The news: Banks have made significant progress deploying AI across fraud detection, underwriting, compliance, and customer-facing functions. But for many, their governance infrastructure has not kept pace, per Wolters Klewer’s “AI Risk and Governance Index.”

Zoom in: The study found that 36.1% of banking professionals cited model governance and validation as the top barrier to safely scaling AI—by far the leading concern. Banks are increasingly focused on building the controls, monitoring, and oversight needed to manage AI at scale rather than simply expanding deployment.

Regarding where controls should be strengthened most urgently, 28.6% cited fairness and bias controls, followed by continuous monitoring and performance management (26.9%), model governance and validation (22.9%), and data controls (21.6%). The relatively even distribution indicates that banks believe AI governance requires a coordinated investment strategy spanning model oversight, fairness testing, monitoring, and data management.

Why this matters: The governance findings are particularly relevant as banks gain access to increasingly powerful AI systems such as Anthropic's Mythos, an advanced model that has demonstrated the ability to autonomously identify cybersecurity vulnerabilities during testing. While Mythos has drawn regulatory attention because of its potential to strengthen defenses—or enable more sophisticated attacks if misused—it also reflects a broader challenge facing the banking industry. 

AI is moving rapidly from experimental use to critical functions such as fraud detection, underwriting, collections, compliance, and customer service—often with increasing levels of autonomy. As these systems become more capable, the risks extend beyond cybersecurity to model drift, biased decision-making, inconsistent customer service, operational failures, third-party dependencies, and regulatory exposure. 

This highlights a growing concern across banking: Institutions are deploying increasingly powerful AI tools faster than they’re building controls to monitor, govern, and intervene when those systems fail.

Recommendations for banks: As banks deploy increasingly powerful AI, they must prioritize governance and oversight to ensure those tools reduce risk rather than create new vulnerabilities. For example, banks should focus on:

• Building AI incident-response capabilities now: Establish clear reporting procedures, escalation paths, and model shutdown protocols before AI failures or regulatory scrutiny occur.
• Expanding governance beyond the model itself: Regularly assess risks from third-party AI vendors, external data sources, and cloud providers, as these dependencies can create blind spots that traditional model risk frameworks may miss.

This content is part of EMARKETER’s subscription Briefings, where we pair daily updates with data and analysis from forecasts and research reports. Our Briefings prepare you to start your day informed, to provide critical insights in an important meeting, and to understand the context of what’s happening in your industry. Non-clients can click here to get a demo of our full platform and coverage.