FinovateSpring 2026 ran May 5 through May 7 in San Diego. Fifty-four companies had seven minutes each to demo their products in front of an audience of financial institution leaders, analysts, and investors. We analyzed every single one of them.
The biggest question at this conference was not whether to use AI. It was whether banks and credit unions have built the infrastructure to govern what they have already deployed. That is a harder question, and most do not have an answer.
The AI Themes at a Glance
Five themes dominated the AI-related demos. Each one points to a different pressure point:
| Theme | The Core Pressure |
|---|---|
| AI Governance Has Replaced AI Adoption | Institutions have deployed AI without the infrastructure to oversee it |
| Legacy Infrastructure Is the Binding Constraint | Undocumented cores and data dependencies cap AI ambition |
| Agentic AI Is Now Running in Production | Multi-step AI workflows have moved from pitch decks to live deployments |
| Behavioral Personalization as a Deposit Defense Tool | Institutions are not using the transaction data they already hold |
| The AI Governance Gap as a Regulatory Risk | Examiners are adding AI governance to day-one checklists now |
Theme 1: AI Governance Has Replaced AI Adoption
The Shift
Dozens of vendors now offer AI-enhanced workflows for lending, compliance, customer service, and operations. Most of them work reasonably well at the task level. The problem is that financial institutions have been deploying these tools without building the supporting infrastructure to know what they have deployed, where data flows, and what happens when a model produces a wrong output.
Three product categories emerged at FinovateSpring specifically to address this.
Model Governance Platforms
KDOA's Model IQ automates the process of classifying, risk-scoring, and scheduling validation for every AI model an institution has deployed. A task that previously took three to four weeks per model is reduced to minutes. PentEdge built a one-click compliance report mapped directly to federal examination frameworks. Their demo opened with a direct statement: examiners are now sending day-one checklists that include AI governance requirements. That is not a future concern. It is a current one.
Agent Compliance Layers
Lyzr AI built real-time compliance enforcement into agent infrastructure: SOX, IFRS 9, liquidity coverage ratios, and PII handling are checked continuously, with human escalation triggered automatically when thresholds are crossed. This matters because agentic AI systems make decisions faster than human review allows. Compliance embedded in the agent is the only compliance that operates at agent speed.
Auditability in AI Outputs
Aloan, CRIF, Vine Financial, PROVIDR, Zengines, and Bloomfire all demonstrated explicit citation trails in their AI-generated outputs. Every AI-generated statement links to a source document and page number. This is not a cosmetic feature. It is the mechanism by which AI-assisted analysis becomes defensible in a regulatory examination or a loan dispute. Demos that lacked citation trails drew visible skepticism from the audience. That is a useful calibration.
What FIs Should Take Away
Most institutions that have deployed vendor AI tools, Microsoft Copilot, or AI-embedded features in loan origination systems have not built a corresponding governance layer. They do not have a formal AI inventory. They do not have model risk scores. They do not have a board-level report. Examiners are beginning to ask for these things. The window for proactive compliance is narrowing.
Theme 2: Legacy Infrastructure Is the Binding Constraint on AI Modernization
The Data Point That Mattered Most
Zengines delivered the most clarifying data point of the conference: 92 of the top 100 US banks still run mainframe cores written in COBOL, RPG, or PL/I. Over 50% of regional banks and credit unions run RPG cores, specifically those operating on Jack Henry, FIS, and Fiserv platforms.
This matters for AI in a specific way. AI agents need to read data, trigger processes, and take actions inside operational systems. None of that is straightforward when the system's data flows, dependencies, and business logic have never been documented. Nobody at most institutions can fully answer what depends on what, or what a change to one system will break downstream. The technical term is blast radius problem. The practical consequence is that AI ambition stalls at the boundary of the core system.
Three Approaches to the Same Constraint
Cobalt addressed this from the architecture mapping side. They build and maintain a live map of every system dependency across an institution's environment. As they described it in the demo: "Cobalt produces a map that has never existed, and it keeps it up to date, so those future agents can operate safely and freely." That map is not a planning artifact. It is the precondition for safe AI deployment.
Go Abacus addressed the data sovereignty variant. When institutions ask AI vendors where their data goes, the honest answer from most vendors is incomplete. Go Abacus ships an on-premise AI appliance: 2,000 concurrent users, 75 pre-configured agents, no usage-based pricing, and no data leaving the institution's environment. For institutions with state-specific privacy requirements or boards that have raised data sovereignty concerns, this eliminates an entire category of risk.
Bloomfire addressed the knowledge management version of the same problem. When an institution's internal knowledge base contains conflicting, outdated, or duplicative policies, any AI built on top of it will confidently produce wrong outputs. Their platform identifies and resolves knowledge conflicts continuously, so AI search is grounded in clean source material rather than institutional noise.
What Community Banks Should Take Away
AI readiness is not primarily a question of which AI tool to purchase. It is a question of whether your data infrastructure can support AI safely. For most institutions running undocumented legacy cores, the honest answer to that question is currently no. The path forward is to address that constraint before layering AI on top of it.
Theme 3: Agentic AI Is Now Running in Production Banking Workflows
The Category Has Been De-Risked
The category that existed primarily in vendor pitch decks a few years ago is now in documented live production. Multiple companies demonstrated multi-step AI agents handling meaningful banking workflows end to end, with real institutions and real outcomes to show for it.
Commercial Lending
PROVIDR showed a nine-stage agent pipeline that processes 24 months of bank statements, categorizes transactions, runs fraud detection, and generates a full credit memo in under five minutes. The manual equivalent takes approximately four days. Aloan demonstrated term sheet parsing, automatic entity and relationship extraction, document matching, and debt service coverage ratio calculation in the time it takes to brew a French press. Both systems include citation trails that make AI-assisted outputs auditable.
Vine Financial is in live production at community banks and agricultural lenders. One Oklahoma institution increased throughput from two loans per week to eight to ten per week. The system is configurable to the institution's own underwriting logic and credit policy, which is the differentiator from generic AI tools. The underwriting logic belongs to the institution, not the vendor.
Collections and Servicing
Kato showed a voice AI handling outbound collections calls. It is scripted rather than generative, which eliminates hallucination risk in a context where a wrong statement creates compliance exposure. They are in production with BlueVine and Paraffin, with a reported 30% improvement in recovery rates.
Customer Service
Talkdesk demonstrated agentic AI handling multi-factor authentication, balance inquiries, proactive cross-sell, and escalation to human representatives with full conversation context transferred across the handoff. The deployment model does not require replacing existing infrastructure. It overlays what the institution already operates.
SMB Onboarding and Lending
Loquat combines KYC, account opening, card issuance, and loan origination in a single digital session. They reported a 94% completion rate against a 61% industry average, zero fraud losses in 12 months of live production at America First Credit Union (a top-10 credit union by assets), and a 75% reduction in back-office processing time. The technical mechanism driving the completion rate is running KYC before asking for data entry. Fraudulent applicants exit in the first 30 seconds.
The Pattern in Production Deployments
Every system that demonstrated real results shared three characteristics: a defined human escalation path, an explicit audit trail, and configurable parameters tied to the institution's own policy framework. Demos that lacked these features were uniformly earlier stage, a useful procurement filter.
Theme 4: Behavioral Personalization as a Deposit Defense Tool
The Underlying Problem
Community banks and credit unions collect transaction data that describes their customers' financial lives in more detail than almost any other data source available to any institution. Most are not using it. Meanwhile, customers are leaving the banking platform to ask financial questions on general-purpose AI tools. Kiro Money's data point from their demo: the average person spends six hours per month asking personal finance questions on external AI platforms. That usage is capturing intent data that could be converting to financial products at the customer's own institution instead.
The Market Leader
Finalytics.ai won Best in Show for the second consecutive year at FinovateSpring. Their system is a behavioral intelligence layer that sits across an institution's public site, application funnel, and authenticated banking environment. It personalizes the experience in real time based on behavioral signals from the data. A 1.5 billion dollar credit union using their platform is generating loans and deposits through digital engagement at a measurable and documented rate.
The Broader Field
Multiple vendors are solving adjacent versions of the same problem. Ventus AI builds enriched spending intelligence across 5,000 subcategories, surfaces life event signals, and triggers advisor outreach. Kiro Money embeds AI chat inside the banking app to keep customers on the platform rather than taking financial questions to competitors. Nextvestment provides AI-assisted financial guidance for the long tail of advisor clients, with human escalation built in and an advisor view that surfaces client anxiety signals before the client calls.
What Community Banks Should Take Away
Data assets exist inside the institution. The question is whether you are using them or allowing competitors to benefit from your customer relationships instead.
The AI Governance Gap: A Regulatory Risk That Is Present-Tense
This theme cuts across all the others and deserves direct treatment.
Most community financial institutions have deployed some AI: vendor-embedded AI features in loan origination systems, Microsoft Copilot for internal operations, chatbots on public-facing sites, AI-assisted credit decisions from third-party vendors. This has happened at pace, which is not inherently wrong. The problem is what did not happen alongside it.
What Typically Did Not Happen
At most institutions, the AI deployment process did not include: a formal inventory of every AI system and what data it touches; model risk scores; validation schedules; escalation protocols for when a model produces a wrong output; board reporting that includes AI governance; or a regulatory-ready response if an examiner asks about any of it.
PentEdge's demo was built around exactly this scenario: "Imagine you're getting ready for an exam and your examiner sends you that day-one checklist and it includes AI governance for the first time."
The Window
The institutions that build governance infrastructure proactively are not going to have a better product. They are going to have a better regulatory conversation. That distinction will matter more in the next examination cycle than in the current one. Building it reactively, after an examiner asks, is significantly more expensive in time and organizational attention than building it before the question is asked.
Five Findings Worth Taking From This Analysis
- The governance gap is present-tense. Examiners are adding AI governance to day-one checklists now. If your institution does not have a model inventory, you are behind.
- Legacy infrastructure is the AI ceiling. Before evaluating which AI tool to buy, evaluate whether your core systems can support it. Undocumented data dependencies are a hidden constraint that will limit the value of any AI deployment layered on top.
- Agentic AI in production works. Commercial lending, collections, customer service, and SMB onboarding all have vendors with documented live production results at named institutions. The evaluation question is no longer whether the technology will work. It is which vendor's policy configurability fits your compliance posture.
- Citation trails are the new table stakes. Every AI-assisted output that will be examined, defended, or used in a credit decision needs to link back to the source data. Institutions should apply this as a standard evaluation criterion in any vendor selection process.
- The personalization asset is being underutilized. Transaction data is one of the richest behavioral data sets any institution holds. The vendors monetizing it are demonstrating measurable results. The gap between institutions that are using it and those that are not will widen.
A Note on This Analysis
This post is based on demo transcripts from FinovateSpring 2026 and supplementary conference coverage. All vendor claims, metrics, and outcomes cited here come from the demos themselves. We have not independently verified them, and individual results will vary by institution size, technology stack, and implementation quality.
We have no commercial relationship with any vendor mentioned and no financial interest in any of them being adopted. Upstate AI is an independent AI consulting firm serving Central New York businesses. We analyze developments like this because our clients benefit from accurate, disinterested information when making technology decisions.