Zango AI brings together Europe's financial regulators and industry leaders in Lisbon

On 9 July 2026, Zango hosted a regulatory forum at the historic Grémio Literário in Lisbon, bringing together European supervisors and industry leaders for an evening on AI in finance.

The event brought together leaders across the European ecosystem. Pedro Machado, Member of the Supervisory Board of the European Central Bank, delivered the keynote. Senior representatives Portugal's three financial regulatory authorities, the ASF, the CMVM and Banco de Portugal, gave the supervisory view, while practitioners from Ageas and Caixa Geral de Depósitos provided the industry vantage point. Manuel Caldeira Cabral, former Minister of the Economy, closed the session. 

Throughout the evening, a common thread was that the rules are largely in place, adoption is already widespread, and the focus now is turning that adoption into transformation without letting oversight fall behind.

Opening remarks: Ritesh, CEO, Zango AI

Ritesh opened on the gap between ambition and delivery. Board pressure to adopt AI looks similar on both sides of the Atlantic, but speed does not. Ritesh argued that US firms tend to go live in six to eight weeks, while European firms are often stuck in procurement for around six months, feeding a widening transatlantic divide and a drift of talent to the US.

Part of the reason, he argued, is that there is no shared understanding of AI governance. Zango's research, involving interviews with 27 senior leaders across financial services, found that every firm is taking a different approach. That absence of a shared view of what good looks like in practice is, in part, why so much AI stays in pilot rather than production. His closing point was that AI is new infrastructure, not just a new tool, and Europe needs to get in front of it.

Keynote: Pedro Machado, Member of the Supervisory Board, ECB

Pedro Machado, a key figure in European finance, has been a member of the Supervisory Board of the European Central Bank since March 2025. He previously served as Chief Legal Counsel and Director of Legal Services at Banco de Portugal.

The keynote speech began by grounding the discussion in scale. More than 93% of banks under European supervision already use AI, with around €4bn invested, concentrated in fraud and cybercrime detection, followed by marketing, chatbots and credit scoring. 

Yet adoption does not yet equal transformation. Many firms risk a micro-efficiency trap and a J-curve, where costs land well before the aggregate benefits, and supervisors expect clear accountability, effective senior oversight and robust challenge from the second and third lines rather than today's fragmented ownership.

Cyber-security resilience was a key theme. Frontier models can find vulnerabilities and generate working exploits in minutes, shrinking patch windows from weeks to hours, and the European Systemic Risk Board (ESRB) warning points to speed, common exposure to a few providers, and the asymmetry between attackers and defenders as the main systemic channels. Strategic autonomy, Machado argued, is vital, given heavy dependence on non-EU cloud providers. 

Last week the ECB wrote letters to the CEOs of systemically important institutions, requiring a priority impact assessment and concrete action plans by 31 October, with the annual IT risk questionnaire postponed to February 2027 to free up resources.

Panel one: the supervisory perspective

This panel brought together Portugal's three financial regulators on a single stage, giving an overarching view of the supervisory perspective. Moderated by João Lampreia of Freedom24, it featured Ana Moitinho Byrne, Coordinator of the Technological Innovation Office at the ASF; Manuel Monteiro, Director-General of the CMVM; and Pedro Quinaz, Deputy Director of the Prudential Supervision Department at Banco de Portugal.

The panel's starting point was technological neutrality: risks exist regardless of the technology used to address them. AI still brings its own additional risk, though, which is why the EU AI Act flags certain high-risk uses, including pricing, underwriting and health insurance, with consumer protection the primary concern.

Amplification was discussed, as AI accelerates existing failure modes, particularly financial exclusion from poorly designed models or flawed data, faster than supervisors can hire the specialists to catch it. 

There was also a warning about success itself. A model that consistently gets it right invites sleepy oversight, where validation becomes a rubber stamp and organisations stop questioning it.

Echoing themes raised in Pedro Machado’s keynote, the risk of monoculture was raised. Institutions converging on similarly trained models built on the same data can produce herd behaviour, which could lead to significant market shocks. 

Regarding whether further regulation was required, the consensus was that DORA already covers digital resilience, and the answer is supervisory convergence, not more regulation.

Panel two: the industry perspective

The second panel, with Pedro Oliveira Machado, Group Information Security Officer at Ageas, and Raquel Vila Verde, Group Head of Compliance at CGD, focused on implementation, providing the industry view.

It explored how AI is a reality that begins with redesigning processes, with significant gains in creative, data and marketing functions. Accountability and skills proved difficult questions: who signs off when things go wrong needs board endorsement, and firms struggle to find directors with both the banking and technical skills required to oversee AI.

The interaction of AI and marketing was another key theme. Generative AI can now produce marketing videos and investment content faster than second-line controls can review them. Because a human needs specific certifications to give certain investment advice, the panel argued that firms cannot let AI-generated creative and marketing output escape that same conduct scrutiny, coining it "compliance for the creative".

Proportionate regulation, the panel argued, is essential. Against the old logic that the US invents, China copies and Europe regulates, proportionate rules are fundamental given the complexity involved. There is real urgency, as generative AI is accelerating fraud faster than defences, with deepfake voice CEO fraud already producing losses in the hundreds of millions.

Closing remarks: Manuel Caldeira Cabral, UMinho Exec

Manuel Caldeira Cabral, former Minister of the Economy, brought the session to a close by pulling together the various threads of discussion. AI offers significant operational gains, with one deployment in complaints handling resolving around 40 percent of cases without human intervention. The risks are equally significant, particularly hyper-personalised advertising that draws on protected characteristics to maximise profit. 

His conclusion echoed the room: current rules are proportionate and sufficient, but open issues remain, including the public procurement of AI so the public sector can benefit from adoption too.

Zango's AI governance research report

To read more about many of the issues touched upon at this event, read The Future of AI Governance & Compliance in Financial Services - a research report drawing on in-depth interviews with 27 C-suite and senior leaders across UK and European financial institutions, supported by four focus groups and four industry roundtables involving a further 60 senior practitioners.

Continue reading