Regulators are starting to ask examiners' questions about AI-driven decisions: where did this number come from, who approved the data behind it.
Regulators are starting to ask examiners' questions about AI-driven decisions: where did this number come from, who approved the data behind it.
Banks have spent a decade building model risk management: validation, back-testing, explainability sign-off. Almost none of that rigor has been pointed at the data feeding the model.
When a regulator asks where a specific number in a report came from, ‘the model produced it’ is not an answer. The real question is whether the training and inference data can be traced back to a source someone is willing to sign their name to.
This is not hypothetical. Data-sharing agreements with third parties, legacy core banking data with undocumented transformations, and shadow spreadsheets sitting between systems are common in almost every bank we have looked at. AI does not fix any of that. It just runs faster on top of it.
The fix is not another model governance framework. It is the boring work: a small number of critical datasets, each with a named owner, a documented definition, and a traceable lineage from source to report.
We built the Enterprise Data Quality Review for exactly this →