By David Fairman, SixThirty Partner & CISO-in-Residence
The Stakes Have Changed: AI at Scale in Financial Services
In 2024, AI is no longer a back-office experiment. Leading financial institutions are industrializing it—and redefining their cost structures, customer relationships, and compliance postures along the way.
JPMorgan now runs over 100 generative AI tools in production, achieving a 30% drop in servicing costs and a 25% uplift in customer engagement. Meanwhile, Citigroup’s internal copilots—part of its “Citi AI” program—are summarizing policies and drafting communications across 11 markets.
But this is just the beginning. As generative AI migrates from pilots to production, CIOs must transition from experimentation to orchestration. That means balancing scale, compliance, and strategy—under pressure.
Where to Play: High-Yield AI Use Cases for 2024–2026
AI is delivering measurable value across the FSI spectrum. CIOs should prioritize these high-impact domains:
| Business Line | AI Application | Early Results |
| Retail & SME Banking | LLMs extract and validate income data from pay slips and bank feeds to prefill credit apps | 60% reduction in manual data entry, approval time cut from days to minutes (McKinsey) |
| Wealth Management | Personalized portfolio briefings from market data + client risk profile | 3× research productivity at top US bank (Business Insider) |
| Insurance (P&C) | AI triages low-severity claims and drafts empathetic client emails | 50,000 AI-drafted emails/day at Allstate, with CSAT improvements (WSJ) |
| Life & Health Underwriting | Multimodal models process OCR’d medical records to flag exclusions and pre-price cases | 40% faster straight-through processing at a major reinsurer (EY) |
| Risk & Compliance | Virtual compliance officers draft regulatory assessments for AML/KYC | 70% analyst hour reduction per notice (IBM) |
Build the Fabric Before You Fly
AI transformation demands infrastructure. Without the right foundation, scaling AI is like flying without avionics.
- Domain-Specific Vector Stores
AI agents need secure, real-time access to customer and transaction data.
Action: Deploy a vector store with PII-redaction at ingest. Align with PCI-DSS, HIPAA, and CDR compliance standards. - LLMOps & Model Risk Management
Gen-AI must follow the same model validation processes used for credit and market risk.
Action: Extend your model inventory to include prompts and embeddings. Run automated drift and bias tests nightly. - 3. Operational Risk Alignment (CPS 230)
APRA CPS 230, effective July 2025, mandates mapping all tech services (including AI) to critical operations.
Action: For every AI tool—internal or SaaS—set RTO/RPO metrics and business continuity plans. - Regulatory Conformance (EU AI Act & NY DFS)
Credit and underwriting AIs are classified as high-risk under EU and NY frameworks.
Action: Maintain a “model bill of materials” (training data, eval scores, biases) and report quarterly to the board. - Workforce Transformation
Winning firms are reskilling claims adjusters and analysts as AI product owners.
Action: Embed copilots across roles and update KPIs to measure human + AI productivity.
Navigating a Wider Risk Surface
The attack surface has shifted—regulators and adversaries are adapting. Here’s how to stay ahead:
| Risk Vector | What’s Emerging | Mitigation Strategy |
| Regulation | EU AI Act, NY DFS Circular 7/2024, HKMA, MAS—all require auditability and fairness | Embed compliance checks into CI/CD; budget for third-party audits |
| Data Privacy & IP | Sensitive financial and health data is high-risk and high-penalty | Use retrieval-augmented generation (RAG); watermark model outputs |
| Security | Prompt injection and model inversion are real threats | Add these vectors to red-team scenarios; use inference firewalls |
| Conduct & Fairness | AI that discriminates or misprices risks violating fiduciary duties | Run fairness testing by protected class; maintain override workflows |
| Operational Resilience | Runaway agents could initiate trades or pay false claims instantly | Design kill-switch APIs; practice manual failover under CPS 230 guidelines |
Next 90 Days
- Launch an AI Steering Council co-chaired by the CIO and CRO.
- Inventory and score all AI initiatives by revenue, risk, and readiness.
- Pilot two “quick-win” use cases—e.g., claim triage and AML document summarization—with hard ROI metrics.
- Select a governance platform for tracking prompt logs, versioning models, and auditing fairness/bias.
Months 4–24
- Scale: Move validated pilots into a shared API-accessible agent catalog.
- Industrialize: Run prompt regression tests; integrate LLMOps into model risk sign-off.
- Assure: Use quarterly red-teaming and annual third-party audits for assurance; visualize in board dashboards.
- Embed: Target 80% touchless processing by embedding AI across customer journeys—from onboarding to underwriting.
- Recycle: Reinvest operational gains into employee upskilling and enhanced risk controls.
Final Word: Lift Off, Not Just Lift
Financial services is shifting from “proof-of-concept” to “proof-of-value” at unprecedented speed. CIOs who treat AI as a regulated product—and execute like portfolio managers—will separate leaders from laggards.
The lift is real. The scrutiny is high. But for those prepared to fly, the runway has never looked more promising.
