In the digital economy, cybersecurity and customer experience are two sides of the same cyber-risk coin…
At SAS Innovate 2026, Stu Bradley, Senior Vice President of Risk, Fraud and Compliance Solutions, SAS, spoke substantially onstage and with customers about AI in banking and finance.
After the event, I caught up with him for more insights and answers about cyber risk, fraud, customer experience (CX) and AI:
What do you see trending in the banking and finance sector, and what is driving these trends?
Stu Bradley
Senior Vice President of Risk, Fraud and Compliance Solutions, SAS
Bradley: Now that the industry has largely cleared the digital access hurdle, it is increasingly centered on decision quality. That’s a fundamentally different challenge from digital transformation alone.
In Southeast Asia, for example, more than 60% of payments are now digital. All ASEAN-10 markets have introduced national QR payment systems, and eight have already enabled cross-border QR interoperability. This level of adoption has raised the bar considerably. Customers across the region now expect financial services to be immediate, embedded and secure, thereby placing institutions under considerable pressure to deliver on all three simultaneously.
In practice, this means banks are racing to meet rising customer expectations for real-time, seamless digital experiences—from onboarding to payments to credit decisions, and across a wide range of customer journeys. That’s a tall order, particularly as most banks are still building the data and governance foundations required to support AI-powered decisioning at scale. As a result, we are seeing enterprise decisioning initiatives lead major IT rationalisation efforts within financial services, eliminating siloed infrastructure to enhance experience while reducing duplicative costs.
As it pertains to AI’s role in decisioning, SAS’ recent research with IDC found that only 11% of banks have achieved an ideal state of AI maturity, balancing trust in AI with demonstrably trustworthy AI systems. Nearly half fall into what IDC calls the “trust dilemma” – that is, either relying on AI systems that have not been fully validated or underutilizing proven AI they do not sufficiently trust. In Asia Pacific, findings show that only 4.9% of banks have reached a transformative stage.
Those tensions are driving a lot of the technology modernization we’re seeing today. BCG estimates that technology now accounts for more than 10% of bank revenues on average, with global bank IT spending projected to grow at a compound annual rate of roughly 9%.
Of course, investment alone doesn’t guarantee returns. As we saw in recent years, the generative AI hype cycle led to countless AI pilots that were never deployed. The reason is straightforward: business cases often required a GenAI label to secure budget approval, pushing it into use cases for which it was not well suited. CFOs were left asking, “Where is the ROI?” In many cases, there was none. This is particularly concerning given that the industry is now amid a similar agentic AI hype cycle.
The institutions pulling ahead are those that recognized early that governance is not a constraint on innovation but a catalyst. The proof is in the data: our research with IDC revealed that organizations with strong AI governance were 60% more likely to report double or greater returns on their AI initiatives.
In the world of digital payments and digital banking, cyber risk and fraud have been on the rise. What is SAS’ perspective on this growing concern?
Bradley: The concern is legitimate. Digital banking has created enormous convenience, but it has also reshaped the economics of fraud. Transactions move in real time, financial ecosystems are increasingly interconnected, and threat actors can create and scale new schemes more quickly than ever, from wherever.
SAS’ recent fraud research with the Association of Certified Fraud Examiners (ACFE) found that three-quarters of anti-fraud professionals have seen an increase in deepfake social engineering and AI-charged consumer scams over the past two years – and 55% anticipate a significant acceleration in such threats in the future.
What is more concerning is that cybercriminals are often better resourced and less constrained than the institutions defending against them. Just 7% of surveyed fraud professionals said their organizations are more than moderately prepared to combat these AI-enabled threats.
Organized criminal groups have substantial technology budgets and are not bound by the principles of trustworthy innovation, nor do they face regulatory constraints on how quickly they can act. Financial institutions, by contrast, face tightening regulatory scrutiny even as fraud typologies continue to evolve and accelerate. The industry’s response cannot be to layer additional point solutions onto already fragmented infrastructure. Banks cannot build an effective fraud defense by asking, “What’s next?” They must instead build an architecture that is agile enough to respond to whatever comes next.
Should fraud, risk and customer experience be treated as separate domains, or should they be merged and handled as an integrated business concern?
Bradley: They should be integrated, without question. In fact, I would push back slightly on the framing, as it understates the issue. Treating these as separate domains is not just suboptimal – a siloed approach actively creates risk.
Customers do not experience their bank as a collection of functions but as a single institution. When a legitimate payment gets declined, that is not just a risk and decisioning failure, it is a customer experience failure. When fraud slips through, the reputational damage and costs land on the whole institution, not just the fraud team. When an AI-driven credit decision cannot be explained to a regulator, that’s a governance problem with simultaneous customer and compliance implications.
The conventional model of viewing technology through the lens of an organizational chart – fraud in one area, credit risk in another, compliance operating separately, and marketing doing its own thing – is outdated. Different teams make different decisions about the same customer, using different data, on different platforms, without a shared understanding of the customer relationship. This inevitably leads to IT sprawl and a fragmented customer view.
Leading institutions are instead moving towards an enterprise customer decisioning model, built on a common AI-powered architecture that supports the full customer lifecycle. Risk, fraud, compliance and sanctions, and marketing decisions all operate on shared infrastructure, using shared data to inform a unified view of the customer.
This model not only reduces IT complexity and cost, but also enables fundamentally better decision-making. A customer who appears to be a credit risk may also exhibit behavioral signals relevant to fraud. A compliance flag may have implications for customer experience. When these functions are siloed, that context is lost entirely.
The business case is compelling. Institutions adopting this model respond faster to emerging threats, deliver stronger customer experiences, and rationalise the technology sprawl that has slowed them down for years. Those that fail to modernise their decisioning landscape will ultimately face customer churn and, in time, irrelevance.
How does AI come into the equation?
Bradley: AI has a critical role to play, particularly in helping banks operate at the speed and scale that modern financial services now require. The biggest opportunity I see is using AI to connect data across what have historically been siloed functions: fraud signals informing credit decisions, behavioral patterns surfacing compliance risks, real-time transaction data shaping the customer experience in the moment.
AI is the enabler that makes integrated decisioning work at scale – but only when deployed with the right discipline and with the right guardrails, supporting trustworthy decisions. Financial services is a highly regulated industry, and strong governance, trusted data, explainability and human oversight will remain essential.
In terms of use cases, AI delivers the most value when it augments human decision-making rather than replacing it. For instance, up to 80% of an AML investigator’s time is spent collecting and organizing information. Using AI to automate this data aggregation frees up time for higher-value investigative work that requires human judgement.
The key is aligning the right AI capability with the desired business outcome. This is what separates transformative programmes from costly experiments. Banks should adopt a portfolio approach to AI rather than defaulting to whichever technology is attracting the most attention.
Generative AI, for example, is well suited to automating high-volume, labor-intensive tasks – such as summarization, data preparation and narrative generation, as in the AML example. However, it is not a universal solution. Traditional machine learning has a proven, decades-long track record in areas such as fraud detection and credit scoring.
It is also worth noting that many banks begin with automation. However, our research with IDC found that organizations focusing solely on productivity and efficiency use cases are leaving significant value untapped. Cost-saving initiatives delivered the lowest ROI of any AI objective – $1.54 per dollar invested – compared to $1.83 for customer experience improvements and $1.74 for market expansion efforts.
That is not to suggest that efficiency-focused use cases are inherently the wrong starting point. Structured correctly, early efficiency wins can build data readiness and foster governance maturity and organizational confidence. However, banks should be careful not to view productivity gains as the ceiling of AI’s potential when, in reality, they represent the floor.
