Redesigning business processes with AI in the regulated sector: how to achieve transformation, not just automation

Most organizations use AI today. Few achieve real business value from it. What sets leaders apart from the rest? Fundamental process redesign—not just adding AI to existing workflows.

The paradox of AI adoption in 2025

McKinsey's latest report, "The State of AI in 2025," reveals a surprising gap: 88% of organizations regularly use AI, but only 39% report any impact on EBIT. What's more, only 6% of companies — the so-called "AI high performers" — achieve a significant, measurable financial impact.

What are the successful ones doing differently?

The answer is both simpler and more difficult: they don't implement AI into existing processes — they redesign processes around the capabilities of AI.

AI leaders are 2.8 times more likely to fundamentally redesign their workflow than other organizations. It's not a question of better tools or bigger budgets. It's a question of ambition and approach.

Why the regulated sector needs a different approach

Financial, energy, and public institutions face a unique challenge: they must transform with AI while remaining fully compliant with NIS2, DORA, GDPR, and sector-specific regulations.

The traditional "AI as an add-on" approach creates three problems:

1. Islands of automation without synergy

Implementing a chatbot in customer service, RPA in the back office, and an ML model in credit risk—each separately—creates technological silos. The lack of knowledge flow between systems means a loss of 70-80% of potential value.

2. Compliance as a brake, not an enabler

When AI is added to an unchanged process, the compliance department only sees new risks. When the process is redesigned with AI and compliance as equal foundations, regulatory compliance becomes a competitive advantage.

3. "Human-in-the-loop" as a bottleneck

65% of AI leaders have defined processes that determine when and how humans validate model results. In the regulated sector, this is not an option — it is a requirement. But poorly designed human-in-the-loop turns AI into yet another system that generates alerts for manual handling.

Five principles for redesigning AI processes in a regulated environment

Principle 1: Start with the business outcome, not the technology

The question "Where can we use AI?" leads to pilot projects without scaling. The question "How can we reduce credit decision time by 10x while maintaining compliance?" forces us to rethink the entire process.

Example: A bank implementing AI for credit risk assessment can automate scoring (saving 20% of time). Or it can redesign the entire decision-making process — from customer acquisition, through verification, scoring, decision-making, to monitoring — achieving a 70% reduction in time with better decision quality and full auditability.

Rule 2: Design compliance as a feature, not a constraint

Regulations such as DORA require full documentation of the decision chain. Instead of treating this as a burden, leaders design systems in which:

• Every AI decision is automatically documented with full context

• Model explainability is built-in, not added post-factum

• An audit trail is a natural byproduct of the process

At SAVANT-AI, we call this approach "compliance by design" — regulatory compliance as an inherent feature of the architecture, not a control layer.

Principle 3: Explicitly define the boundaries of AI autonomy

The report indicates that organizations experiencing negative consequences of AI (51% of respondents) most often suffer from inaccuracy (30%) and explainability issues (14%).

In the regulated sector, the answer is not to restrict AI, but to clearly define:

• Fully autonomous decisions: e.g., document categorization, data extraction

• Assisted decisions: e.g., risk assessment recommendation — AI proposes, humans approve

• Decisions reserved for humans: e.g., final decision in borderline cases

This taxonomy must be built into the system architecture, not just into procedures.

Principle 4: Build on organizational knowledge, not just data

The regulated sector has vast resources of tacit knowledge: the experience of compliance experts, unwritten rules for interpreting regulations, institutional memory of decisions and their consequences.

Traditional AI systems ignore this knowledge, learning solely from historical data. The modern approach—which we implement at SAVANT-AI—combines:

• Machine learning on transactional and document data

• Knowledge graphs codifying relationships between regulations, processes, and decisions

• Cognitive systems that capture expert knowledge in a format usable by AI

Principle 5: Measure transformation, not just automation

80% of organizations define efficiency (cost reduction) as the goal of AI. But leaders — those achieving a real impact on EBIT — measure both:

• Growth: new revenue enabled by AI

• Innovation: new products, services, business models

• Quality of decisions: not only speed, but accuracy

In the regulated sector, additional metrics include:

• Response time to regulatory changes

• Compliance cost per transaction

• Level of automatic auditability

Case study: Process redesign

Traditional approach (AI as an add-on):

• OCR for document digitization → 15% time savings

• ML model for risk scoring → 20% faster decisions

• Chatbot for customer communication → 10% reduction in contacts

Total effect: ~25% improvement in efficiency, but the process remains the same.

Transformative approach (redesign with AI):

1. Entry point: The customer initiates the process digitally, AI conducts conversational data collection, dynamically adjusting questions to the risk profile

2. Verification: Parallel, automatic verification across multiple sources (registers, sanctions, media) with real-time aggregation

3. Risk analysis: Cognitive model combining customer data, transaction patterns, and expert knowledge of money laundering typologies

4. Decision: Automatic for 70% of cases (low risk), assisted for 25% (medium), escalated for 5% (high)

5. Documentation: Automatically generated report with full audit trail, ready for regulatory inspection

Overall effect: 70% reduction in onboarding time, 40% fewer false alarms, 100% auditability, better customer experience.

How to start the transformation?

Step 1: Select a process with high potential

Look for processes that are:

• Critical to business value or compliance

• Knowledge- and decision-intensive

• Currently fragmented (multiple systems, manual handoffs)

Step 2: Map the current end-to-end state

Not just process steps, but information flows, decision points, regulatory requirements, and human roles. Identify where hidden knowledge lies.

Step 3: Design the "AI-native" target state

If you were designing this process from scratch, with full access to AI capabilities, what would it look like? Which decisions could be autonomous? Where do humans bring unique value?

Step 4: Define the human-AI architecture

Explicitly define the boundaries of autonomy, points of human control, and explainability requirements for each type of decision.

Step 5: Implement iteratively with a learning loop

Start with a segment of the process, measure, learn, expand. Build trust with the organization and regulator gradually.

The role of the cognitive platform

Fragmented AI tools—separate systems for OCR, NLP, ML, workflow—make process redesign difficult. Every integration is an IT project, every change requires coordination across multiple vendors.

SAVANT-AI, as a sovereign cognitive platform, offers an integrated environment in which:

• Organizational knowledge is captured, structured, and leveraged across all processes

• AI models collaborate within a single architecture, sharing context

• Compliance is built into the platform, not added per process

• Human-in-the-loop is configurable without code changes

• On-premise deployment provides full control over data and models

This enables organizations in the regulated sector to transform their processes without compromising security and compliance.

Summary: Transformation, not automation

The report confirms what we see when working with regulated institutions: the difference between AI leaders and the rest lies not in technology, but in ambition and approach.

Organizations that treat AI as a tool for automating existing processes achieve incremental improvements. Those that redesign processes around AI capabilities—while maintaining full regulatory compliance—achieve transformative results.

In the regulated sector, this transformation is more difficult, but also more valuable. Compliance does not have to be a barrier—it can be a competitive advantage if it is built into the architecture from the outset.