Fair Disclosure at Retail Banks: A Compliance-First Design for Banker Companion AI
Field ReportFinance

Fair Disclosure at Retail Banks: A Compliance-First Design for Banker Companion AI

Retail banking AI is usually framed as a personalisation problem. Regulators frame it as a fair-disclosure problem. The two framings lead to different systems.

Authors

  • Ameen Altajer - Chief Executive Officer, INFINITEWARE
September 30, 2024
10 min read

Abstract

This field report proposes that retail-banking AI for frontline banker assistance is most productively framed as a fair-disclosure and audit problem rather than a personalisation problem. The former framing is the position taken by prudential regulators in the GCC and beyond; the latter is the framing carried by consumer-technology practice into banking. We argue that the two framings lead to substantively different system architectures, and that the personalisation framing produces systems that regulators reject even when they perform well on customer satisfaction. We describe a compliance-first companion architecture, outline its design principles, and discuss the trade-offs it makes explicit. The architecture is grounded in INFINITEWARE's Creditbase work with retail banking counterparties in Bahrain.

1. Introduction

Retail banking AI, particularly the class of systems aimed at supporting frontline bankers in customer conversations, is usually framed in vendor discussions as a personalisation problem. The framing carries over from consumer-technology practice: the AI knows the customer's context, produces a tailored recommendation, and hands the recommendation to the banker to pass along. The framing is intuitive and produces impressive demos. It also produces systems that prudential regulators reject.

In our Creditbase engagements with retail banks in Bahrain we have found that the same functional requirement (support the banker in the conversation) admits a substantively different design if the framing is a fair-disclosure and audit problem rather than a personalisation problem. This paper describes the compliance-first framing, outlines the architecture it produces, and specifies the trade-offs it makes explicit. It is written for banking technology leaders and compliance officers considering banker-companion AI, and for regulators developing the disposition toward these systems.

2. Two framings, two systems

The personalisation framing treats the AI as a recommender. Its inputs are the customer's profile and the current conversation; its output is a recommended product, service, or next step; its evaluation is customer satisfaction and conversion. Systems built to this framing invest heavily in the recommender model, the customer profile representation, and the conversation interface. The banker is a delivery channel.

The compliance-first framing treats the AI as a companion. Its inputs are the same but its output is different: it produces a disclosure trail (what the banker said, what the AI suggested, what was disclosed, what was declined). Its evaluation is fair-disclosure completeness and audit-trail integrity, not conversion. Systems built to this framing invest heavily in the audit ledger, the disclosure completeness engine, and the human-in-the-loop review path. The banker is the responsible party.

The two systems can produce the same conversation with the customer. They differ in what they preserve, what they demand of the banker, and what they hand to the compliance function afterwards. The compliance-first system is what current GCC regulator practice actually asks for; the personalisation system is what current vendor practice actually ships.

3. The compliance-first companion architecture

The architecture we describe here is the shape observed across our Creditbase engagements. It is not the only design that satisfies the compliance-first framing, but it is the shape that recurred as we iterated with retail banking counterparties.

  • Companion, not autopilot. The AI produces suggestions and disclosures for the banker. The banker is the party who speaks to the customer. The banker retains authority over what is said and what is not.
  • Immutable audit ledger as first-class artefact. Every AI suggestion, every human decision on that suggestion, and every disclosure statement is logged to a signed, immutable ledger. The ledger is not a debug log; it is the primary output of the system and the basis on which compliance signs off.
  • Disclosure completeness engine. The AI has explicit responsibility for tracking which required disclosures have been made in the conversation, which are pending, and which have been declined by the customer. This is a checklist, not a persuasion loop.
  • Human-in-the-loop review path. Compliance officers can inspect the audit ledger for any conversation, in retrospect, without accessing the customer's identifying data unnecessarily. The ledger is designed so that the disclosure trail is inspectable without the identity being required.
  • Regulated tool authority. The AI can query product terms, disclosure requirements, and rate cards. It cannot commit the customer to a product, price the deal, or issue a promise. Those actions are reserved to the banker or the bank's downstream systems.
COMPLIANCE-FIRST COMPANIONCUSTOMERconversationBANKERresponsible partyCOMPANION AIsuggestions + disclosuresAUDIT LEDGERimmutable, signed, inspectablecustomer flowno autopilotthe ledger is the primary output; the conversation is the intermediate artefact
The compliance-first companion architecture. The audit ledger is the primary output; the customer conversation is the intermediate artefact.

4. Trade-offs the architecture makes explicit

The compliance-first architecture makes trade-offs that a personalisation architecture leaves implicit. Naming them is part of what makes the architecture defensible to a regulator.

The system is not evaluated on conversion. Conversion may improve as a downstream consequence of better-served customers, but the direct evaluation metric is disclosure completeness and audit-trail integrity. Bankers whose conversion is being measured by the system rather than by their manager tend, in our observations, to treat the AI as an adversary. Regulators presented with a system whose primary evaluation metric is conversion tend to treat the system with the same disposition.

The banker is more visible in the loop, not less. The compliance-first framing treats the banker as the responsible party and requires the banker's active engagement with each suggestion. Systems that promise to reduce banker workload by removing decisions from the banker are attractive to procurement and rejected by compliance.

The audit ledger becomes the product. In retail banking, the compliance function is the buyer that has to sign off before the system reaches customers. The primary artefact the compliance function inspects is the ledger, not the recommender's accuracy. Building the ledger as an afterthought is a common cause of pilots that succeed technically and stall commercially.

5. Limitations

The architecture reported here is grounded in Creditbase engagements with a small number of retail banks in Bahrain. Generalisation to other GCC jurisdictions requires adaptation to the local prudential regime, which varies. The claim that the compliance-first framing produces better commercial outcomes than the personalisation framing is currently a qualitative observation from a small sample, and would need a controlled comparison to establish quantitatively. The audit-ledger design in the architecture assumes an on-prem deployment; adaptations for cloud deployment introduce trust and residency questions the paper does not address.

We also flag that the framing is specifically for banker-companion AI. Other retail-banking AI applications, such as fraud detection or credit decisioning, sit in different frames and are not covered here.

6. Conclusion

Retail banking AI aimed at banker assistance is most productively framed as a fair-disclosure and audit problem, not a personalisation problem. The two framings look similar at the vendor demo and diverge in production. Systems designed for personalisation and retrofitted to satisfy compliance produce brittle architectures that stall at regulator sign-off. Systems designed from the outset for fair disclosure produce architectures in which the audit ledger is the primary output, the banker is the responsible party, and the regulator's inspection path is a first-class feature. The compliance-first companion architecture described here is our current best synthesis of what has worked across Creditbase engagements. We expect the shape to evolve as GCC regulator practice matures.

Keywords

Retail Banking AIFair DisclosureComplianceAudit LedgerBanker CompanionCreditbaseGCC Banking