Risks of AI in Banking: 4 Threats Boards Must Govern

The biggest AI risks in banking right now are deepfake and voice fraud, model risk in credit and capital decisions, AML and fraud-model failure, and third-party AI dependency. Each one is already named in regulator alerts and supervisory rules. None of them is hypothetical. This is a guide for boards, risk committees, and compliance leaders on what the real threats are and how regulated firms govern them.
Banks aren't being attacked because criminals are smarter. They're being attacked because the tools got cheap. A deepfake video that cost a film studio millions in 2018 now costs a fraudster the price of a software subscription. Regulators have noticed. So should your board.
What are the real AI risks in banking?
Strip out the hype and four threats matter most. Here's the short version before we go deep on each.
| Threat | What it looks like | Who regulates it |
|---|---|---|
| Deepfake and voice fraud | Fake CFO on a video call, cloned voice authorising a transfer | FinCEN (US), Bank Secrecy Act reporting |
| Model risk | A credit, capital, or pricing model that's wrong and no one catches it | PRA SS1/23 (UK), EU AI Act high-risk rules |
| AML and fraud-model failure | Detection systems that miss synthetic identities and AI-generated documents | FinCEN, FCA, money-laundering regulations |
| Third-party AI risk | A bought-in model or cloud provider you don't fully understand | Bank of England, FCA, critical third-party rules |
Notice what's missing: the sci-fi stuff. No rogue trading algorithms seizing the markets. The threats that cost real money are mundane, and that's exactly why they work.
How do deepfakes and voice cloning threaten banks?
This is the threat that's already cost the most, and it barely touches your IT systems. It targets your people.
In January 2024, a finance worker at the Hong Kong office of the engineering firm Arup paid out HK$200 million (about $25 million) after joining a video call. Everyone on that call, including the person he believed was the company's UK chief financial officer, was a deepfake. The worker made 15 transfers to five accounts before anyone realised the people he'd "met" never existed. The fraudsters built the fakes from real video and audio of the executives, scraped from public conference recordings (CNN, May 2024).
Ten months later, the US Treasury's Financial Crimes Enforcement Network made it official. On 13 November 2024, FinCEN issued an alert warning that criminals are using generative AI to beat banks' identity verification, authentication, and due diligence controls (FinCEN, November 2024). Since 2023, banks have filed a rising number of Suspicious Activity Reports describing deepfake media, mostly fake identity documents used to open fraudulent accounts or take over real ones.
The scale of the wider problem is what should worry your board. Deloitte's Center for Financial Services projects that generative AI could push US fraud losses to $40 billion by 2027, up from $12.3 billion in 2023, a compound annual growth rate of 32% (Deloitte, 2024).
What governs it? In the US, the Bank Secrecy Act. FinCEN's alert reminds firms they must report suspected deepfake activity, and it names two practical defences: phishing-resistant multi-factor authentication, and live verification checks where a customer confirms identity through real-time audio or video. The board-level point is simpler. Your fraud controls were built to spot a stolen password or a forged signature. They weren't built to spot a face that doesn't exist.
What is model risk and why do regulators treat it as a board issue?
Model risk is the risk that a model is wrong, or used wrongly, and the bank acts on it anyway. AI makes the problem bigger because more decisions run through models and fewer people understand them.
The UK regulator put a hard rule around this. The PRA's supervisory statement SS1/23 sets five principles for model risk management, and they came into force on 17 May 2024 for banks using internal models for regulatory capital (Bank of England, SS1/23). The headline expectation is that firms treat model risk as a discipline in its own right, with a senior accountable owner, a full model inventory, independent validation, and clear limits on how much weight a decision can put on a single model.
The Bank of England and FCA's own data shows why this matters. Their third survey of AI in UK financial services, published 21 November 2024, found that 75% of firms already use AI, with another 10% planning to within three years. The uncomfortable finding: 46% of respondents said they had only a partial understanding of how their AI systems work, and that gap is widest for bought-in third-party models (Bank of England and FCA, November 2024).
A model you don't understand is a model you can't govern. That's not a technical observation. It's a board accountability problem, and SS1/23 makes a named senior manager answer for it.
Does the EU AI Act classify banking AI as high-risk?
Yes, and credit teams should read the detail closely.
The EU AI Act's Annex III names two banking-relevant uses as high-risk. First, AI used to evaluate the creditworthiness of individuals or set their credit score. Second, AI used for risk assessment and pricing in life and health insurance (EU AI Act, Annex III). High-risk classification triggers real obligations: risk management, data governance, human oversight, logging, and transparency.
There's one carve-out worth knowing. AI used purely to detect financial fraud is excluded from the high-risk credit category. So a fraud-detection model and a credit-scoring model sit in different regulatory buckets, even if they run on similar tech. For lenders, the practical work sits in fair-lending and credit-decision governance.
On timing, the picture shifted recently. The conformity-assessment deadline for these stand-alone high-risk systems had been 2 August 2026. On 7 May 2026, Council and Parliament negotiators reached a provisional agreement, the Digital Omnibus, proposing to defer that deadline to 2 December 2027 (EU AI Act Annex III, current text). The deferral isn't final, and treating it as a reason to stop preparing would be a mistake. The obligations aren't changing. Only the clock might.
How does AI weaken AML and fraud detection?
Anti-money-laundering and fraud controls depend on telling a real customer from a fake one. Generative AI attacks that assumption directly.
FinCEN's 2024 alert is explicit: fraudsters use deepfake images and documents to defeat the identity checks that AML programmes rely on. Fake passports, altered photos, and synthetic identities pass automated onboarding that was tuned for human-quality forgery (FinCEN, November 2024). The same tools power business email compromise, romance scams, and elder financial exploitation, all of which end in money moving through accounts your monitoring should have flagged.
The cost is measurable. In the UK, criminals stole £1.17 billion through fraud in 2024, with authorised push payment fraud alone accounting for £450.7 million (UK Finance Annual Fraud Report 2025). AI doesn't create a new category of fraud here. It makes the existing categories cheaper to run and harder to spot.
The governance response isn't another model. It's layered verification, live checks at onboarding and at high-value transactions, and a fraud function that assumes documents and faces can be fabricated. Treat every automated identity decision as a checkpoint, not a conclusion. For the detail on this, see our note on AI and anti-money-laundering compliance.
What is third-party AI risk and why is it growing fastest?
Most banks don't build their own AI. They buy it, and that's where the concentration risk lives.
The Bank of England and FCA survey found that a third of all AI use cases are now third-party implementations, up from 17% in 2022. The concentration is stark: the top three cloud providers account for 73% of named providers, and the top three model providers for 44% (Bank of England and FCA, November 2024). Firms named third-party dependency as the risk they expect to grow most over the next three years, and cybersecurity as the highest systemic risk both now and ahead.
Put plainly: if a handful of AI suppliers serve most of the sector, a failure or compromise at one of them hits many banks at once. That's the definition of a systemic risk, and it's why UK and EU regulators are building critical-third-party regimes that reach the suppliers directly, not just the banks that use them.
Governing it means knowing what you've bought. A model inventory that includes vendor models. Contractual rights to audit and explain. A plan for what happens when a provider goes down or gets breached. The accountability doesn't transfer with the contract. Under the FCA's Senior Managers and Certification Regime, a senior manager still owns the outcome, even when the model came from someone else.
How should regulated firms govern these risks?
The regulators have converged on a clear answer, and it doesn't require new technology. It requires ownership.
The FCA's stated approach is technology-agnostic and outcomes-focused. It hasn't written AI-specific rules. Instead it applies what already exists: the Consumer Duty, which demands fair and explainable decisions, and the Senior Managers and Certification Regime, which puts a named human on the hook (FCA, AI approach). Responsibility can't be outsourced to a model or a vendor. That single principle does most of the governance work.
Five moves cover the board's exposure:
- Build a full AI and model inventory, including bought-in third-party models, and assign a named senior owner to each high-impact one.
- Run independent validation on credit, capital, fraud, and AML models, and set limits on how much any single model's output can drive a decision.
- Layer identity verification with live checks, on the assumption that documents, voices, and faces can be faked.
- Map your third-party AI concentration and hold contractual rights to audit, explain, and exit.
- Keep critical functions able to run without AI, so a compromised or failed model doesn't stop the bank.
We help boards and risk committees turn these obligations into a working governance framework, built around Responsible AI rather than bolted on after an incident. Strong governance isn't a brake on AI in banking. It's the thing that lets you use it without betting the licence.
Frequently asked questions
What is the biggest AI threat to banks right now?
Deepfake and voice fraud has caused the largest single confirmed losses, including the $25 million Arup case in 2024. Model risk and third-party dependency are the threats regulators expect to grow fastest, with the Bank of England and FCA naming third-party AI as the top rising risk in their November 2024 survey.
Is AI used for credit decisions regulated in Europe?
Yes. The EU AI Act classifies AI that evaluates creditworthiness or sets a credit score for individuals as high-risk under Annex III, which brings obligations on data governance, human oversight, and transparency. AI used only to detect financial fraud is carved out of that category.
What does PRA SS1/23 require?
SS1/23 sets five principles for model risk management at UK banks, in force since 17 May 2024 for firms using internal models for regulatory capital. It expects a named senior owner, a model inventory, independent validation, and treatment of model risk as a discipline in its own right.
Can banks blame the vendor when a bought-in AI model fails?
No. Under the FCA's Senior Managers and Certification Regime, accountability stays with a named senior manager even when the model comes from a third party. The regulators are explicit that responsibility can't be outsourced to a model or a supplier.
The bottom line
The dangerous AI risks in banking aren't the ones that make headlines about runaway algorithms. They're a fake face on a video call, a credit model nobody validated, an AML check that trusts a forged document, and a vendor model three banks share without quite understanding it. Every one of these is named in a current regulator alert or rule.
Here's the opinion. The firms that handle this well won't be the ones with the most AI or the least. They'll be the ones that can name, for every model that matters, the human who owns it. Governance is the whole game. Buy the cleverest model in the market and skip the ownership, and you've bought a liability with a user interface.
Start with the inventory. You can't govern what you can't see.
For the board-level view, see VerityAI's AI risk advisory for banks.
More on how we approach it: responsible AI governance.

Sotiris Spyrou
Sotiris Spyrou is the founder of VerityAI, a Responsible AI advisory for boards and AI-deploying businesses. With 27 years across agencies, global in-house roles, and the C-suite, he advises leaders on AI governance and risk, and on answer-engine visibility engineered without the dark patterns the rest of the industry is getting penalised for. He is the author of TRANSFORM, AI Moats, and Ethical AI.
Founder at VerityAI