Walk into any bank headquarters in the DIFC or ADGM and you will hear the same conversation. AI is going to transform risk assessment. AI is going to personalise customer experience. AI is going to detect fraud in real time. AI is going to reduce operational costs by thirty per cent. The ambition is genuine. The investment is real. And the governance, in most cases, is not keeping pace.
The DFSA's 2025 survey tells a striking story. Fifty-two per cent of authorised firms within the DIFC now use AI—a figure that has nearly tripled in twelve months. Generative AI adoption has surged even faster. But the same survey reveals that governance frameworks are developing more slowly than the technology they are meant to govern. This is not a criticism of the firms involved. It is a reflection of the speed at which the technology is moving and the structural difficulty of governing something that evolves faster than the policies designed to contain it.
The Unique Challenge of Financial Services
Financial services is not like other industries when it comes to AI governance. The stakes are higher, the regulatory scrutiny is more intense, and the consequences of failure are more immediate. A retail company that deploys a flawed recommendation engine loses some sales. A bank that deploys a flawed credit scoring model can destroy livelihoods, attract regulatory sanctions, and erode the institutional trust that took decades to build.
The challenge is compounded by the nature of financial data. It is sensitive, it is regulated, and it is interconnected in ways that create systemic risk. A model that performs well in isolation can produce unexpected outcomes when it interacts with other models, other data sources, other market conditions. The 2010 Flash Crash—triggered in part by algorithmic trading systems interacting in unforeseen ways—remains a cautionary tale about what happens when autonomous systems operate without adequate oversight.
In the UAE context, the challenge has an additional dimension. The country's financial sector serves as a bridge between Eastern and Western markets, which means that data flows across multiple jurisdictions with different regulatory requirements. A model trained on data from customers in the UAE, Europe, and Asia must comply with the PDPL, the GDPR, and whatever local regulations apply in each jurisdiction. This is not a legal technicality. It is an architectural requirement that must be designed into the system from the ground up.
Where the Real Risk Lives
When I talk to chief risk officers about AI, the conversation usually starts with the obvious risks—model accuracy, data quality, cybersecurity. These are important, and most organisations are at least aware of them. But the risks that concern me most are the ones that are harder to see.
The first is explainability. Financial regulators increasingly require that institutions be able to explain how decisions are made. If a customer is denied credit, the institution must be able to articulate why. Many AI models—particularly deep learning models—are opaque by design. They produce accurate outputs, but the reasoning behind those outputs is not transparent. This creates a tension between model performance and regulatory compliance that cannot be resolved by choosing one over the other. It must be resolved by design.
The second is concentration risk. As more institutions adopt similar AI tools from similar vendors, the financial system becomes more homogeneous. When everyone is using the same models to assess the same risks, the system becomes vulnerable to correlated failures. If the model is wrong, everyone is wrong at the same time. This is a systemic risk that individual institutions cannot manage alone—it requires industry-level coordination and regulatory oversight.
The third is the talent gap. The people who build AI models are not typically the people who understand financial regulation. The people who understand financial regulation are not typically the people who can evaluate model performance. This gap creates blind spots that neither team can see on its own. Bridging it requires a deliberate investment in cross-functional capability—people who can speak both languages fluently.
A Framework for the Financial Sector
The financial institutions that are navigating this well share several characteristics. They have established AI governance committees that include representatives from risk, compliance, technology, and the business. They have implemented model risk management frameworks that treat AI models with the same rigour as traditional financial models. They have invested in explainability tools that allow them to satisfy regulatory requirements without sacrificing model performance. And they have built internal capability—not just in data science, but in the intersection of data science and financial regulation.
None of this is easy. It requires investment, patience, and a willingness to move at a pace that feels slower than the market demands. But the alternative—deploying AI at speed without adequate governance—is not actually faster. It is faster until something goes wrong, and then it is much, much slower.
The financial institutions that will lead in this market are not the ones that adopt AI first. They are the ones that adopt it most thoughtfully. In financial services, trust is the product. And trust, once lost, is the most expensive thing in the world to rebuild.