From PoCs to Production: Scaling AI Safely in Regulated Banking

Many AI initiatives fail not because organisations underestimate what it takes to make it safe, scalable, and accountable.

Sam Bridges-Sparkes is Head of BI Analytics & Strategy at Shawbrook Bank. His work spans business intelligence, analytics, and the responsible adoption of AI within a highly regulated banking environment.

In this episode of Digital Customer Communications: Regulated, we explore what it really takes to move AI from experimentation into production inside a regulated bank, and why governance, culture, and people matter as much as models and infrastructure.

Why Proofs of Concept Rarely Survive Contact With Reality

Building an AI proof of concept has never been easier.

Large language models make it possible to produce something impressive in minutes, often without writing a single line of code.

That ease can be misleading. Sam explains that Shawbrook’s early AI work started with a deliberately low-risk internal use case.

The team focused on competitor analysis using public data. This allowed them to explore value without immediate customer impact.

However, even this relatively contained use case exposed how difficult it was to move from experimentation into production.

AI systems did not fit neatly into established delivery pathways designed for deterministic technology.

Testing, governance, and operational ownership all required rethinking.

"You can knock something up very quickly now, but turning that into a productionised, governed, reusable piece of technology is really quite difficult."

Sam Bridges-Sparkes, Head of BI Analytics & Strategy, Shawbrook Bank

When Traditional Testing Models Break Down

Deterministic Expectations vs Probabilistic Systems

Traditional banking systems assume repeatability. The same input should always produce the same output.

Large language models do not always behave this way. Sam describes the challenge of reassuring colleagues when identical prompts could generate different responses.

Binary testing models based on exact matches were no longer sufficient. Instead, Shawbrook had to define acceptable ranges of output quality.

In practice, this involved combining AI-assisted evaluation with human review.

Governance and risk teams needed confidence that this approach was robust and defensible.

Human-in-the-Loop Is a Design Choice

Augmentation, Not Automation

Throughout the conversation, Sam emphasises that AI is positioned as an accelerator, not a decision-maker.

He describes AI as getting teams “eight rungs up the ladder”. The remaining steps require human judgement.

Roles shift from doing work to evaluating outcomes. This framing helped internal stakeholders become more comfortable with adoption.

It also preserves accountability, which remains essential in regulated environments.

"Your role becomes much more of an evaluator rather than a doer."

Sam Bridges-Sparkes, Head of BI Analytics & Strategy, Shawbrook Bank

Why Culture and Skills Matter as Much as Models

New Ways of Working Are Required

AI adoption exposed gaps not just in tooling, but in ways of working.

Progress required collaboration across data science, infrastructure, governance, service design, and risk.

There were no established patterns to follow. Many emerging practices were quickly superseded as models evolved.

Sam notes that this made flexibility and collaboration more important than rigid process adherence.

Delivery models had to adapt to keep pace with change.

Guardrails That Enable Adoption

Reducing Shadow AI Through Clarity

Clear guardrails became a core enabler for internal adoption.

Before enterprise tooling was introduced, there was awareness of informal use of public AI tools.

Introducing enterprise access allowed Shawbrook to funnel experimentation into safer environments.

And governance intensity scales with impact. Sam describes a three-stage approach:

• Domain-specific GPT use carries lower risk.
• Wider internal release introduces additional scrutiny.
• Customer-impacting workflows require deeper controls and evaluation.

Guardrails reduce risk, but they do not eliminate the need for ongoing monitoring and reassessment.

Why One Model Will Never Be Enough

The Case for Hybrid AI

LLMs excel at reading and writing. They still struggle with complex financial analysis at scale.

Sam's referred to AI as a “shiny new intern” in the past - it is ambitious and always attempts an answer, even when wrong.

These confident errors are big risks in financial contexts.

As a result, Shawbrook expects to rely on a hybrid approach.

Traditional machine learning and deterministic systems remain essential for some workloads. Flexibility also reduces dependency on any single vendor or model.

Where the Real Near-Term Value Sits

Productivity Without Losing Trust

The strongest near-term gain, for Sam, sits with individuals.

AI helps remove low-value tasks and accelerate everyday work. Sam describes this as automating the mundane to empower the brain.

These efficiency gains could be so powerful that people have talked about their ability to reshape organisational structures.

Rather than reducing teams, it changes where effort can be applied.  Customer-facing roles can remain human-led, supported by AI.

Sam cautions agains the hype - in regulated sectors it's best to adopt a "fast follower" mindset, waiting to see who successfully deploys more comprehensive automated decisioning that regulators accept.

FAQs

Why Do AI Proofs of Concept Fail to Scale in Banking?

Because production systems must meet governance, testing, and accountability standards that proofs of concept rarely address.

Can Large Language Models Be Fully Automated in Regulated Environments?

Not safely today, as explainability, consistency, and accountability still require human oversight.

Is AI Replacing Roles in Banking?

The near-term impact is augmentation, improving productivity rather than removing people.

Why Is Hybrid AI Becoming Necessary?

Because different tasks require different approaches, and LLMs are not suited to all financial workloads.

What Is the Biggest Risk of Unmanaged AI Adoption?

Shadow AI usage without visibility, governance, or data controls.

References

Artificial Intelligence in UK Financial Services, Bank of England and Financial Conduct Authority, 2024

Model Risk Management Principles for Banks, Prudential Regulation Authority, 2023

Our Approach to AI, Financial Conduct Authority, 2025

Guidance on AI and Data Protection, Information Commissioner’s Office, 2023

ISO/IEC 42001 AI Management Systems, ISO, 2023

AI Risk Management Framework, NIST, 2023

Artificial Intelligence Act, European Union, 2024

Follow-Up Report on Machine Learning for IRB Models, European Banking Authority, 2023

Reviewed by

Sam Kendall, 21.01.2026