Why governance is the hidden AI performance opportunity
Half of banking executives say governance and compliance are already limiting AI performance, yet only 18% are sure they could pass an independent audit of AI controls. This is the AI proof gap in banking: governance is the missing link between AI adoption and measurable performance.
This report explains why that gap exists and what banks need to do to move from AI scale to AI success.
Banks are scaling AI. They aren’t governing it fast enough.
Banking leaders are experienced in driving growth within the demands of a highly regulated environment. So why, when it comes to AI governance, do banks suddenly fall short?
According to Grant Thornton’s 2026 AI Impact Survey Report of 950 business executives, banks are more likely than any other industry surveyed to say their controls are untested.
Immature AI governance affects more than compliance readiness — it directly constrains ROI by limiting deployment of AI in high-value, regulated workflows. Half of respondents cited governance and compliance barriers as contributors to AI underperformance or failure.
Financial institutions that prioritize centralized, tested governance and controls are best positioned to leapfrog competitors toward compliant AI-driven growth.
Stronger AI controls enable more confident decisions
Banks are scaling AI across multiple front-, middle- and back-office functions, with top benefits including greater efficiencies (62%), improved decision-making (56%) and higher-quality outputs (42%).
But just 32% report revenue growth, and only 36% report cost reduction. More banks should be experiencing the cost-saving and profit-driving benefits of automation, but weak governance limits performance potential.
On paper, banks have governance policies in place. But at the same time, banking leaders identified governance as their top barrier to AI performance, and only 18% say they’re fully confident in their AI controls. While many organizations may wait for regulators to provide guidance before stress-testing their AI controls, that delay is preventing them from building confidence in where and how they deploy AI today.
A lack of decision rights and guardrails are common roadblocks preventing financial institutions from testing their controls and incident response. Those with strong governance and controls have clear responsibilities across the C-Suite, rather than ad hoc committees.
What good looks like: AI governance in banking
Leading institutions are operationalizing governance across three layers:
- Model governance (SR 11-7-aligned)
- Independent model validation for AI underwriting and forecasting
- Continuous monitoring for drift, bias and performance degradation
- Data governance
- AI-driven data lineage and inventory
- Alignment to Basel Committee on Banking Supervision 239 and regulatory reporting requirements
- Controls testing & auditability
- AI-enabled transaction testing and conformance validation
- End-to-end traceability between the source data, model and report output
Banks can also establish clearer internal guidance by forming governance models aligned with existing regulatory requirements such as SR 11-8, Basel III, the EU AI Act and upcoming U.S. state regulations.
The U.S. Treasury released guidance in February that standardizes best practices for managing AI cybersecurity risks in the financial services sector, rooted in the Financial Services AI Risk Management Framework. Financial institutions that align their AI governance policies with this framework and the six interrelated resources released by the Treasury can design and conduct assessments, address gaps, prioritize mitigation efforts and develop a more resilient control posture. Aligning their AI governance framework to this guidance provides banks with a stronger foundation for more confident AI decision-making across the enterprise.
“One misconception banks may have is that taking the time to build a foundation of strong governance may slow down progress in evolving their AI maturity. The reality is that strong governance up-front will actually help them move faster. Financial institutions with a strong risk management program, governance, and data hygiene will be able to make decisions faster, build greater confidence in their AI usage and begin creating more efficiencies and stronger customer experiences across the organization.”
Banks deploy AI across a workforce that can’t use it
Many banks are still piloting AI in low-risk areas such as reconciliation processes, anti-money laundering (AML) programs and customer service enablement. But few say AI is fully embedded into operations. Nearly half of banking respondents cited insufficient training as a reason past AI initiatives have failed, and 36% identify workforce readiness as a top concern about implementing agentic AI.
That points to a broader issue with how AI is being deployed in banks. When institutions layer AI on top of existing customer onboarding, transaction monitoring or fraud detection workflows, they’ll see marginal returns. Institutions where AI is actually changing performance outcomes have redesigned processes with automation and autonomous AI in mind. That requires redesigning the overarching operating model and underlying workflows, not just deploying tools.
Getting started: Where banks are focusing on AI adoption
- Forecasting market trends and managing liquidity risk
- Automating regulatory compliance and financial reporting
- Gaining more efficiencies through broader process automation in middle and back offices
- Optimizing credit risk assessment and fraud detection
- Enhancing monitoring of digital infrastructure
- Unlocking capital for reinvestment in digital transformation and customer experience
- Improving product relevancy
- Improving enterprise planning visibility into product profitability
That process differs between large institutions and regional banks. Where large banks may struggle with changing processes across hundreds of interdependent systems, regional institutions may lack the AI and data readiness expertise required to redesign workflows and operationalize controls effectively. But with an AI strategy grounded in governance, banks of all sizes can determine their most impactful use cases and the workflows that will need to support them.
AI in action: AI agents lend support to lending operations for commercial bank
A large commercial bank approached Grant Thornton to support streamlining its collateralized lending business and generate insights into portfolio performance. As part of this effort, the Grant Thornton team is building AI agents that enable the business to scale lending operations without adding headcount. Leveraging generative AI capabilities, Grant Thornton performs reviews and deeper analysis so teams can focus on strategy and risk mitigation across the lending portfolio.
Banks are underusing AI to improve data readiness
Similar to other financial services industries surveyed, data readiness is a barrier to deploying AI in banking. Data barriers often trace back to inconsistent definitions across business lines, siloed systems that were not built to communicate and too many stakeholders with fragmented ownership.
Larger institutions are addressing this by building semantic layers on top of existing systems rather than centralizing data — creating a usable, logical view that makes data accessible to AI without requiring infrastructure rebuilds. Regional banks can use AI to aid in data prioritization and remediation, supporting continuous improvement in data quality and integration.
Applying AI: AI-driven data inventory
One way financial institutions can address gaps in its data lineage is by using an AI driven data inventory approach. By applying AI and machine‑learning rules to identify patterns and relationships within its data, they can reverse‑engineer a data library across the organization.
With this approach, financial institutions can establish foundational capabilities faster. By using AI to support data inventorying, attribute creation and data‑library development, organizations have the potential to map and document legacy environments, including mainframe and COBOL structures.
Other emerging best practices include:
- Semantic layers to unify fragmented systems
- Automated reconciliation and conformance testing
These capabilities can form the foundation for regulatory reporting automation, risk modeling and stress testing, and finance and close automation.
Three actions to move from AI potential to performance
In today’s financial services market, the gap between AI ambition and performance is real. And it will not be fixed until banking leaders ground AI initiatives in governance.
Grant Thornton works with companies across the financial services industry to strengthen their AI strategy and build readiness through solutions including creating a responsible AI governance framework for banks that aligns with organizational goals; building foundational data readiness; and embedding AI into workflows such as key customer onboarding, compliance processing, and fraud detection. Discover how our AI solutions help banks turn AI strategy into measurable value.
Methodology
Between Feb. 23 and March 18, 2026, Grant Thornton surveyed 950 business leaders, a group restricted to CFOs, CIOs/CITOs, COOs, and VPs, department heads, and directors who report directly to the C-suite. The banking-specific subgroup comprises 50 respondents. Role-specific findings within the banking subset of data are directional only.
Contact:
Content disclaimer
This content provides information and comments on current issues and developments from Grant Thornton Advisors LLC and Grant Thornton LLP. It is not a comprehensive analysis of the subject matter covered. It is not, and should not be construed as, accounting, legal, tax, or professional advice provided by Grant Thornton Advisors LLC and Grant Thornton LLP. All relevant facts and circumstances, including the pertinent authoritative literature, need to be considered to arrive at conclusions that comply with matters addressed in this content.
For additional information on topics covered in this content, contact a Grant Thornton professional.
Grant Thornton LLP and Grant Thornton Advisors LLC (and their respective subsidiary entities) practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Grant Thornton LLP is a licensed independent CPA firm that provides attest services to its clients, and Grant Thornton Advisors LLC and its subsidiary entities provide tax and business consulting services to their clients. Grant Thornton Advisors LLC and its subsidiary entities are not licensed CPA firms.
Tax professional standards statement
This content supports Grant Thornton Advisors LLC’s marketing of professional services and is not written tax advice directed at the particular facts and circumstances of any person. It is not, and should not be construed as, accounting, legal, tax, or professional advice provided by Grant Thornton Advisors LLC. If you are interested in the topics presented herein, we encourage you to contact a Grant Thornton Advisors LLC tax professional. Nothing herein shall be construed as imposing a limitation on any person from disclosing the tax treatment or tax structure of any matter addressed herein.
The information contained herein is general in nature and is based on authorities that are subject to change. It is not, and should not be construed as, accounting, legal, tax, or professional advice provided by Grant Thornton Advisors LLC. This material may not be applicable to, or suitable for, the reader’s specific circumstances or needs and may require consideration of tax and nontax factors not described herein. Contact a Grant Thornton Advisors LLC tax professional prior to taking any action based upon this information.
Changes in tax laws or other factors could affect, on a prospective or retroactive basis, the information contained herein; Grant Thornton Advisors LLC assumes no obligation to inform the reader of any such changes. All references to “Section,” “Sec.,” or “§” refer to the Internal Revenue Code of 1986, as amended.
Grant Thornton Advisors LLC and its subsidiary entities are not licensed CPA firms.
Share with your network
Share