For years, data has been called the new oil. But in financial services, it’s been closer to crude, valuable, yes, but hard to refine, siloed, and often more liability than asset. Now, with the arrival of the EU’s AI Act, the stakes have changed. Regulation isn’t just about compliance anymore. It’s about survival.
The Act demands that organisations not only know where their data lives, but also understand how it’s being used, what’s powering their AI models, and who is responsible when something goes wrong.
According to Jason Yung, Head of Data Strategy at AWS for EMEA, most firms aren’t ready. “When we ask organisations what’s stopping them from becoming data-driven, they’ll usually point to data quality,” he says. “But often, the real issue is a lack of alignment around what they’re trying to do with the data in the first place.”
This disconnect between data ambition and execution is widespread. Many institutions have centralised data teams and invested heavily in storage, data lakes, warehouses, cloud infrastructure, but are still struggling to translate that into business value. The issue? Strategy.
“Centralising data teams creates bottlenecks,” Yung explains. “But decentralising too much leads to duplication, inefficiency, and shadow IT. What’s needed is a hybrid model, multidisciplinary teams that align on purpose and outcomes first.”
There’s also a shift underway in how firms approach technology. Many still operate with a platform-first mindset, collecting features without clear use cases. Yung challenges that. “Organisations need to stop thinking about platforms and start thinking about products,” he says. “Treat AI and data like a product, with ingredients, purpose, and transparency.”
The AI Act reinforces this shift. Explainability, traceability, and auditability aren’t optional, they’re required. And that means the way organisations build, deploy, and scale AI must fundamentally change.
Generative AI isn’t just about producing text or images, its real utility in financial services may be operational. From summarising compliance documents to automating metadata analysis and lineage tracking, Gen AI is increasingly being used to reduce the administrative load of data governance.
“Generative AI allows you to scan your entire data estate,” says Yung. “It can summarise what data is being used, where it’s being stored, and whether it aligns with governance policies. It becomes a lightweight governance layer, not replacing human oversight, but augmenting it.”
This shift unlocks efficiency while reinforcing compliance. It also sets the foundation for deploying AI agents, self-operating systems that act on real-time data.
In financial services, autonomous AI agents are already gaining traction. Use cases include fraud detection, hyper-personalisation, and intelligent automation of workflows.
“If a customer is logged into a banking app and hovering over personal loans, an AI agent can detect that in real time and trigger a push notification with a tailored offer,” says Yung. “You don’t need to pre-build separate workflows, the agent adapts dynamically to user behaviour.”
The same logic can be applied to fraud. An agent that detects unusual purchase behaviour—say, a sudden shift from grocery transactions to high-value goods—can alert a fraud investigator instantly. These agents are reusable, trainable, and far more flexible than traditional rule-based systems.
“The beauty of agentic AI is that it’s not locked into one function,” Yung explains. “The same architecture can support personalisation, fraud detection, or compliance, reducing costs and increasing agility.”
The AI Act also forces a rethinking of collaboration. Traditional data sharing often relied on fragile integrations or manual processes. But new technologies, from synthetic data to clean rooms, now allow financial institutions to collaborate securely, without exposing raw data.
“We’re seeing industry consortiums use AI to scan multiple data platforms across cloud providers,” says Yung. “AI can identify common patterns, generate secure joins, and surface insights, all without compromising privacy.”
This creates new opportunities to tackle industry-wide challenges, such as fraud, systemic risk, or credit profiling, in ways that were technically impossible, or legally risky, just a few years ago.
Rather than selling a single platform, AWS offers over 250 services—“LEGO blocks,” as Yung calls them—that allow customers to build exactly what they need.
You can hear from AWS experts on how they’re helping financial services firms navigate the AI Act and beyond at Nordic Fintech Week.
Content created with Nordic Fintech Magazine.
Share article