How financial institutions can ensure AI assistants are trusted colleagues
AI assistants are rapidly being deployed across financial institutions, including banks, asset managers, and the thousands of fintechs that handle compliance. All in all, this is one of the most transformative changes to the way people work that we’ve seen in decades. As we move from proof of concept to enterprise-wide rollouts, it’s increasingly important for businesses to ensure these tools add value, not create additional headaches.
The importance of embedded teams
This is something we understand at Synechron. I currently work with teams that help thousands of people in financial services set up and work with AI assistants. And this is a huge adjustment – you can’t expect people to adapt to this level of change overnight. We’ve found that organization-wide training, led by a team of AI experts embedded within business teams, is critical to ensuring that people understand exactly what these tools can and can’t do to add value and stay secure. This is also why so many organizations use trusted third-party vendors, because this expertise simply doesn’t exist in-house.
Senior Director and Co-Head of Artificial Intelligence at Synechron.
Companies must determine which information is reliable
A comprehensive security framework must go beyond basic disclaimers at the bottom of AI assistant searches. Companies must establish what information is trustworthy. This means educating employees about the differences between secure internal datasets and open internet sources, fact-checking to mitigate the risks of model hallucination, and being aware of ethical and legal issues. For financial companies, it’s also vital that they operate in controlled environments, especially when dealing with private or sensitive data.
From a security and privacy perspective, there are legitimate concerns about the use of generative AI tools at work. As with cloud adoption, we need to ensure that data remains secure in transit and at rest. Businesses need to know exactly where their data is going: is it a secure cloud environment or a public system like ChatGPT? The lack of transparency around how data is ingested, processed, and used by these AI ‘black box’ models is a major concern for some organizations.
Certain tools simply aren’t suited for enterprise use cases involving sensitive information. ChatGPT is designed for public use and may not prioritize security and privacy protections as an enterprise-grade system. Meanwhile, offerings like GitHub Copilot generate code directly in the IDE based on user prompts, which can inadvertently introduce vulnerabilities if that code is run without review.
Looking ahead, the integration of AI into operating systems and productivity tools is likely to exacerbate these challenges. Microsoft’s new feature, Recall, takes screenshots of everything you do and creates a searchable timeline, raising concerns about surveillance overreach and data misuse by malicious actors. Compliance departments will need to benchmark these technology capabilities and then align them with regulatory requirements around reporting and data collection.
Safe, isolated environments
As AI capabilities grow and become more autonomous, we risk ceding critical decisions that impact user privacy and rights to these systems. The good news is that established cloud providers like Azure, AWS, and GCP offer secure, isolated environments in which AI models integrated with enterprise authentication can be safely deployed. Enterprises can also choose to run large language models (LLMs) on-premises, behind their firewalls, and can use open-source models to clearly understand the data used to train the model.
Transparency creates trust
Ultimately, transparency of AI models is critical to building trust and adoption. Users deserve clear information about how their data is being processed and handled, and opt-in/opt-out choices. Privacy must be a core design principle from day one, not an afterthought. Robust AI governance with rigorous model validation is also critical to ensuring these systems remain secure and effective as the technology rapidly evolves.
Finally, organizations should conduct performance reviews, just as they would with any human employee. If your AI assistant is viewed as another colleague, it should be clear that they are adding value in line with (or above) their training and ongoing operational costs. It’s easy to forget that simply “integrating AI” into a business isn’t really valuable in and of itself.
We believe these tools are vital. They will be part of almost everyone’s life in the near future. What’s important is that companies don’t think they can simply grant access to the tools and walk away; that this is something that can be announced to shareholders and be fully operational within a quarter. Education and training will be an ongoing process, and it’s essential to have the right security, privacy, and compliance measures in place so that we can fully leverage these capabilities in a way that builds trust and ensures safety.
We provide an overview of the best online cybersecurity courses.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we showcase the best and brightest minds in the technology sector today. The views expressed here are those of the author and do not necessarily represent those of TechRadarPro or Future plc. If you’re interested in contributing, you can read more here:
