How Generative AI Is Reshaping European Banking: HSBC, BNP Paribas, Deutsche Bank and ING

HSBC has partnered with Google Cloud for its core AI infrastructure, using Vertex AI as the platform on which its financial crime compliance models are trained and served. The bank has publicly disclosed that its AI-assisted KYC processes have reduced the time taken to complete enhanced due diligence on high-risk corporate clients. In its 2024 annual report, HSBC noted that technology investment remained a strategic priority, with AI and data capability cited explicitly as central to its transformation programme.

The compliance architecture HSBC has built around these deployments is deliberately layered. Human analysts retain sign-off authority on all high-risk customer decisions; the LLM layer surfaces relevant information and flags anomalies rather than issuing verdicts. This design choice reflects both regulatory expectation and hard-won caution from earlier deployments where model outputs were misread as definitive rather than probabilistic.

BNP Paribas: Code Generation at Scale

BNP Paribas has taken a different initial focus, deploying generative AI most aggressively inside its technology and operations divisions rather than in client-facing or compliance functions. The bank has rolled out AI-assisted code generation tools to thousands of its software engineers across its global technology teams, including a significant cohort based in France and Portugal.

BNP Paribas has worked with Microsoft, integrating GitHub Copilot into its development environment. Internal productivity metrics cited in coverage of the bank's technology strategy suggest meaningful reductions in the time engineers spend on boilerplate code and unit-test generation, freeing capacity for architecture and integration work. The bank has also begun experimenting with LLM-assisted document summarisation in its corporate and institutional banking division, where analysts process large volumes of financial filings, legal agreements, and covenant documentation.

Critically, BNP Paribas has established a dedicated AI governance committee that sits within its risk function rather than its technology division. This structural choice signals that the bank regards model risk as a first-class risk category on a par with credit or market risk. The governance committee is responsible for reviewing any AI deployment that touches client data or regulatory reporting before it moves into production, applying a framework broadly aligned with the European Banking Authority's guidelines on internal governance.

Deutsche Bank: The Model Risk Challenge

Deutsche Bank's AI programme is notable both for its ambition and for the frankness with which senior figures have discussed its complexity. The bank has a long history of technology transformation programmes that have underdelivered, and there is visible institutional awareness that AI deployments need to be managed differently from previous waves of enterprise software investment.

Deutsche Bank has partnered with Google Cloud in a multi-year agreement announced in 2021 and extended since, covering cloud migration as well as AI capability development. Its production AI deployments span trade finance document processing, where LLMs extract and validate data from letters of credit and shipping documents, and client onboarding automation in its private bank. The trade finance use case is particularly well suited to current LLM capabilities because the documents involved are semi-structured and high-volume, and errors have historically been both common and costly.

The model risk dimension is where Deutsche Bank has invested heavily. The bank's risk function has developed an internal model validation framework that applies to AI models as well as the statistical models that have long been subject to regulatory oversight. Under this framework, LLM deployments must pass validation checks covering accuracy, consistency, and robustness to adversarial inputs before they can be used in any process that affects a customer outcome or a regulatory submission.

This approach aligns with emerging expectations from the European Banking Authority. The EBA's guidelines on internal governance and its work on model risk management both emphasise that AI models used in credit, compliance, and reporting functions must be subject to independent validation and ongoing monitoring. Deutsche Bank's framework, while not yet publicly documented in full, appears to be among the more developed in the European sector.

ING: Reimagining Branch and Contact Operations

ING has pursued a somewhat different strategic logic, focusing generative AI deployment on the operational layer that connects its digital channels with its human workforce. The Dutch bank has invested in AI tools that assist its customer-facing staff in contact centres and, where branches remain, in retail locations across the Netherlands, Belgium, and Germany.

ING has developed AI-assisted tooling that provides contact centre agents with real-time suggested responses and relevant product information during customer calls and chat sessions. The system is designed as an augmentation layer rather than a replacement; agents can accept, modify, or reject suggestions. ING has described this approach in its technology communications as consistent with a principle that AI should improve human decision-making rather than substitute for it in contexts where customer trust and regulatory accountability are paramount.

The bank has also deployed AI in its software engineering function, and its 2024 reporting highlighted the use of generative AI for internal knowledge management, allowing staff to query internal policy documents and process guidelines using natural language. ING's AI partnerships include work with both Microsoft Azure and its own internal model development capability, giving it a degree of optionality that smaller institutions lack.

The Regulatory Backdrop: EBA and the AI Act

All four banks are operating against a tightening regulatory backdrop. The European Banking Authority has been developing its position on AI in banking through a series of discussion papers and consultation exercises, and its guidelines on model risk management apply directly to the LLM deployments now entering production across the sector. The EBA has made clear that AI models used in credit scoring, fraud detection, and regulatory reporting are not categorically different from the statistical models that banks have been validating for years; the same principles of documentation, validation, and ongoing monitoring apply.

The EU AI Act adds another layer. Banking applications that affect credit decisions or financial crime compliance are likely to be classified as high-risk under the Act's provisions, requiring conformity assessments, human oversight mechanisms, and registration in the EU database of high-risk AI systems. None of the four banks has yet published a detailed public account of how it intends to comply with AI Act obligations as they come into force, though all have indicated in investor communications that regulatory compliance is a core consideration in their AI governance frameworks.

The scale of investment and the productivity claims being made across the European banking sector warrant scrutiny. Capgemini's research on AI adoption in financial services, alongside disclosures from the banks themselves, provides a partial picture of how quickly deployment is accelerating and where the material financial impacts are being felt. The figures below draw on disclosed data and published research to contextualise the deployments described above.

What Comes Next

The four deployments surveyed here share a common architecture: large cloud providers supplying foundational model infrastructure, bank-side teams fine-tuning and wrapping models in domain-specific guardrails, and governance frameworks that place human oversight at decision points with material regulatory or customer consequences. That architecture is sensible and reflects hard lessons from earlier, more reckless waves of AI enthusiasm in financial services.

The more difficult questions are emerging. As LLMs become embedded in core processes, the cost and complexity of replacing or auditing them will grow. Model drift, where a production model's behaviour changes as the underlying world changes, is a known risk in statistical modelling; it is less well understood in LLMs. And the competitive pressure to automate more of the decision layer, not just the information-processing layer, will intensify as the technology matures and rivals move faster.

European banks have the compliance culture and the regulatory relationships to manage these risks better than most. Whether they have the engineering agility to compete with institutions in jurisdictions where those constraints are lighter is a question the next two years will answer.