolio platform; AI-enabled tooling in wealth. BlackRock+1

• BloombergGPT — domain LLM for finance (paper). arXiv

• ESMA — firms remain responsible when using AI in retail investment services (MiFID). Reuters+1

• Pakistan — SBP Consolidated Customer Onboarding Framework (2025); PBA Shared e-KYC initiative.