AI adoption is accelerating across financial services, but the pace of deployment is increasingly being dictated by regulatory scrutiny rather than technical capability.
For QA and software testing teams inside banks, the shift is clear: AI is no longer just a tooling decision, it is a compliance challenge.
As Chris Faraglia, lead solution architect and testing advocate for TestRail and Ranorex, explains: “Enterprise demand and adoption of AI have long moved beyond experimental.”
Yet despite that momentum, “enterprise AI adoption remains structurally uneven,” with only a minority of organisations fully embedding GenAI into strategy.
That disconnect reflects a deeper structural issue. “Ultimately, AI adoption is shaped less by enthusiasm or technical feasibility and more by whether organizations can prove compliance,” Faraglia noted.
“The questions that now determine whether a new AI capability can be turned on are increasingly about governance, not functionality.”
– Chris Faraglia
For banks operating under strict regulatory regimes, this proof requirement is becoming the gating factor for any AI deployment.
The implication for QA teams is significant. Decisions around AI use are no longer driven by performance or efficiency gains alone, but by whether institutions can demonstrate control, traceability and governance to regulators and internal risk functions.
Faraglia points to a fundamental shift in decision-making criteria: “The questions that now determine whether a new AI capability can be turned on are increasingly about governance, not functionality.”
For financial institutions, that means scrutiny over data flows, model training inputs, retention policies and alignment with established standards such as ISO frameworks and sector-specific rules.
QA as control layer for compliance
Within this environment, QA and software testing functions are taking on a more central role in enabling, or blocking, AI adoption.
Faraglia is explicit about this shift: “In practice, QA and test management are the operational control layers that compliance depends on.”
For banks, this reframes testing from a quality checkpoint into a regulatory control mechanism. If teams cannot demonstrate how AI-generated outputs are validated, reviewed and approved, deployments risk being delayed or rejected outright.
Faraglia highlights the core issue as a workflow gap: “If teams can’t demonstrate how AI-assisted outputs were reviewed and validated before release, approvals slow down or stall entirely.”
In regulated financial environments, where auditability is non-negotiable, undocumented AI usage effectively becomes unusable AI.
This is where structured test management becomes critical. By embedding AI into existing QA workflows, rather than allowing it to operate outside them, institutions can generate the audit trails required for compliance sign-off.
“When testing workflows capture how AI outputs were generated, reviewed, validated, and approved, they create the structured traceability that makes AI adoption defensible in regulated environments,” Faraglia said.
Shadow AI risks
A further challenge for banks is the emergence of so-called “shadow AI”, the use of unapproved tools by developers and testers when official processes move too slowly.
Faraglia warned that this is not a fringe issue but a predictable outcome of governance bottlenecks. “When official evaluation and approval processes move slowly, teams will route around them.”
In financial services, this creates immediate compliance exposure, particularly around data leakage and uncontrolled model usage.
The risk profile is amplified in banking environments, where sensitive financial and personal data is involved.
“Shadow AI amplifies the exact risks compliance teams are worried about,” Faraglia noted, including “unknown data flows” and “inadvertent exposure of sensitive information.”
For QA teams, this creates a dual mandate: enable safe AI adoption while preventing uncontrolled usage.
Simply restricting AI is not viable. As Faraglia put it:: “The answer can’t simply be ‘slow down,’ that isn’t a sustainable strategy for modern enterprises.”
“AI adoption doesn’t fail because QA engineers and developers lack motivation.”
– Chris Faraglia
The emerging solution in financial services is to embed AI directly into auditable QA and testing processes, ensuring that every output is subject to the same controls as traditional software artefacts.
Faraglia explained that this approach builds on existing QA structures: “QA runs on structured evidence, test cases, execution records, reviewer approvals, and release decisions.”
By integrating AI into these systems, organisations ensure that outputs inherit governance controls rather than bypass them.
This is particularly relevant for banks operating under regimes such as model risk management frameworks, operational resilience rules and AI governance expectations from regulators. Evidence, not intent, is what determines compliance.
Faraglia stressed that “AI used in software development must align with QA workflows to ensure proper documentation, validation, and compliance.”
In practice, this means mandatory review steps, traceable approvals and full audit histories tied to releases.
Big win is speed
The payoff is not just compliance, but speed. “Adoption moves faster when compliance is built into the workflow instead of treated as an afterthought,” he argued.
For banks, this is critical in avoiding the trade-off between innovation and regulatory risk, because for QA leaders in financial services, the message is increasingly clear: AI adoption will succeed or fail based on defensibility.
Faraglia framed the challenge in stark terms: “AI adoption doesn’t fail because QA engineers and developers lack motivation.”
He stressed “it slows when engineering leads, security stakeholders, and compliance reviewers can’t answer governance questions with confidence.” In regulated environments, “speed without proof is risk.”
This is where testing and quality engineering move from support functions to strategic enablers.
By creating “structured test workflows with documented review, approvals, and traceable results,” QA teams provide the evidence required to unlock regulatory approval.
Ultimately, in banking and financial services, AI is not just a technology deployment, it is a compliance artefact.
As Faraglia concluded: “In compliance-driven environments, AI adoption depends on defensibility,” with software testing and quality practices providing “the structure and traceability that allow organisations to prove how AI outputs were reviewed, validated, and approved.”
QA FINANCIAL EVENTS
WHY not become a QA Financial subscriber?
It’s entirely FREE
* Receive our weekly newsletter every Wednesday * Get priority invitations to our Forum events *
REGULATION & COMPLIANCE
Looking for more news on regulations and compliance requirements driving developments in software quality engineering at financial firms? Visit our dedicated Regulation & Compliance page here.
READ MORE
- Inside banking’s shift to smarter QA to tackle complexity and risk
- SmartBear CPTO on AI in banking QA: ‘Impressive metrics but no critical scenarios’
- Banks push beyond traditional QA as resilience testing gains ground
- Banking QA professionals warn AI still doesn’t know ‘where the bodies are buried’
- RECAP: The QA Financial Healthcare & Insurance Forum Philadelphia 2026
WATCH NOW
QA FINANCIAL PODCASTS
CLICK HERE TO LISTEN TO OUR EXCLUSIVE CONVERSATIONS
