Industry
Banking
Banking Services Transformation: Unlocking Exponential Value
Highlights
- Financial institutions have traditionally relied on a plethora of models to support decision-making in functions such as customer acquisition, collections, financial crime management, and capital adequacy.
- Over time, banks have significantly expanded their model portfolio in terms of both number and complexity, making model risk management a critical priority.
- Financial institutions must embrace AI technologies spanning GenAI and AI agents to increase efficiency and accuracy, in turn improving model risk management.
Introduction
Banks have long relied on diverse models to support critical functions such as customer acquisition, collections, financial crime management, especially money-laundering, and capital adequacy.
With the continual adoption of new technologies—ranging from advanced compute technologies to machine learning (ML) techniques—the pace of developing and deploying models has accelerated significantly. This rapid evolution has driven an exponential increase in the size and complexity of model inventories, making the management of model risk—the potential for adverse consequences from flawed or misused models—an essential priority for financial institutions.
Model risk is recognized as one of the key risks banks must manage, subject to significant regulatory oversight. Regulatory guidance such as the United States’ SR 11-7 and the United Kingdom’s SS1/23 mandate robust model risk management (MRM), most notably through the three lines of defense framework. Under this structure, the first line comprises model development; the second line involves independent validation and certification of models; and the third line ensures oversight by verifying adherence to policies and procedures across both development and validation processes.
While enhancing MRM across all three lines of defense is imperative, it is not easy. However, the advent of generative AI (GenAI) and AI agents offers an opportunity to improve MRM. These technologies can increase productivity by improving the efficacy of all the tasks and activities related with model risk management. They also help to reduce errors and strengthen compliance by automating routine tasks, augmenting human judgment, and enhancing transparency. In particular, AI agents enable proactive compliance through self-monitoring systems and continuously scanning for deviations, undocumented changes, and policy breaches before regulators scrutinize and identify these gaps. This underscores the urgent need for financial institutions to adopt GenAI and AI agents across the model risk function.
GenAI and AI agents in model risk functions
To realize the full potential of GenAI and AI agents in model risk management, financial institutions must embed these technologies across the three lines of defense framework.
Financial institutions must incorporate GenAI and AI agents across key activities within model development, validation, audit, and proactive compliance (see Table 1). The table also depicts the degree of impact of AI intervention on each activity, serving as a practical guide for integrating GenAI into model governance workflows with clarity and purpose. By mapping GenAI use cases to each function, financial institutions can clearly identify where automation, intelligence, and continuous monitoring can generate the greatest operational and risk management benefits. The activities span the full model lifecycle across development, validation, and oversight—this structured view helps financial institutions prioritize high‑impact areas where GenAI can deliver immediate efficiency gains while strengthening control effectiveness. It also ensures that the adoption of AI aligns with governance expectations, supporting transparency, traceability, and regulatory compliance.
Within this three lines of defense structure (see Table 1), model development focuses on identifying data sources, establishing the data lineage, and creating the model itself through data transformation, algorithm selection, and performance assessment. The development team is also responsible for producing comprehensive model development documentation that explains the model’s design, variables, data treatments, assumptions, and limitations—this is a prerequisite for initiating independent review and moving to the second line of defense.
The second line of defense, model validation, involves independently reviewing model code, documentation, and methodological choices to identify gaps, errors, or erroneous treatments. Validators also build benchmark or challenger models to test the strength and stability of the proposed model and create a formal validation report outlining any weaknesses, documentation gaps, or risks, and recommending whether the model should be approved, conditionally approved, or rejected. The third line of defense, involving audit and oversight, complements these activities by assessing whether both development and validation have followed applicable model governance standards and guidelines, ultimately issuing an audit report highlighting any issues requiring remediation.
Line of defense |
Key activities |
How GenAI and AI agents can help |
Impact |
First line of defense – model development |
|
|
High |
|
|
Medium |
|
|
|
High |
|
|
|
Medium |
|
|
|
High |
|
Second line of defense – model validation |
|
|
High |
|
|
Medium |
|
|
|
High |
|
|
|
Medium |
|
|
|
High |
|
|
|
Medium |
|
Third line of defense – audit and oversight |
|
|
High |
|
|
High |
|
|
|
Medium |
|
Proactive compliance across all three lines of defense |
|
|
High |
Table 1: Areas where AI can help in the model risk management lifecycle
The transformational potential of GenAI and AI agents across model risk functions is unquestionable. However, their integration must be carefully managed to avoid introducing new risks. As financial institutions begin to operationalize these technologies, it becomes essential to establish robust guardrails that ensure responsible use, maintain regulatory compliance, and preserve trust in automated processes.
An action plan for success
Model driven decision-making carries inherent risks as outcomes are essentially estimates subject to uncertainty and underlying assumptions.
This reliance can expose financial institutions to regulatory fines, operational losses, and reputational damage if models are flawed, misused, or poorly governed. While GenAI can enhance accuracy, efficiency, and oversight across model risk functions, human judgement and reason is a must to review and validate automated outputs. Adopting a human-in-the-loop approach helps prevent technological benefits from inadvertently becoming sources of risk.
Banks must adopt a risk-based approach, gradually introducing GenAI into model management processes in line with their risk materiality. Operationalizing GenAI and AI agents across model risk functions demands a phased adoption strategy, beginning with low-risk models, where potential exposure to risks such as adverse customer impact is minimal, and progressively expanding to higher risk areas once controls and guardrails are firmly established. To successfully adopt GenAI and AI agents across model risk functions, banks will need to navigate the following key steps:
- Start with low-risk models: Select activities with limited regulatory or financial exposure, for example, document creation in to run GenAI pilots.
- Build a GenAI solution: Design a secure solution with defined scope, clear objectives, data integration, human-in-the-loop checkpoints, and guardrails.
- Perform human-in-the-loop evaluation: Ensure experts review, contextualize, and validate GenAI outputs, creating a feedback loop to drive accuracy and reliability.
- Rectify deficiencies or gaps: Document errors, perform root cause analysis, and implement remedial measures to strengthen prompts, workflows, and compliance.
- Experiment with GenAI in low-risk areas: Deploy solutions for a defined period, monitor performance metrics, and collect feedback to validate stability and governance.
- Extend to medium- and high-risk areas: Scale adoption to higher-risk areas with enhanced guardrails, continuous monitoring, and regulatory alignment once stability is proven.
Conclusion
In the rapidly shifting BFSI industry, the demand for risk models is set to increase, bringing complexity and underscoring the need for speed and shorter model production cycles.
Model risk teams will need to continually adapt to change to meet the growing demands from the model risk management function—and the way forward lies in embracing AI technologies.
The next evolution of AI—especially agentic systems capable of autonomous reasoning and coordinated task execution—will push model risk management toward more fluid, realtime oversight. Agentic systems will help financial institutions move beyond periodic reviews to continuous monitoring, enabling faster detection of model drift, and more adaptive interventions that will ensure governance adjusts in near real-time to rapidly changing market and business conditions.
As AI capabilities mature, banks will need to prepare for greater model interconnectivity and faster update cycles driven by selflearning and agentorchestrated processes. This will require strengthening monitoring frameworks, ensuring models can produce reliable explanations at scale, and embedding AIenabled validation routines that operate alongside production systems.
Financial institutions must modernize their MRM foundations, equipping themselves to accommodate autonomous agents, higher model refresh velocity, and AIgenerated insights, to manage expanding model portfolios with consistency, speed, and confidence. The time to act is now—banks that do will gain from the first-mover advantage and march ahead of their peers.