Case Studies

Evaluation of Compliance With the EU AI Act for a European Bank

AI & Data PlatformsBanking & Finance
27 January 2026 - 5 minutes read

In recent years, Responsible AI (RAI) has moved to the forefront of priorities for financial institutions. This shift accelerated in 2022 as the EU AI Act gained momentum, raising concerns around compliance, data governance, and public trust. As the first comprehensive European regulation for artificial intelligence, the EU AI Act establishes clear rules for developing, deploying, and using AI systems, based on their potential risk to health, safety, and fundamental rights.

Key challenge

A major European bank approached us to understand whether—and how—its AI initiatives complied with the regulatory requirements of the EU AI Act.

Our engagement focused on three priorities: assessing the organization’s Responsible AI maturity, identifying use cases that could be classified as high-risk, and defining a practical roadmap to embed compliance across teams. Beyond governance and technical controls, the EU AI Act emphasizes the human factor: operators of high-risk AI systems, including employees and contractors, must possess sufficient AI literacy. We had to ensure that they understood the system behavior and could make informed, accountable decisions when interacting with AI.

Our approach

Our mission was to first determine if its use cases fell into the high-risk category defined by the EU AI Act, then evaluate the organization’s RAI maturity,  and finally to turn the gap analysis into hands-on decisions and next actions.

To achieve this, we started to apply the Act’s risk-based assessment framework across all identified use cases. Because Responsible AI is highly context-specific and difficult to evaluate in a generic way, especially when standardized guidelines for large organizations are lacking, each project required an individual review, or at least a department-level evaluation.

Our approach included two main steps.

Step 1: RAI Maturity Score Report

To evaluate the bank’s Responsible AI maturity, we began by conducting a questionnaire in collaboration with the client. The assessment comprised 28 questions, organized around three key areas:

  • Bias and fairness
  • Explainability and transparency
  • Technical reliability.

For each question, the client was asked to provide a score between 1 and 5. For instance, sample questions included:

  • “Is the use of protected attributes (e.g., gender, age) as features regulated, documented, and reviewed to prevent discrimination?” (Bias and fairness)
  • “Are there applications or frameworks that help end-users understand the decisions made by AI systems?” (Explainability and transparency)

Based on the responses, we developed a comprehensive maturity score report. This report served as a shared reference point for a gap analysis, highlighting where current practices diverged from EU AI Act mandated standards.

Important: This is a demonstration example created to illustrate the visual layout and format of how a final maturity report would appear. The data, scores, and classifications presented in this example are entirely fictitious and for visualization purposes only.

Step 2: Implementation and Remediation

Once the gap analysis revealed where current practices didn’t fully match EU AI Act expectations, the team ran a focused on-site workshop. This working session turned the gap analysis into hands-on decisions and next actions, aligning stakeholders on two main questions:

  1. Which AI system genuinely qualify as high-risk under the EU AI Act?
  2. What enhancements are required to meet regulatory expectations?

For each project, participants reviewed whether these aspects had been considered and how they were currently addressed. To ground these principles in reality, the client brought forward actual use cases from past projects. This enabled practical discussions, fostered a common language around Responsible AI and ensured alignment across teams.

Concrete actions were recommended based on identified risks and edge cases were explored to define mitigation strategies. While this assessment focused on targeted dimensions (Bias and fairness, Explainability and transparency, Technical reliability), a comprehensive RAI maturity evaluation should also encompass additional critical areas such as data governance and quality, as well as sustainability and ethics.

Finally, we delivered a final presentation and organized a dialogue session to confirm findings, lock in the key takeaways, and align on the next steps for compliance and governance—backed by a written report detailing the assessments, core findings, major risks, best practices, and agreed actions.

Key benefits

The assessment clarified which use cases were most likely to be classified as high-risk and helped the bank prioritize improvements to avoid failing compliance.

Main benefits included:

  • Focused prioritization: Time and resources were directed toward areas with the highest impact through a targeted approach.
  • Navigating the EU AI Act: Clarification of the requirements that apply to high-risk AI systems.
  • Shared baseline across teams: Maturity score for each assessed dimension, providing a common reference point.
  • Actionable recommendations: Practical guidance for both mature projects as well as early-stage initiatives, with the greatest value for technically stable projects undergoing detailed Responsible AI reviews.
  • Stronger forward monitoring: Improved visibility into key compliance indicators for upcoming AI projects.
  • Consistent practices: Enhanced alignment across departments and AI initiatives.
  • Lasting knowledge: Increased RAI awareness and education, fostering gradual cultural change.

Beyond immediate compliance, the assessment triggered ongoing discussions about priorities and governance. It also reinforced that Responsible AI is an iterative effort—one that benefits from continuous refinement of tools, processes, and skills across the organization.

Share
Insights

Access related expert insights

View all insights
Expert Articles
Expert Articles
17 Apr 2026
SEO meta title: The hidden cost of routine customer queries in retail What “routine” really means in retail customer service In retail, “routine” doesn’t mean “easy.” It means repeatable. WISMO (Where Is My Order), returns, delivery changes, missing items: these are predictable intents. But they often involve multiple systems, policy rules, and exceptions. That’s why […]
The Hidden Cost Of Routine Customer Queries In Retail
The Hidden Cost Of Routine Customer Queries In Retail
Expert Articles
Expert Articles
14 Apr 2026
The race to adopt artificial intelligence has moved faster than almost any technological shift in history. According to McKinsey’s 2025 State of AI report, 88% of organizations have now integrated AI into at least one business function – a significant jump from just 78% a year prior. While generative AI adoption has more than doubled […]
AI Governance in APAC: The Executive’s Blueprint for Digital Trust
AI Governance in APAC: The Executive’s Blueprint for Digital Trust
Case Studies
Case Studies
10 Apr 2026
CBTW helped Finacca modernize its investigation platform by replacing a legacy ERP hosted in its Paris offices with a scalable Mendix low-code solution. Starting with an MVP dedicated to dormant life-insurance investigations, the team accelerated development, improved investigator workflows, and built the foundation for a broader digital platform. The result: faster case management, secure cloud access, and an architecture ready to support new applications and future AI-driven capabilities.
How Finacca Modernized its Life-Insurance Investigation Platform
How Finacca Modernized its Life-Insurance Investigation Platform