When Regulation Becomes a Catalyst for Data & AI Transformation
How can banks balance regulatory compliance with the need to evolve their data and technology architectures for advanced analytics and AI?
This question was at the heart of the final panel discussion during the European Digital Finance Conference in Amsterdam, where industry leaders explored the intersection of regulation, data governance, and modernization.
One theme stood out clearly: regulators can act as a catalyst, not just a constraint.
Constructive dialogue with regulators helps create the right level of urgency to prioritise data management and operational resilience. When approached well, this pressure can strengthen data quality, support fact-based decision making across the organisation, and accelerate analytics and AI ambitions.
As Krista Luijten, Chief Data Officer for Finance & Risk at ABN AMRO Bank, explained during the discussion:
“Instead of seeing regulatory pressure purely as a burden, we can use it to get attention in the organisation and create priority for data management.”
In many banks, data challenges historically surfaced at the end of the process—typically within finance and risk functions responsible for reporting and compliance. Data governance initiatives increasingly aim to shift that responsibility closer to where data originates in the organisation, ensuring accountability and accuracy from the outset.
Data Governance: Slowing Down to Move Faster
A recurring theme during the discussion was the paradox of data governance: it can feel like a slowdown at first, but ultimately enables speed and trust.
Panel moderator Rheta du Preez, Managing Partner Europe at Monocle Solutions, opened the conversation with a question many banks recognise: when does data governance enable transformation—and when does it slow organisations down?
The panel agreed that the initial effort required to introduce governance frameworks, lineage tracking and accountability structures can indeed feel cumbersome. However, these foundations enable organisations to move faster later by eliminating uncertainty and manual work.
Alexandra Brdar Turk, Chief Transformation Officer at OTP Bank Slovenia, described the outcome succinctly:
“Data management may slow you down initially, but once the rules are in place you reach what I call the machine speed of trust.”
When data quality can be trusted, decisions no longer require manual verification, rework, or reconciliation across multiple systems.
This connection between governance, trust, and decision speed also applies directly to advanced analytics and AI. Without reliable, structured data, even the most sophisticated analytics tools produce unreliable outcomes.
“Garbage In, Garbage Out” Still Applies
While much of the discussion focused on regulatory compliance and architecture, the panel also explored the practical implications of data quality in real-world decisioning processes.
Nicolas Storz, Founder and CEO of Tidely, emphasised that many financial decision processes still rely on manually collected or re-entered data, which inevitably introduces errors.
“We all like to say ‘garbage in, garbage out,’ but you only realise what that really means when you see how decisions are made on manually entered spreadsheets and PDFs.”
By contrast, modern solutions increasingly rely on direct data connections—such as APIs under PSD2—to retrieve verified transactional data directly from bank accounts. This approach ensures the underlying information is accurate from the start.
According to Storz, this is a practical form of data governance: ensuring that the systems used for decision-making are fed with verified data rather than reconstructed financial information.
Compliance as a Team Sport
Another key takeaway was the importance of early collaboration and shared awareness when new regulations emerge.
Bringing together stakeholders from business, data management, compliance, and architecture early in the process helps create “compliance by design.”
Jérôme Léger, Chief Architect at Crédit Agricole, highlighted that compliance is fundamentally about accountability and architecture:
“Data governance is about accountability. If your architecture and responsibilities are clear, you spend far less time explaining yourself to regulators.”
Rather than seeing regulators as adversaries, Léger suggested organisations should treat them as part of the ecosystem.
“It’s an extended team sport. Regulators are part of the game, and it’s always useful to engage with them.”
This perspective was echoed by Alexandra Brdar Turk, who emphasised the value of proactive dialogue with regulators, particularly when interpreting new or ambiguous rules.
“When we’re unsure what a regulation really expects, we go to the regulator and validate our approach early. That builds trust and helps avoid surprises later.”
Tackling Legacy Complexity
A major challenge highlighted during the discussion is the architectural complexity inherited by banks over decades.
Mergers, rapid system integrations, and legacy technology have resulted in highly complex infrastructures—often consisting of thousands of interconnected systems and billions of lines of code.
This complexity makes regulatory compliance and modernization significantly harder.
The panel discussed several strategies for managing this challenge, including a two-speed architecture approach: maintaining legacy systems for current operations while simultaneously building new platforms designed for modern digital banking.
Krista Luijten described a pragmatic middle path:
“You can run two worlds in parallel—modernising the new environment while gradually moving use cases from the old world to the new one.”
This approach allows banks to continue operating safely while progressively transforming their technology landscape.
Designing Architecture for Continuous Regulation
As regulations continue to evolve—from BCBS 239 to DORA and emerging AI regulations—banks must build architectures capable of adapting quickly.
During the discussion, the panel explored whether centralized or federated data models are better suited for this challenge.
The consensus was that the optimal approach often combines both.
Krista Luijten summarized the balance clearly:
“You need a strong, central vision of how compliance and architecture should work, but implementation can be federated across teams.”
This combination ensures strategic alignment while allowing different parts of the organization to move forward independently.
At the same time, the panel stressed the importance of clear accountability. Without defined ownership, governance structures can become overly bureaucratic, slowing down decision-making.
AI in Compliance: Opportunity and Risk
The panel also explored the role of AI in regulatory compliance and governance processes.
Many institutions are already using AI tools to assist with regulatory interpretation, documentation review, and compliance checks.
However, the panelists emphasized that human oversight remains essential.
Alexandra Brdar Turk explained how her organisation uses specialised AI models to analyse regulations and internal documentation:
“We use specialised language models to review proposals against regulations, but there is always a human in the loop to validate the outcome.”
Krista Luijten warned that the efficiency of AI tools can also introduce new risks if organisations become overly reliant on automated outputs.
“AI can produce answers very quickly, but the danger is that teams stop reviewing the results critically.”
To mitigate this risk, many organisations are implementing “four-eyes” principles or double human review processes for AI-assisted compliance tasks.
From Obligation to Opportunity
The broader message from the discussion was clear.
When approached proactively, regulatory expectations around data management and operational resilience are not just an obligation — they are an opportunity.
An opportunity to strengthen the foundations of trusted data.
An opportunity to simplify complex architectures.
And ultimately, an opportunity to enable faster and better decision-making through analytics and AI.
As the panel concluded, the future of banking will depend on integrating these conversations.
Data architecture, regulatory compliance, and advanced analytics can no longer be treated as separate topics.
They must become one conversation across the organisation—bringing together technology, data, compliance, and business leadership from the start.
