Three years ago, generative AI in banking meant a handful of cautious proofs of concept walled off from customer data. Today the largest U.S. institutions have deployed AI assistants to hundreds of thousands of employees, and the McKinsey Global Institute estimated in a June 2023 report that the technology could add between $200 billion and $340 billion in annual value to global banking, largely through productivity gains.
The current generation of tools that draft, summarize, and search represents the first phase of a longer trajectory. The next phases will land hardest in risk management, compliance, and supervision. This article maps where adoption stands, where the technology is heading, what it means for risk and compliance functions, and how regulators are positioning themselves.
See our complimentary white paper regarding agentic AI in financial institutions to learn more about regulatory scrutiny around this topic.
Where Generative AI in Banking Stands Today
In an EY-Parthenon survey of 100 retail and commercial banks conducted in early 2025, 47 percent of respondents said they had rolled out generative AI applications, up from 10 percent in 2023, and 90 percent reported being at least in the beta-testing stage. Here are some examples:
- JPMorgan Chase rolled out its LLM Suite platform broadly across the firm beginning in 2024, positioning it as a research-and-drafting assistant.
- Morgan Stanley built an OpenAI-powered assistant that gives its financial advisors conversational access to the firm’s research library.
- Bank of America’s Erica, while built on earlier conversational AI for banking rather than LLMs, demonstrated billions of client interactions that taught the industry how customers engage with virtual assistants.
This shows a consistent pattern that banks deployed generative AI first in low-risk, internal-facing work:
- Summarizing documents
- Drafting communications
- Assisting developers with code
- Searching internal knowledge bases
Customer-facing generative AI remains rarer and more controlled, because hallucination risk meets consumer protection law the moment a model speaks to a customer.
Community banks and credit unions sit earlier on the curve, but they are not absent. A Federal Reserve note published in April 2026 found that while roughly three in four large companies were using generative AI as of 2024, adoption among smaller firms remained in the high single digits.
Vendor-embedded AI, meaning generative features inside existing banking, lending, and compliance platforms, is how most smaller institutions are encountering the technology, which shifts much of the adoption question into third-party risk management.
For these institutions, the relevant decision is whether the AI capabilities arriving inside next year’s vendor releases have been assessed, documented, and approved through the same due diligence the institution applies to any other material change.
Generative AI Use Cases Across Financial Services
The generative AI use cases in financial services that have survived contact with production cluster into four functions:
1. Customer service
The evolution runs from scripted chatbots, to LLM-powered assistants that understand intent, to systems that resolve requests end to end. Most institutions still keep a human between the model and the customer for anything consequential.
2. Software development and operations
Coding assistants compress development time, and operations teams use generative tools to draft procedures, summarize incidents, and search policy libraries. In Deloitte’s State of Generative AI in the Enterprise survey of financial services respondents revealed that 74% of the most advanced adopters Deloitte labeled “pioneers” estimated a return on investment above 10%, compared with 44% of slower moving “followers”.
3. Document-heavy work
Credit memos, suspicious activity report narratives, marketing copy, and board reporting all involve structured drafting from source material, which is precisely what language models do well.
4. Risk and compliance
Analyzing regulatory changes, drafting policy updates, screening communications, and triaging complaints, capabilities increasingly delivered through AI risk and compliance tools for financial services.
What Changes Next: From Assistants to Agents
The table below maps the three phases of generative AI in banking and the oversight burden each carries.
| Phase | Core Capability | Banking Example | Oversight Implication |
|---|---|---|---|
| Chatbots (pre-2023) | Scripted answers to anticipated questions | First-generation virtual assistants handling balance and routing queries | Conventional software testing; limited model risk |
| Copilots (2023-2026) | Draft, summarize, search on request; human initiates every task | Advisor research assistants; internal LLM platforms; coding assistants | Output review, hallucination controls, usage policies |
| Agents (emerging) | Plan and execute multi-step work toward a goal with checkpoints | Regulatory change mapped to policies; automated due diligence assembly; exception investigation | Action-level audit trails, human approval gates, model risk and third-party frameworks converging |
Two implications follow:
- The unit of oversight shifts from output to action
- The skills banks need shift from prompt writing toward workflow design and control engineering
On this trend line, the future of banking looks like a thinner layer of routine work between people and decisions, with humans concentrated on judgment, exceptions, and accountability.
Generative AI in Risk and Compliance: The Quiet Frontier
The answer to how generative AI can help banks manage risk and compliance today falls into four working patterns, several of which depend on choosing the best generative AI tools for regulated work:
- Regulatory change analysis: models summarize new rules, compare them against existing policies, and flag the gaps.
- Policy and procedure drafting: models produce revisions grounded in the institution’s own documents and the regulatory text.
- Monitoring and surveillance: models screen communications for misconduct signals, triaging customer complaints by severity and regulatory exposure, and summarizing alerts.
- Examination readiness: models assemble evidence, drafting responses to information requests, and keeping a continuously current picture of control status.
This frontier stays quiet because none of it is customer-facing, so it attracts little coverage. A compliance function that processes regulatory change in days rather than quarters changes the institution’s risk posture, not just its productivity. GRC platforms have begun embedding these capabilities directly.
Predict360, for example, includes AI agents that map Federal Register changes to an institution’s policies and draft revision suggestions inside the system of record.
The Supervisory Trajectory: What Regulators Are Signaling
The OCC’s 2026 revision of its model risk management guidance acknowledged that generative and agentic AI are novel and rapidly evolving, treated them as outside the formal scope of the existing guidance, and signaled that the agencies plan a request for information on AI model risk.
That posture leaves examiners applying existing frameworks by analogy: model risk principles for validation and documentation, third-party risk guidance for vendor-embedded AI, and consumer protection law for anything customer-facing.
The practical signal for institutions is that the compliance perimeter is forming around process evidence. Examiners ask:
- What the institution deployed
- What could go wrong
- Who validated it
- Who is accountable
- What records exist
Any generative system that touches credit decisions, marketing, or customer interaction inherits decades of anti-discrimination law, and regulators have repeatedly stated that AI provides no safe harbor from disparate impact analysis.
Frequently Asked Questions
How are banks using generative AI today?
The dominant production uses are internal: document summarization, drafting communications and credit memos, coding assistance, knowledge-base search, and regulatory change analysis. Customer-facing deployment remains more cautious, typically with human review between the model and the customer. Adoption skews toward large institutions, with smaller banks encountering generative AI mainly through vendor platforms.
Which banks are using generative AI?
JPMorgan Chase deployed its LLM Suite assistant platform firm-wide, and Morgan Stanley runs an OpenAI-powered research assistant for its financial advisors. Most large U.S. banks have disclosed internal generative AI programs, while regional and community institutions more commonly use generative features embedded in vendor banking and compliance systems.
How can generative AI help banks manage risk and compliance?
The established patterns are regulatory change analysis (summarizing new rules and flagging affected policies), policy drafting grounded in the institution’s documents, communications surveillance and complaint triage, and examination preparation.
How do regulators view generative AI in banking?
U.S. banking agencies have not prohibited generative AI. The OCC’s 2026 model risk management revision treats generative and agentic AI as novel and outside the existing guidance’s formal scope, with a request for information planned. In practice, examiners apply existing model risk, third-party, and consumer protection frameworks and expect documented governance, validation, and human accountability.
The trajectory of generative AI in banking runs from copilots toward agents, and from customer-facing novelty toward risk and compliance substance. Institutions should focus on building the governance scaffolding, ground the tools in clean data, and adopt at the pace your oversight can support.
Discover how Ask Kaia can help your institution respond with more clarity, consistency, and confidence.
Request Demo- Instant Answers
- Security
- Regulatory Expertise
- Policy Automation