At Banking Transformation Summit, Louise Beaumont chaired a panel with four senior executives from ING, UBS, Barclays and Standard Bank - all of whom talked openly about the speed at which AI is moving inside their institutions. There was a candid admission: there's no holistic governance conversation happening at the pace the deployment is happening.
That's not a small admission from banks of that scale. But it's not the part that should concern financial institutions most.
The part that should concern financial institutions is what's happening outside their walls.
The intermediaries routing their customers' financial data. The fintechs sitting downstream in their open finance chain. The technology service providers delivering access to banks' customer accounts for third parties. They are deploying AI at the same pace. Under the same pressure to move fast. With the same governance gaps.
Their AI risk is the banks' risk. Their incident is the banks' incident. Their liability lands on the bank that holds the customer relationship. Courts have already established that. Regulation is catching up.
Amit from UBS put it plainly: "There's no holistic governance conversation happening at the pace the deployment is happening. We're focused on adoption. The controls are lagging."
He was talking about internal governance. The external version of that problem - third-party AI risk governance - is further behind still.
Gaurab from Barclays talked about the shift from patching broken processes to rebuilding for AI. Marco from ING was more direct: in this environment, six months is already legacy.
Shaad from Standard Bank made the point that the front door to banking is changing. More decisions will be delegated to AI agents. More journeys will be assembled across ecosystems. Banks that can't make their propositions clear, comparable and machine-usable will quietly see their relevance erode.
Every one of the AI agents, intermediaries and fintechs that assembles those journeys is a participant in the financial institutions open finance chain. And right now, most financial institutions have limited real-time visibility into what any of them are doing.
The same week, an audience of financial services professionals was asked about AI, governance and cyber resilience. Half said they were moving fast on AI and worrying about governance later. Only 7% were confident their organisation could withstand a cyber incident without disruption. 27% said they had zero confidence.
These are not rogue start-ups. These are the kinds of organisations operating in the open finance ecosystem right now - with access to your customers' financial data.
Fifty percent moving fast and governing later. Seven percent confident in their resilience.
That's not a risk profile sitting outside the industry. That's the industry.
If even a fraction of the open finance ecosystem looks like that sample, the industry has an exposure problem - and without real-time visibility into where the risk sits, the players can't see the damage until it's done.
The collision point isn't the technology. Technology is moving. The part that's still catching up - as Louise Beaumont put it closing the panel - is the governance infrastructure: who is responsible when something goes wrong across a chain of third parties, intermediaries, and AI agents?
That's not a tomorrow question. The incidents are already happening.
Invela is building the infrastructure that closes that gap - continuous risk monitoring across your open finance chain, not point-in-time assessments that go stale the moment an intermediary spins up a new AI capability.
Because the question isn't whether your third parties are deploying AI. They are. The question is whether you have any visibility into whether they're doing it safely.
Open finance, covered.
