An uncomfortable finding runs through the industry research: most enterprise AI projects never deliver a measurable return. For a FINMA-regulated institution the stakes are higher still — a failed project isn't just sunk budget, it's a governance and audit liability. In our audit work the failure rarely sits with the model. It sits with four recurring patterns. Naming them is the first line of defence.
Pattern one is tool-first thinking. Teams choose a tool or a vendor, then go looking for a problem it can solve. In regulated finance that order is backwards, and it is dangerous. A workflow with clear control points can be audited; a tool chasing a use case creates exactly the undocumented paths an internal audit flags. Start from the process and its sign-off points, not from the tool.
Pattern two is automating a workflow you cannot measure. Without a baseline you can neither prove an improvement nor detect a regression. For a controller signing off on numbers that go to investors, "we think it's faster" is not an audit answer. Establish the baseline first — cycle time, error rate, the number of manual touches — and only then automate.
Pattern three is the absence of an executive sponsor. AI that touches a regulated process needs a senior owner who carries the outcome — not an enthusiastic analyst running a side project. Without that accountability, the work stalls at the first compliance question, because nobody is empowered to answer it.
Pattern four is "AI everywhere" scope creep. Trying to transform everything at once spreads scarce attention across too many half-built initiatives, none of which reaches production. The disciplined alternative is narrow: one workflow, measured, in production, owned — then the next. That is how reporting across 39+ funds at a leading Zurich investment foundation was built — narrow first, then extended.
The common thread is that these are organizational and governance failures, not technical ones. The fix is unglamorous: pick one measurable workflow, give it an owner, build it where compliance can audit it, and show that the baseline improved. Done that way, AI stops being a failed initiative and becomes a dependable part of the operating stack.