Executive Summary
Artificial Intelligence is rapidly becoming a strategic priority across the financial sector. At Grant Thornton's Responsible AI in Banking conference, speakers from the European Central Bank (ECB), BBVA, Santander, Commerzbank and Lloyds Banking Group explored how both supervisors and banks are moving from experimentation towards practical deployment of AI capabilities.
The discussions highlighted how artificial intelligence is being embedded within supervisory processes and banking operations, while also raising new questions around governance, accountability, risk management and organisational readiness. Although perspectives varied between supervisors and practitioners, there was broad agreement that successful adoption requires a balance between innovation and control, supported by strong governance frameworks and ongoing investment in people and capabilities.
The event also included Grant Thornton's perspective on AI system validation, focusing on practical approaches to governance, monitoring and oversight of Generative AI and Agentic AI applications.
A recording of the conference, including the ECB keynote, industry panel discussion and Grant Thornton’s presentation, is available here:
Part I – ECB Perspective: Building a Digitally Enabled Supervisor
Artificial Intelligence is becoming a strategic priority for both supervisors and banks
Opening the conference, the keynote speech outlined how technological innovation is reshaping the financial sector and changing the way both banks and supervisors operate. According to the ECB, artificial intelligence presents an opportunity to improve efficiency, generate new insights from data and enhance supervisory effectiveness. The ECB views AI not only as a means of improving supervisory processes but also as a way of better understanding the technologies increasingly being adopted by supervised institutions.
The ECB is pursuing AI as part of a broader digital transformation agenda
The keynote described a digital transformation programme launched in 2020 that combines investments in data infrastructure, supervisory technology and artificial intelligence with broader organisational change. The ECB explained that its objective is to become more effective, more efficient and more integrated across the European supervisory community. Particular emphasis has been placed on simplifying the supervisory technology landscape and creating an architecture capable of supporting advanced analytics and AI-enabled supervision.
As part of this transformation, the ECB has introduced new supervisory tools that help supervisors analyse information, access documentation and identify risks more efficiently. The keynote highlighted examples such as the Athena platform, which enables supervisors to interact with supervisory information and documentation across multiple languages. Ongoing investments in agentic AI capabilities were also discussed as part of efforts to enhance productivity and knowledge retrieval.
Human oversight remains a fundamental principle
While discussing the growing role of artificial intelligence, the ECB repeatedly stressed that AI is intended to support supervisors rather than replace them. Supervisory decisions remain the responsibility of human experts, with artificial intelligence serving as an enabling technology rather than an autonomous decision-maker. Strong governance, controlled use cases and compliance with regulatory requirements were presented as central principles of the ECB's approach.
Culture, education and accountability are essential for successful adoption
A recurring theme throughout the keynote was that successful digital transformation depends as much on people as it does on technology. The ECB described extensive investments in digital skills development, leadership education and partnerships with academic institutions. Particular importance was attached to helping staff understand both the opportunities and limitations of emerging technologies. The keynote concluded by highlighting the need to balance innovation and control, while recognising that failing to adopt transformative technologies may itself create risks for organisations.
Part II – Industry Perspectives: Governance, Accountability and AI Risk Management
Banks are moving from AI experimentation towards operational deployment
The industry panel focused on how banks are approaching AI adoption in practice. Participants discussed how many institutions are moving beyond experimentation and productivity-focused initiatives towards broader deployment across business processes. Examples discussed included customer interaction, credit decision-making, anti-money laundering activities and operational efficiency programmes. There was general agreement that the pace of adoption continues to accelerate, driven in part by concerns about falling behind competitors and missing opportunities presented by the technology.
Generative AI and Agentic AI are creating new governance challenges
A substantial part of the discussion focused on the differences between traditional analytical models, machine learning, Generative AI and Agentic AI. Panellists generally agreed that governance approaches for traditional models are relatively mature, while institutions are still refining their approaches to newer forms of AI. Agentic AI was described as introducing additional complexity because such systems may access multiple applications, retrieve information dynamically and perform actions with varying degrees of autonomy.
Governance is emerging as a critical enabler of responsible AI adoption
Governance was one of the dominant themes throughout the panel discussion. Participants emphasised the importance of maintaining inventories of AI use cases, establishing clear ownership structures and applying controls that reflect the complexity and materiality of individual applications. Rather than restricting innovation, governance was described as providing the visibility necessary to support responsible deployment at scale.
The focus is expanding from model governance to system governance
One of the strongest themes emerging from the panel was the observation that organisations are increasingly overseeing complete AI systems rather than individual models. Participants noted that many AI solutions now comprise multiple interconnected components, including models, prompts, retrieval mechanisms, knowledge repositories, external services and monitoring capabilities. Consequently, oversight activities are expanding beyond traditional model validation towards a more comprehensive understanding of how AI systems operate in practice.
Data foundations remain a key challenge
Despite rapid advances in AI capabilities, panellists noted that many longstanding data challenges remain highly relevant. Fragmented legacy environments, traceability issues and inconsistent data definitions continue to affect implementation efforts across the industry. At the same time, organisations are becoming increasingly dependent on cloud providers and external AI technology vendors, creating additional considerations related to operational resilience and third-party risk management.
Regulatory expectations continue to evolve
The discussion concluded with reflections on supervisory expectations and the future regulatory landscape. Accountability, human oversight, monitoring, escalation processes and outcome assessment were repeatedly highlighted as areas of focus. While regulatory approaches continue to evolve across jurisdictions, governance and accountability were consistently identified as fundamental requirements for successful AI adoption.
Part III – Grant Thornton Perspective: From Model to AI System Validation
Traditional model validation approaches are not sufficient for AI systems
Building on the themes raised by both the ECB and industry practitioners, Grant Thornton presentation focused on one of the most practical challenges facing financial institutions today: how to validate and continuously monitor AI systems. The presentation highlighted a fundamental shift from traditional machine learning models towards Generative AI and Agentic AI. Unlike conventional models, which are largely deterministic and repeatable, AI systems are inherently probabilistic, requiring institutions to rethink how validation, monitoring and oversight are performed.
AI validation should focus on data, behaviour, outputs, human oversight, and monitoring
The presentation introduced a validation framework structured around five key areas: data and data safety, behavioural testing, output evaluation, human oversight, and continuous monitoring. Rather than focusing solely on model performance, the effective validation framework assesses how the entire AI system operates, how outputs are generated, and whether appropriate controls are embedded throughout the lifecycle. Alongside strong data governance, institutions must also consider the quality and accuracy of knowledge repositories, prompts, instructions, and workflows that influence AI behaviour and output.
Behavioural testing examines whether an AI system behaves safely, predictably, and consistently across a range of conditions. Rather than assessing the quality of a single response, it evaluates how the system reasons, follows instructions, handles incomplete or contradictory information, applies guardrails, and, where agentic capabilities are present, plans and executes actions to achieve defined objectives. Testing is conducted under a variety of controlled stress scenarios to identify systematic behavioural weaknesses that may not be apparent during normal operation.
Output evaluation focuses on the quality and suitability of individual responses. This includes assessing relevance, factual accuracy, completeness, clarity, professional tone, and overall fitness for purpose. While certain checks can be automated, such as verifying consistency against source material, others require human judgement to determine whether the output appropriately addresses the intended objective, presents balanced reasoning, and is suitable for its business, risk, or regulatory context.
To illustrate how AI validation differs from traditional model validation, the presentation highlighted several practical testing approaches.
One example of output evaluation was a relevance test, which assesses whether an AI agent's response remains focused on the original request. A response may be factually correct yet still fail validation if it introduces unnecessary information or deviates from the intended objective.
A behavioural testing example involved presenting a deliberately misleading prompt to evaluate whether the agent appropriately challenges the underlying assumption or simply reproduces inaccurate information. Such tests help assess not only the accuracy of outputs but also the reliability, robustness, and trustworthiness of the agent's behaviour under different conditions.
Human oversight and proportional monitoring remain essential
The presentation emphasised the importance of human oversight and continuous monitoring. As AI outputs become more sophisticated, organisations must continue to challenge and verify results rather than rely on them automatically. Monitoring should be proportionate to factors such as autonomy, business impact and regulatory significance, with tiering helping to balance innovation and control.
For a deeper exploration of AI validation approaches and practical considerations for model risk management, see Grant Thornton's article, Validating Artificial Intelligence Systems: A Modern Capability for Model Risk Management.
Conclusion
The conference demonstrated that both supervisors and financial institutions are actively investing in artificial intelligence while simultaneously strengthening governance and control frameworks. The ECB's keynote highlighted how AI is being integrated into supervisory processes through a combination of technology investment, organisational readiness and human oversight. The industry panel expanded on these themes by exploring the practical realities of AI adoption, including governance, accountability, data foundations and evolving regulatory expectations. Finally, the Grant Thornton presentation provided a practical framework for validating and monitoring AI systems, highlighting the shift from traditional model validation towards broader AI system governance.
Although approaches continue to mature, all three sessions reinforced a common message: successful AI adoption requires a balance between innovation and control, supported by strong governance, clear accountability and ongoing investment in people, processes and technology.
