The AI Banking Foundation No One Is Measuring
Ruslan Mishyn7 min read·Just now--
Why Document Integrity Is the Missing Layer in Your 2026 Technology Agenda
Ruslan Mishyn — AI Product Manager & Forensic Researcher, DocLens / SDB-26
The technology agenda for banking in 2026 is clear. Agentic AI. Composable architecture. Perpetual KYC. Real-time everything.
Temenos and Bain & Company, in their joint Technology Trends Redefining the Future of Banking report, put it directly: “Banks are recognizing that technology is central to their ability to build trust, compete and grow. Those treating technology as a strategic asset are pulling ahead.”
The word that matters in that sentence is trust.
Banks are investing in AI-driven onboarding, hyper-personalization, and agentic workflows — all of which depend on one thing: that the identity entering the system is real. If the document layer is not measurable, every downstream investment is built on an assumption.
That assumption is increasingly wrong.
What the Technology Agenda Is Missing
The Temenos/Bain report identifies a consistent pattern: banks that embed intelligence into a modern core, rather than layering it onto legacy, are better positioned. The same logic applies to the document verification layer — but almost no institution is applying it there.
Most banks today treat document verification as a binary: vendor returns Pass or Fail. The decision is delegated. The signal is invisible.
Consider what the report highlights about legacy environments: “nearly a third (28%) of legacy banking applications are undocumented, creating hidden operational risk and uncertainty.” [1] The document layer has its own version of this problem — not undocumented code, but undocumented decisions. When a KYC vendor returns confidence: 0.87, verdict: PASS, what signals were analysed? Was the file examined at the pixel level? Was frequency-domain analysis applied? Was the PDF structure validated?
In most implementations: unknown.
This is a structural visibility gap. And it sits at the entry point of every AI-driven workflow the bank is building.
Explainable AI Starts at the Door
The report frames one of the key technology shifts as the move toward explainability: “the underlying logic or SQL is always visible, so outputs can be explained and audited.” [1] This is described in the context of generative AI interfaces — but the principle applies with equal force to the identity verification layer.
If a bank cannot explain why a document was approved or rejected — at the signal level, not just the vendor verdict level — it cannot demonstrate due diligence to a regulator, audit committee, or internal risk function.
Regulators are moving in this direction explicitly. FCA, EBA, and FATF have each signalled that AI-enabled document fraud is a priority risk area, and that institutions are expected to demonstrate measurable controls — not just vendor relationships.
The gap between “we use a certified vendor” and “we can show what was examined and why the decision was made” is precisely the gap that explainability demands require closing.
Agentic AI Amplifies the Risk
The report devotes significant attention to agentic AI: “agentic AI combines these capabilities with goal-driven actions to perform tasks… AI agents can autonomously install, run, operate and upgrade systems alongside the necessary human oversight.” [1]
In banking workflows, agentic AI is beginning to automate onboarding decisions, route escalations, and manage compliance exceptions. This is operationally powerful — and it creates a new category of risk at the document layer.
When a human reviewer looks at a document, there is a layer of implicit judgement. When an agent processes the same document and routes it to approval based on a single vendor verdict, that judgement disappears. The agent does not see the moiré pattern in the screen-photographed passport. It does not detect the absence of sensor noise that would indicate AI generation. It processes the confidence score and moves on.
Agentic KYC pipelines that do not instrument the document layer are automating at speed — without measuring what they are automating through.
The report notes that “86% of banks are open to using agentic AI for reducing labour costs in operations” [2] — and that labour accounts for nearly half of core banking TCO. The efficiency case is compelling. But efficiency without measurability is how systemic blind spots scale.
Wealth Management: Where the Stakes Are Highest
The Temenos/Bain report highlights wealth management as a sector under particular pressure: millionaire migration at record levels (“migration numbers more than doubling from 51,000 in 2013 to a provisional 142,000 for 2025” [3]), multi-jurisdictional complexity, and intensifying regulatory requirements including perpetual KYC.
The report also identifies the highest-risk scenario directly: “AI is also being applied to processes such as verification of source of funds (which also applies when clients switch firms), making it faster and more secure to amalgamate supporting documentation.” [1]
Source of funds verification is precisely where L2 document attacks are most consequential. L2 is not a synthetic document — it is a genuine document with edited data. Bank statements with altered balances. Payslips with modified employer names. Tax returns with changed income figures. The document looks authentic because the base is authentic. The edit is invisible to semantic verification.
For a High-Net-Worth client onboarding across jurisdictions — where the source of funds check determines whether €5M or €50M enters the institution — an undetected L2 attack has a different magnitude than a bonus hunter bypassing an iGaming platform.
The report notes that “keeping operations running smoothly with minimal interruptions and clear audit trails has become non-negotiable” [1] in wealth management. That audit trail has to extend to the document layer.
Composable Architecture and the Document Layer
The report’s technology thesis is built around composability: “cloud-native, composable core platforms provide the resilience, scalability and system integration required to build trust, progressively modernize and support sustainable growth.” [1]
The composability principle applied to KYC means: the document authenticity layer should be a distinct, measurable capability — not a black box inside a vendor contract.
In a composable document layer:
- The vendor OCR/template check is one capability
- The forensic authenticity analysis is a separate, instrumented capability
- The orchestration logic — what routes to forensic deep analysis versus the lightweight path — is owned by the institution, not delegated to the vendor
- The metrics (Bypass Rate, False Positive Rate, Confidence Gap by document type and generator) are measured and owned internally
This is not vendor replacement. It is the same architecture the report describes for core banking modernization: “a progressive modernization approach allows banks to gradually break apart the monolith by carving components into independent systems connected by APIs and events.” [1]
The document layer is a component. It should be treated as one.
The Measurement Gap
Here is the practical consequence of the current state:
When a bank’s CISO or CTO is asked “what is our Bypass Rate on AI-generated documents?” — the honest answer, in most institutions, is: we do not know. We have never measured it.
This is not a criticism. It is a structural gap that the industry has not yet addressed with consistent tooling. The benchmarks that exist for AI document detection are global accuracy figures published by vendors on undisclosed corpora. They do not answer the question that matters: what is the performance on our document mix, our jurisdictions, our capture channels?
SDB-26 (Synthetic Document Benchmark 2026) is an open framework for answering that question. Methodology, metric definitions, and corpus specifications are available at github.com/sevrusik/SDB-26.
The goal is not a new vendor. The goal is visibility into a layer that is currently invisible.
What This Means for 2026 Technology Planning
If your institution is investing in agentic AI, composable architecture, or perpetual KYC — the document layer is a foundational dependency. Here is what measurability looks like in practice:
Instrument before you automate Before routing document decisions through an agentic pipeline, ensure the API response includes per-layer confidence scores, reason codes, and explicit handling of INSUFFICIENT cases. If your vendor does not expose this: you are automating through a black box.
Establish baseline on your document mix Run a test corpus through your current stack. Measure BR and FPR on your specific document types and jurisdictions. Not on the vendor’s global benchmark. On yours.
Treat the document layer as a composable component Define what your institution owns in the document authenticity decision — and what is delegated. The orchestration logic, the escalation thresholds, the measurement cadence: these should be internal capabilities, not vendor defaults.
Build the audit trail from the entry point The Temenos/Bain report notes that “regulators are paying closer attention to operational resilience and system stability” [1] across segments. An audit trail that begins at the transaction level — but not at the document verification level — is incomplete. The forensic evidence for a document decision should be as accessible as the transaction log.
Closing
The report’s central argument is that technology is no longer a cost center — it is a driver of trust, resilience, and differentiation.
Document integrity is where that trust starts.
Every AI-driven workflow, every agentic onboarding pipeline, every perpetual KYC model is downstream of the moment a document enters the system. If that moment is not measurable, the intelligence built on top of it is built on an assumption.
The banks that will pull ahead — as the report describes — are those that treat every layer of their technology stack as a strategic asset. Including the one at the door.
This article references findings from “Technology Trends Redefining the Future of Banking”, published by Temenos in collaboration with Bain & Company (2025/2026). All direct quotations are attributed. The report is available at temenos.com.
Ruslan Mishyn — AI Product Manager & Forensic Researcher. Author of SDB-26 (Synthetic Document Benchmark 2026). github.com/sevrusik/SDB-26 · sdb26.com · linkedin.com/in/mishyn-ruslan
References
[1] Temenos / Bain & Company: “Technology Trends Redefining the Future of Banking” (2025/2026) — temenos.com
[2] Hanover Research for Temenos, September 2025 — cited in [1], Technology section, p.5
[3] Henley Global: “Private Wealth Migration Report 2025” — https://www.henleyglobal.com/publications/henley-private-wealth-migration-report-2025/global-wealth-migration-2025 — cited in [1], Wealth Management section, p.17
This article represents the author’s independent analysis. It does not represent the views of Temenos or Bain & Company. Not legal advice.
