Only 11% of banks report trustworthy AI despite rapid scaling, SAS finds
TL;DR
- A new IDC-SAS report finds only 11% of banks report both high internal confidence in AI and demonstrably trustworthy systems, while 47% are caught in a “trust dilemma”
- Structural weaknesses persist: 45% lack effective data governance, 42% report AI skills shortages, 19% still operate with siloed data
- The findings land as ECB, BoE and Fed regulators escalate AI cyber-risk supervision on the same banks — creating a sharpening gap between AI ambition and the governance to support it
The Trust Imperative, an IDC Data and AI Impact Report commissioned by SAS, paints a stark picture of how quickly banking AI is outpacing the foundations needed to run it safely. Only 11% of banks report both high internal confidence in AI and AI systems that are demonstrably trustworthy, according to findings highlighted by Roderick Crawford, SAS’s Global Head of Financial Services. Nearly half — 47% — fall into what Crawford calls the “trust dilemma”: either underusing reliable AI because they don’t trust it, or over-relying on AI that hasn’t been properly validated.
The governance gap
The structural picture is uncomfortable. 19% of banks still operate with siloed data. 45% lack effective data governance. 42% report shortages in specialised AI skills. Meanwhile, AI spending is still accelerating: 60% of banks expect 4-20% spending growth, with a further 12% expecting even higher increases.
Crawford’s diagnosis: “AI budgets are growing faster than the ‘responsible innovation’ capabilities that make AI dependable: governance, transparency, monitoring and strong data management.” For quality engineering and testing teams, this translates into specific pain points around explainability testing, model validation, monitoring and auditability — with traditional testing approaches stretched by increasingly complex and less deterministic AI systems.
Why this collides with the current regulator push
The report lands in the middle of an extraordinary week of AI regulatory escalation for banks. The ECB is preparing to quiz eurozone bankers about Anthropic’s Mythos model preparedness. The St. Louis Fed is re-evaluating bank cyber resilience. Bank of England Governor Andrew Bailey called for central banks to understand the implications quickly. NCSC CEO Richard Horne warned that AI will expose organisations with weak cyber hygiene. The “trust dilemma” finding now has teeth: regulators scrutinising AI readiness are looking at the exact governance gaps SAS documents.
Crawford’s reframing of AI value is also notable: banks ranked product and service innovation as the top AI value source, not cost reduction. The “AI as labour replacement” pitch that has dominated banking coverage sits at the bottom of the return hierarchy.
Looking forward
UK banks entering PRA supervisory cycles over the next quarter should expect questions grounded in the governance categories SAS measures: data architecture, model monitoring, explainability evidence, specialised AI assurance capability. The 11% trustworthy figure is uncomfortably low for regulators to accept as a baseline. Expect pressure on banks to publish AI assurance frameworks, and for “AI testing” to shift from a niche QA function to a board-level metric within 12 months.