88% of organizations use AI. Just 39% report any EBIT impact. This report explains why — and what leaders in finance can do about it.
of organizations use AI in at least one function.
report EBIT impact— often single-digit percentages.
AI showed 2x the amount of security risk violations vs. human projects.
There’s a widening gap between bold AI ambition and reality. Most FSI organizations aren’t failing at AI because of the technology, but because their foundations can’t support it.
88% of FSI organizations are using AI in at least one business function, and 64 % say that AI is enabling their innovation. However, at the enterprise level, just 39% report EBIT impact— often single-digit percentages.
Only 12% of C-suite leaders can identify the right controls for common AI risks. Boards can’t govern what they can’t see. In financial services, a shared view has to extend beyond enterprise IT to the software in customer-facing systems, core banking infrastructure, and regulated processes.
57% of organizations cite non-compliance with AI regulations as their top AI risk. And the rules keep changing by region. In financial services, AI compliance rarely stands alone: it intersects with operational resilience obligations, prudential requirements, and sector-specific regulations such as DORA and EBA guidelines.
AI generates 2x more security violations than humans. And only 29% of organizations have formal oversight of AI-generated code. Leaders in finance should bolster existing security management processes instead of treating AI security risks in isolation.
AI can generate large and structurally maintainable software systems. However, only a small fraction of generated systems compile or run without modification, limiting practical significance and end-to-end usability. 72% of AI systems in production score below quality thresholds — creating risks boards may not know about.
From all the systems (in production) SIG has analyzed in 2025, roughly 1.5% qualify as an AI system. Of those AI systems, 70% are traditional AI /ML systems and 15% agentic AI systems. 72% of AI systems score below our recommended build-quality threshold.
Written for boards, CISOs, and CTOs in financial services — grounded in SIG’s analysis of 400+ billion lines of code across 30,000+ systems.
Only 18% of banking leaders are confident they’d pass an independent review of their AI controls. Inside: the one-page test every board should be able to answer — what you have, where it runs, who owns it, and how it’s controlled.
57% name non-compliance as their top AI risk (EY), and in FSI it never stands alone. A global map of the EU AI Act, DORA, EBA, US, UK, and APAC rules, plus the ISO standards (including ISO/IEC 5338, co-developed by SIG) emerging as the shared language across borders.
Reported impact swings from a 19% slowdown to a 26% speed-up. Only 29% of organizations report having formal oversight or processes to assess AI-generated code. What separates the two outcomes is governance, not tooling.
72% of AI systems in production score below SIG’s build-quality threshold. Why “in production” isn’t the same as “production-ready” for the systems running fraud detection, credit scoring, and regulatory reporting — and what good actually looks like.
With attacks getting faster and cheaper, and AI-generated code shipping with double the security violations of human code, the exposure is widening on both sides. In this chapter: the three risks boards can’t ignore and how to extend the security you already have instead of building a separate AI-only framework.
Featuring perspectives from ABN AMRO, NautaDutilh, and code4thought.
Download the report
FREE DOWNLOAD
Global insights to close the gap and unlock a clear path to AI success in Financial organizations in 2026.
