Credit scoring and fraud detection use cases

November 20, 2025

author: Sukhhanjeet Singh (DNB), Andreas Schupbach (Deutsche Bundesbank), Antti Asiala (ECB), Daniel Adam Siweki (ECB)

Artificial intelligence (AI) is gradually changing the future of banking. Banks are now using AI in credit scoring and fraud detection, among other things, to increase efficiency and sharpen decision-making. The ECB Banking Supervision Office's annual data collection on the use of innovative technologies highlights a significant increase in the use of AI in European banks from 2023 to 2024, including the use of AI for credit scoring and fraud detection in the context of microprudential supervision (Figure 1). Additionally, for the fourth year in a row, on-site surveys were conducted to assess specific institutions' digital transformation strategies, their implementation, impact, and supporting technologies (including AI). As part of our 2025 priorities, we worked with national banking supervisors to further explore this trend and conducted a series of workshops with 13 selected banks that reported using AI in targeted use cases. The workshop focused on general AI development, including governance and compliance, as well as specific AI applications. The workshop findings described below are based on high-level information from a small sample of banks and should not be generalized across sectors.

AI governance and compliance

Banks report that they are ready to use AI models more effectively. They use different types of AI models. Decision tree-based models are primarily used for both credit scoring and fraud detection, while neural networks are primarily used for fraud detection (Figure 2). Banks using AI are realizing clear business benefits from improved model performance, including increased process efficiency and improved customer service. In credit scoring, AI models increase accuracy through advanced predictive analytics, increasing the ability to tailor offers to individuals. This enables loan extensions, more effective risk assessment, better risk aversion, and lower default rates, ultimately contributing to increased profitability. For fraud detection, AI models power real-time monitoring and pattern recognition to help banks identify suspicious activity and stop fraud before it occurs. This minimizes the need for manual reviews, increases operational efficiency, and reduces financial losses. However, quantifying realized benefits financially remains a challenge, reflecting repeated findings in on-site inspections of banks' ability to monitor the financial impact of strategic digital initiatives. These benefits also come with risks, so our governance and compliance framework also needed to be updated.

Many banks are integrating AI governance into their current risk frameworks. Approximately half of the banks in our sample have dedicated policies or committees in place to oversee AI. This development reflects a broader alignment of AI efforts with digitization strategies and business needs. Banks are preparing for the EU AI law to come into force, despite some uncertainty about the steps they need to take in terms of compliance. Some banks are conducting self-assessments to identify high-risk use cases, mapping AI model usage across the organization, and aligning internal processes to expected regulatory standards. These steps will help companies become compliant and ready to influence the broader regulatory dialogue. New practices include appointing a chief AI officer to increase accountability. Banks are also working to ensure that second and third lines of defense can properly oversee the use of AI. This is an area that may require further development.

Risk management and technology change

The use of AI also means banks need to update their risk management frameworks, including ensuring explainability and model governance. The AI ​​models that are analyzed are typically developed in-house, but are often hosted externally in cloud-based environments. Most banks in our sample use explainability tools to monitor model performance. We observed a centralized dashboard that visualizes model behavior. In addition, we may consult external experts to quantify the model's input variables and how they affect the results. The higher the risk, the more human verification is required to be involved. To ensure model stability and auditability, none of the banks in the sample allow self-learning after deployment. The bank reports that human oversight is in place to intervene if necessary, especially when high-risk decisions or real-time fraud alerts occur. Bank model reviewers maintain a feedback loop with AI systems to improve accuracy and reliability. Other practices include appointing a dual role chief data officer and head of AI to use “golden” (authoritative) data sources to bridge governance gaps.^[1]Apply robust data quality checks to your AI models within a centralized AI model record. To address the risks associated with using external providers, some banks rely on EU-based companies to carry out comprehensive compliance checks and ensure backup options to avoid business interruption. As their reliance on external providers increases, banks have become increasingly aware of associated risks such as data privacy, operational resiliency, and regulatory compliance. As such, we focus on vulnerabilities that focus on deficiencies in operational resilience frameworks regarding cybersecurity and third-party risk management capabilities.

Several banks appear to lack full transparency regarding the internal processes of some AI models that lead to their results, noting that models inherently operate with a degree of autonomy, a characteristic that can pose a risk of black-box operation. Banks also perceive explainability in different ways, and therefore have different definitions and approaches. While some banks are considering applying data governance frameworks to AI models to ensure that the data used is of high quality, especially for large amounts of data and unstructured data that is often sourced through complex IT architectures, only a few banks reported that they are actually effectively applying data management standards and tailoring them to the specific requirements of AI models. This is very important because poor data entry will inevitably lead to unreliable results. This also reinforces the need to continually follow up on our efforts on risk data aggregation and risk reporting (RDARR).

Digitization as a supervisory priority

A number of takeaways from this analysis (details attached here) form part of the ECB's broader efforts to understand the digital transformation of banking. This effort began with a report on digitalisation published last year and has recently been complemented by other publications and metrics on related topics.^[2] Applying existing supervisory expectations to AI models is the focus of dedicated supervisory work in European banking supervision, reflecting its importance in shaping resilience and well-integrated digital transformation. In this context, the SSM Conference on Digitalization held in October brought together supervisors and banks to exchange views on digital strategies, implementation in specific business areas such as retail and payments, AI developments and associated risks.^[3] The discussion reaffirmed that digitalization is a journey, not a destination. The opportunities are big and tangible, but the challenges are equally important and need to be addressed.

The ECB Banking Supervisor's supervisory priorities for 2026-2028 will continue to focus on AI. The aim is to continue to monitor how banks are using AI, with a focus on strategy, governance and risk management. To this end, we will continue to engage with the industry, consult external experts and further expand our internal capabilities to better identify, monitor and mitigate emerging risks.