An eye on AI in financial services – the findings of a new global survey

In a recent post I looked at some of the pressing issues and latest trends in AI in financial services, and mentioned that one of the many things coming down the line was the AI in Financial Services 2030 Global Survey from The University of Cambridge Judge Business School in collaboration with Cambridge Centre for Alternative Finance (the Survey). It is out now….

Like the Evident reports (which I have covered in other posts), the Survey gives a view through a global lens. Unlike the Evident reports, the Survey has a multi-stakeholder focus and looks at smaller firms in addition to the big global players. It reflects the latest perspectives of regulators, firms and vendors, having been based upon insights from 628 respondent organisations, including 203 fintechs, 149 financial incumbents, 146 AI vendors and 130 central banks and other financial regulators across 151 jurisdictions around the world. This Survey was undertaken by a collaboration between the Cambridge Centre for Alternative Finance, Financial Innovation for Impact, the Bank for International Settlements, the International Monetary Fund, the World Economic Forum, the Inter-American Development Bank, CGAP, the Arab Monetary Fund and the UK Foreign, Commonwealth and Development Office.

Key findings:

The Survey's main takeaways are these (a few of which were noted in an article recently featured in the FT and titled “Humans still matter more than AI” (in super-summary profit has not yet been widely delivered, but neither has doom; risks persist for financial stability; and regulators are worried about cyberattacks, herding, and concentration risks)):

• Tech change outpaces readiness: The fast pace of AI technology has outflanked the abilities of firms and regulators to manage associated risks, regulate with clarity, and extrapolate reality from hype. The resulting ‘gap’ creates a new kind of system-wide risk which threatens to disrupt the status quo on a series of interconnected issues such as oversight, governance, and dependency on shared infrastructures.
• Regulatory clarity: The financial services ecosystem needs clearer regulatory guidance. The statistics for those seeking regulatory clarity are high (73% of industry, 66% of vendors, and 56% of regulators). As things stand, deployment by industry is ahead of regulatory readiness to safeguard “prudential soundness, market stability, conduct of business and consumer protection” and so a shift in the regulatory architecture is needed.
• The significance of responsible governance: The Survey evidences support for the need to focus on good governance, clear accountability, and human oversight, and the question of how these foundational pillars need to evolve given the pace of technological change. The loss of human oversight and “collective forgetting” (that's humans forgetting how to intervene manually, if needed (a skill that may well be needed in a crisis)) are noted as key risks. These risks compound the need to address the ‘redundancy’ of traditional governance and manual oversight and operationalise a future-fit variant capable of enabling the required levels of visibility and control for those who are accountable for AI deployment.
• Humans are still needed: The Survey underscores the need for humans to remain a key part of the financial services ecosystem. Top of the list of in-demand human-centred skills include the technical abilities to explain AI, to oversee AI in action, and to apply critical thinking. The Survey highlights the need for humans “to adopt agentic AI capabilities themselves to match the systems they oversee. Without embedding agentic supervisory systems that can monitor, test, simulate, and respond to risks at machine speed, regulatory capacity may lag technological reality. Without this transition, the gap between technological advancement and regulatory capacity will continue to widen, increasing the likelihood of rapid, system wide disruptions, risks and potential harm to market participants”.
• Accountability: The Survey points to significant and unresolved frictions on accountability between financial services firms and vendors, but emphasises the established regulatory standard that accountability and liability sit squarely with firms.  
• Adoption levels are high: Adoption levels are high with around 80% of financial services firms adopting AI. Machine learning and GenAI have both been widely adopted. However, the Survey points to a significant gap between those who report early stage experimentation and those who report having attained “institution-wide AI integration”. Those entities reporting mature-stage deployment are most likely to be based in advanced economies and are most likely to have made significant investment in AI technology. This finding is entirely consistent with those of the Evident reports.
• Experiments with agents: Agentic experimentation is well underway with over half of financial services firms already experimenting and around 21% of firms having moved beyond the pilot stage to more advanced deployment. This 21% is likely to be made up predominantly of fintechs deploying what the Survey refers to as “financial-services specific products” which are embedded with “enough domain logic (regulatory rules, risk thresholds, compliance guardrails) to be trusted with higher autonomy in well-defined, repeatable tasks”. The Survey points to a clear expectation that this space will move quickly and that “autonomous agents will become mainstream in financial services within five years”.
• Cyberattacks are a primary risk: The financial services ecosystem is a prime target for adversarial cyber activities. Recent news around Mythos (and similar models) has raised awareness of the capabilities of agents to hack vulnerabilities in the financial services ecosystem's defences at well beyond the speed of human oversight. This highlights structural vulnerabilities in the financial services ecosystem that are a priority task to address and which are further challenged by a raft of interconnected macro or “system-level” issues including third-party dependencies, governance gaps and challenges, and resilience.
• Persistent friction points: Pain points that hinder adoption continue to include data (including quality, completeness, bias, fragmentation and siloes), legacy infrastructure, and a lack of suitably skilled talent. Talent and expertise in AI, or the lack of it, is noted as a “critical barrier to AI deployment in financial services”.
• Risks: The much-talked-about “isolated issue” risks, including data protection and privacy, bias, hallucinations, unreliability, and lack of explainability, all continue to feature among the top-ranked risks. Some of the Survey's findings highlight distinctly different perceptions between regulators, firms, and vendors regarding key risks. The Survey notes fragmented views on explainability and accountability, different views on shared responsibility, and different levels of concern around concentration risks. The Survey highlights a new “systemic chain of technical and market risks” introduced by the frontier models and by the gulf between deployment and oversight. The Survey states that “traditional manual oversight” is not an appropriate fit for the use of this technology in financial services, and that “AI is changing how control is exercised….when decision making becomes more automated, errors become harder to detect and may also spread faster across process, products and institutions”. This gap (or series of related gaps) between the technology that industry is deploying and is capable of overseeing, as against the applicable regulatory expectations, is of critical importance.
• AI is still mostly in the back-office: An “execution gap” has formed, with most use cases still living in back-office functionality. The Survey concludes that the most mature and widespread use of AI is in software development and in fraud detection. In the front-office, the most likely use of AI is in customer support.  Evidence of institution wide AI-driven transformation is hard to find (reported in only 14% of cases).
• Fintechs in the lead: Fintechs are challenging traditional financial institutions in reaching transformational stages of adoption, in their use of agentic AI, in their reporting of increased profitability, and in their deployment of front-office use cases. Fintechs tend to run from more efficient cost bases, are less burdened by legacy technology, data siloes or rigid governance structures, and seem able to turn “lean budgets” into “the highest rates of reported AI adoption maturity".   
• Value is hard to measure: The Survey suggests that the value of AI is currently hard to quantify. The statistics suggest that many are finding it difficult to measure the value of deployment (55% of industry respondents (76% for larger firms) and 55% of regulators). The Survey reports a broadly positive impact of AI on productivity, with the strongest gains in technology, data and product functions, and that firms are increasingly “well positioned to realise productivity benefits from AI adoption".  The Survey indicates that the primary markers of value are considered to be cost reduction and resource optimisation. Secondary benefits include profitability, revenue, and risk management. The Survey points to “corporate functions and leadership” recording the lowest positive impact of AI, though, given the Survey's other findings, this could soon be set to change.
• Use of external models and cloud infrastructure: Most firms are not training their own AI but are opting to build on third-party models with OpenAI being the most commonly used foundation model. In terms of cloud infrastructure, “the top three cloud providers serve more than 80% of the industry”. These same three providers are also “major AI tech vendors”. The Survey's evidence will likely compound concerns about ”concentration risks around critical cloud and foundational model providers" and the possibility that failures or attacks on critical systems could be challenging to contain and have ramifications far beyond a single firm or service.  
• Jobs: The impact on jobs remains difficult to predict. The Survey suggests that there has so far been no discernable change to headcount throughout the financial services sector and that, looking ahead, what is anticipated (rather than contraction) is a re-skilling or transformation of the workforce. What this transformation journey will look like is not yet clear and is likely to vary across different sub-sectors of financial services and be closely woven together with related factors such as investment in technology, deployment, and organisational restructuring.
• Consumers: The Survey highlights a number of areas where AI exacerbates the risk of harm to consumers, including AI-amplified market abuse and fraud, misuse of personal data, new risks for those in vulnerable circumstances (including from unchecked bias that could further exclude the already underserved), and protection risks where, for example it may be impossible to explain, and therefore challenge, a harmful outcome, where no-one fully understands the output. There are additional risks for consumers that arise from complex and unresolved issues of accountability and liability between firms and vendors. This lack of clarity could easily result in consumers who suffer harm being unable to understand how decisions that affect them have been made and having no clear route to redress.

Regulator use of AI: a “regulatory blind spot”?

Firms are understandably concerned, given how laser-focused the regulators are on the use of AI by firms, about how the regulators themselves are using it. The Survey gives some interesting insights here, finding that regulators are using AI significantly less than other players in the ecosystem (particularly in emerging markets), and are at a notably less mature stage of deployment. The examples given of where regulators are known to be using AI include: 

• supervisory and enforcement functions;
• macro-prudential analysis;
• market surveillance;
• misconduct detection;
• authorisations; and
• policy and rule-making. 

The blind spot: The Survey suggests that the relatively low level of adoption by regulators may reflect constraining factors such as tighter budgets and limited capacity, together with a lack of commercial incentive to return value from investment in AI. As such, the strong link noted between investment and maturity is less clear relative to the regulators. The Survey raises a critical question about whether this “divergence between the private sector and regulatory bodies” points to an emerging risk area where industry outpaces regulatory oversight, regulatory technology, and the ability of the regulators to keep pace with the technology that supervised firms are deploying. This divergence could create a new kind of unpredictable risk for the financial services ecosystem. 

The need for explainability: One key difference of views between regulators and financial services firms centres on the interconnected concepts of interpretability and explainability (and therefore, ultimately on accountability). The Survey indicates a strong preference on the part of regulators for models that are explainable and interpretable and can therefore withstand scrutiny.  In respect of firms, the Survey notes that “only 50% of surveyed [firms] use explainability methods while the other 50% do not use explainability methods or are unsure if they do”. Vendors are noted as indicating that “their financial services industry clients have limited capacity to use explainability methods, with over 50% rated as having low or no expertise in applying these techniques”. Significantly, the Survey goes on to highlight "the need for more human-centric approaches to AI explainability.”

A global need for financial services specific AI guidance: In terms of regulatory policy more generally, the Survey indicates a divergent approach around the world, with a “general lack of guidelines on the use of AI”, most regulators not collecting data on AI adoption, and many countries not having national AI strategies. In this space, the EU is noted as a leader in the field. In terms of financial services specific frameworks, the Survey concludes that these are most likely to derive from extensions to existing financial regulatory regimes rather than being AI specific. However, the Survey notes “near unanimous consensus from industry, regulators and vendors on the immediate priority for oversight: regulators need to ”clarify and update regulatory guidance for AI use"".

Conclusions: collaboration, embedding, talent and accountability

The Survey indicates some clear fault lines between:

• exploration and active transformation;
• fintechs and traditional financial institutions;
• advanced and emerging economies;
• the financial sector and the regulators that regulate it; and
• firms and vendors.

The Survey advocates for “strong collaboration and coordination - across agencies and across borders” to promote inconsistency, avoid duplication, and “blind spots”, and to “respond better to both domestic and cross-border risks”, together with multi-party engagement to promote better understanding about "how AI is being used, monitor emerging risks, and support responsible innovation”.

The Survey suggests that the key to unlocking maturity (indicated by transformational use and the ability to scale) lies in “how deeply AI is embedded in operational activities”. It seems clear that those firms with more advanced governance, more sophisticated controls, and more implementation experience are the leaders in the field. Key and connected factors include talent, internal expertise, and AI workforce readiness. Those firms that are investing significantly in these areas are the firms that are reporting measurable gains.  These findings are consistent with those made by Evident in their last annual report on global AI leaders. 

Linking back to the theme of accountability, the Survey underscores the foundational principle of firm responsibility. This shines laser focus on the need for firms to identify (i.e. name) their senior leaders who have the skills, the knowledge, the authority, to handle AI deployment and related incidents. This forces financial services firms deploying AI to adopt a changed approach to governance. These firms now need to move to an autonomous-AI-fit means of meeting the relevant regulatory requirements. This will include a firm-wide coordinated approach to embedding purpose-built decision-making structures, deploying clear accountability frameworks and mechanisms, reassessing risks and controls, constant run-time evaluation and monitoring, and an AI-fit incident response system. All of these related capabilities will need firms to engage an AI-skilled team of cross-discipline experts that can understand each other's language and who have engaged in meaningful collaboration before an incident occurs.

In its ability to join some of these key threads, the Survey's conclusion on agentic governance is impactful and highly material to addressing the clear and widening gaps between deployment by firms and supervisory capacity, and between deployment and explainability by firms:  “A shared framework for sound agentic practice, particularly for cross-boundary activity, is therefore a highly consequential item of governance work for the coming period…..How well the future regulatory architecture keeps pace with market change, and whether it develops adequate instruments to manage systemic AI-driven risks across firms and jurisdictional boundaries, is likely to shape sector-level outcomes as much as any firm-level adoption decision".

Our thought leadership:

You can subscribe to our monthly financial services regulation update by clicking here, clicking here for our AI blog, and here for our AI newsletter. You can meet our financial services experts here and our AI experts here.

“Kieran Garvey, Lead in AI at the Cambridge Centre for Alternative Finance: What this study shows is a sector in genuine transition. AI is already delivering real efficiency gains – in operations, in software development, in customer-facing services – and more mature adopters are beginning to use it to create entirely new financial products. However, the same capabilities driving those gains are also creating or exacerbating risks from model hallucinations and biases, data protection and privacy, lack of explainability, herding, third-party dependency and adversarial threats. How we collectively manage and mitigate these risks will shape the future trajectory of digital financial services.”

https://www.jbs.cam.ac.uk/2026/report-finds-uneven-ai-adoption-in-financial-services/