← Back to all blogs

Louise Cermak | 01 April 2026

A pre-flight check for your financial services AI programme

DevOps Health Check & Uplift

← Previous

Next →

In financial services, the gate that matters isn’t ‘build time’. It’s approval time.

Most AI initiatives in regulated environments don’t stall because the model is weak or the code is flawed. They stall because the organisation isn’t ready to run the solution in production.

The pattern is familiar. A business unit identifies a high-value use case, often in KYC/ AML support, fraud operations, onboarding, service, or triage. An AI pilot is commissioned. The demo looks impressive in a controlled environment. Stakeholders start to believe the hard part is done.

Then the programme meets the production estate.

Data access is restricted or inconsistent. Integration paths are more complex than expected. Security and risk teams ask questions the pilot was never designed to answer. What looked like a quick win begins to resemble a broader architecture and operating-model change programme.

This is exactly what an AI readiness assessment is for. Not to slow innovation, but to prevent investment in solutions that cannot be approved, integrated, or operated safely.

Catapult’s AI Diagnostic acts as that pre-flight check. A structured assessment of your systems, data, workflows and governance constraints. The result is a delivery-grounded view of where AI will work, where it won’t, and what needs to change first.

Book a No-Obligation Advisory SessionThe pilot trap. Why demos are dangerous

For a CIO or CTO, the most dangerous moment in an AI journey is often a successful demo.

A pilot that works in isolation creates an illusion of readiness. It proves the solution is technically possible. It does not prove it can operate safely inside a regulated enterprise.

Operational viability in financial services introduces a different set of questions.

Regulators, auditors, and internal risk teams may ask what evidence supports an output, what data was used, how access was controlled, how behaviour is monitored, and what happens when the model produces an uncertain or incorrect answer.

Internal stakeholders ask different questions:

  • What does it cost to run at scale?
  • Will it meet latency and availability requirements?
  • How will it integrate into a production support model?

If these questions only appear after build, risk hasn’t been reduced. It has simply been pushed into the most expensive phase of the programme.

That is why an AI diagnostic is the correct first move during exploration. It turns enthusiasm into decision-grade clarity.

The four pillars of AI readiness in financial services

Moving from experimentation to delivery requires confidence across four parts of the estate. Weakness in any one of them becomes the reason programmes stall later.

1. Data readiness. From ‘we have data’ to ‘we have a defensible data path’

In regulated environments, data quality alone is not enough. What matters is data you can defend.

Many organisations have data spread across legacy systems, platforms and teams. The challenge is not only quality, but traceability; proving where data came from, what it represents and whether it is being used appropriately.

A proper diagnostic tests whether there is a defensible data path from source to AI output. That means you can clearly explain:

  • what data the solution uses
  • how it is accessed
  • what permissions apply
  • how sensitive data is handled
  • what evidence exists for audit or investigation

It also means testing operational reality. The real question is not ‘can we get the data?’ but whether existing pipelines and systems can serve it reliably at the performance the business expects.

The goal is to move from ‘we have the data somewhere’ to ‘we have a governed, repeatable, auditable path suitable for production’.

2. Infrastructure and architecture. Proving performance, cost and resilience early

AI workloads behave differently from traditional applications. Cost profiles, latency and scaling characteristics can change dramatically once real users are involved.

A diagnostic forces early clarity on non-functional requirements:

  • response-time expectations
  • peak demand patterns
  • resilience requirements
  • observability and logging needs
  • acceptable failure modes

This is not about choosing fashionable architecture. It is about confirming the proposed approach fits the estate you actually operate, including hybrid environments, network boundaries, integration constraints and platform standards.

If these questions remain unanswered,  they will surface later, when change is slower and politically expensive.

3. Security and compliance. Designing within constraints instead of negotiating after the build

Security and risk teams rarely block AI because they oppose innovation. They block it when designs arrive too late to shape and the answers to basic control questions are incomplete.

An AI diagnostic brings security, risk and compliance into the process early, not as a gate at the end.

It clarifies how data will be protected across the full lifecycle:

  • access
  • processing
  • logging
  • monitoring
  • incident response

It also tests the likely approval path. What controls are required? What evidence must be produced? What does acceptable use look like inside real workflows?

Treat security as a late review and the outcome is predictable. Build first, renegotiate later.

4. Operating model: from ‘who built it?’ to ‘who runs it?’

AI systems are not static assets. Their behaviour evolves as data, processes and policies change. Even when the model itself remains stable, the environment around it does not.

That means operating AI requires more than simply assigning nominal ownership. In many organisations, responsibilities are split between development and operations teams. The group that builds the system moves on, while another team inherits responsibility for keeping it running. Over time, that gap can introduce technical debt and make issues like model drift or performance degradation harder to detect and address.

A more resilient approach follows a simple principle; the team that built it runs it. When the same team remains responsible for monitoring behaviour, investigating issues and evolving the system, feedback loops stay short and accountability stays real.

A diagnostic should therefore examine how AI systems are actually operated. Who monitors performance? Who investigates anomalies? Who approves model changes? Who maintains evaluation frameworks? And who remains accountable for risk?

You do not need a perfect operating model on day one. But you do need clear responsibility for how these systems are run, maintained, and improved once they are in production.

The AI readiness rubric. A quick self-check for CIOs and CTOs

When exploring AI, leaders need a quick way to separate interesting ideas from deliverable ones.

Use the rubric below as a practical check. If more than two areas fall into red territory, the next step should be a formal diagnostic before further build work begins.

Area Green looks like Amber looks like Red looks like
Data path Data sources, access routes, permissions and logging are clear and repeatable Some sources are known, but access and governance are inconsistent Data is fragmented, access is unclear, lineage is weak, or controls aren’t defined
Integration Integration approach aligns with estate standards and is testable early Integration is plausible but depends on assumptions or unproven interfaces Integration relies on manual steps, undocumented systems, or unknown dependencies
Non-functional requirements Latency, resilience, cost drivers and observability expectations are defined Some NFRs are assumed, but not validated NFRs are unknown; performance and cost are deferred to “later”
Security and assurance Approval path is understood; evidence requirements are clear Stakeholders are identified but controls are still vague Security/ risk involvement is late; approval expectations are unclear
Ownership and operations RACI, support model, monitoring and change control are identified Ownership is implied but not agreed No clear post-launch owner; ‘the project team’ is assumed to own it

This is not bureaucracy. It’s a way to prevent programmes becoming a sequence of impressive demos with no credible route to production.

What happens during a Catapult AI Diagnostic?

A useful diagnostic does not produce a generic strategy document. It produces a realistic view of what is feasible in your current environment.

The process typically involves four stages.

First, the estate is assessed. That means understanding infrastructure, data paths and workflow realities, including constraints that rarely appear in internal presentations.

Second, potential use cases are tested against feasibility. High-value ideas are common. High-feasibility ideas are rarer. The diagnostic identifies the overlap – opportunities with a credible path to production.

Third, capability gaps are made explicit. Where additional controls, tooling, integration work, or operating-model changes are required, those dependencies are documented and prioritised.

Finally, organisations leave with a prioritised opportunity map and delivery roadmap showing where AI can deliver value, where it cannot and what must change to move forward.

Find out more about our AI Diagnostic service.

If you’re exploring. The decisions you need to make right now

Exploration becomes expensive when it drifts into commitment without decisions.

Most organisations exploring AI should focus on answering three immediate questions.

First, which one or two use cases balance business value and technical feasibility in your current estate?

Second, is there a verified data and integration path for those use cases, including governance, access controls and realistic performance expectations?

Third, what does the approval path look like? Who must sign off, what evidence is required and which controls must be designed from the start?

If these questions remain unanswered, the next pilot will create noise rather than progress.

Stop confusing movement with progress

In the race to ‘do AI’, many organisations mistake activity for readiness. They commission pilots that were never designed to pass assurance gates, integrate cleanly, or operate reliably.

For CIOs and CTOs in financial services, the most valuable move is often not launching another experiment. It is creating a credible route from exploration to delivery, grounded in the realities of the enterprise estate.

The goal is not more AI. It’s fewer dead ends, fewer late-stage surprises and decisions that stand up to scrutiny.

That is what an AI Diagnostic provides. A pre-flight check that ensures when you press ‘go’, the programme actually stays in the air.

Get a clear view of your AI readiness

If you’re exploring AI in financial services, the critical question isn’t what you could build. It’s what you can actually run in production.

Catapult’s AI Diagnostic gives you a delivery-grounded view of your estate, so you can see:

  • which AI use cases are genuinely feasible
  • where data, integration or governance will block progress
  • what needs to change before you scale

If you want to talk it through, we’re happy to share a perspective on where you are and what to prioritise next.

Or, if you want an immediate sense of where you stand, you can assess your AI readiness in minutes.

CTA to AI Readiness Scorecard

This short, executive-level assessment evaluates your organisation across strategy, data, delivery capability, governance and culture. You’ll get a personalised view of where you’re strong, where risk is building, and what to focus on next.

The assessment takes less than three minutes. We’ll then talk you through your full Assessment report.

Take the AI Readiness Scorecard

Categories

Strategy & Advisory Platform Engineering Tooling Integration

Recent Posts

> Why AI Governance Fails in PDFs and Committees > Alpha Stage. Proving Value in the First 12 Weeks of Government Delivery > CI/CD Performance: The Compounding Cost of Waiting > Why ‘AI strategy’ fails without a clear no-build decision > The Most Expensive AI Discovery Happens After You’ve Already Built It > Why most organisations think they can’t use AI and why it’s really a hosting decision

Related articles

Why AI Governance Fails in PDFs and Committees

01 April 2026

Why AI Governance Fails in PDFs and Committees

Read their story
Alpha Stage. Proving Value in the First 12 Weeks of Government Delivery

24 March 2026

Alpha Stage. Proving Value in the First 12 Weeks of Government Delivery

Read their story
CI/CD Performance: The Compounding Cost of Waiting

17 March 2026

CI/CD Performance: The Compounding Cost of Waiting

Read their story
See all articles

Ready to chat?

Contact Us

You’re in good company

HSBC
Cabinet Office
M&G
Prudential
BT
Vodafone
HM Land Registry

Awards

UK IT INDUSTRY AWARDS 2025 Finalist Development Team of the Year
UK IT INDUSTRY AWARDS 2025 Finalist Project Team of the Year
IE100 Awards Winner 2025
Best DevOps & Agile Consultancy 2025
DevOps Excellence Award 2021
Top Atlassian Partners 2020
Digital Technology Leaders Awards 2020 Finalist
UK IT Industry Awards 2020 Finalist
Best DevOps and Agile Consultancy of the Year 2020 - UK

Accreditations

Cyber Essentials Certified Plus
We are a Living Wage Employer
Crown Commercial Service Supplier
Information Security Management System Certified Data Centre