April 14, 2026
The conversation about AI has shifted, and I keep noticing it in the questions people are asking.
A year or two ago, the question was whether to get started. Most credit unions are past that now. They're running fraud models, deploying GenAI copilots, working through vendor roadmaps. The activity is real.
But there's a number that keeps surfacing in industry research that I think is worth pausing on. Around 80% of financial institutions report using AI in some capacity. Ask how many have a defined strategy for it, and the number drops to roughly 12%.
That gap is worth sitting with. And I don't think it's a failure story. I think it's actually two different stories, depending on how you're adopting AI.
The Sequencing Problem
When organizations are building AI capabilities in-house, or deeply integrating AI into their own data ecosystems, the challenge is usually order of operations. Deploying AI before the foundations that make it reliable are actually in place.
Think of it like opening a new branch. You can sign a lease on day one, but if your core systems can't handle the volume and your staff hasn't been trained, you're not ready to serve members. You're ready to disappoint them efficiently.
A fraud detection model making consequential decisions is only as good as the data feeding it. If income fields carry inconsistent definitions across systems, if transaction history has gaps, if no one owns data quality for that domain, the model doesn't fail dramatically. It quietly produces outcomes that are slightly off in ways that are hard to trace and harder to explain to an examiner.
That is where the risk tends to hide in that first scenario.
The Other Version of This Problem
However, a lot of AI adoption today doesn't look like that at all.
Many vendors are delivering complete, self-contained AI ecosystems built specifically for their use case, running on curated third-party datasets that are already fit for purpose. A lending decisioning platform. A fraud detection suite. A member service tool. In those situations, the foundation problem largely belongs to the vendor, not the credit union.
The challenge shifts. It becomes a strategic coherence problem.
When each line of business selects tools independently, often for good reasons, you can end up with a collection of AI capabilities that each do their job reasonably well but don't talk to each other, don't reinforce each other, and don't add up to anything greater than the sum of their parts. The efficiency you gain in one area gets quietly offset by the friction created between tools that were never designed to complement each other.
That is a different kind of gap than missing data foundations. It's a portfolio problem. And it's one that doesn't show up clearly until you try to answer a simple question: does our overall AI footprint reflect a deliberate strategy, or did it accumulate tool by tool?
Where Maturity Actually Helps
A maturity model isn't a ranking system. It's a way of being honest about where you are so you can make a reasonable choice about where to go next.
The diagnostic question that matters looks slightly different depending on which version of the problem you're facing. For internally integrated AI, the question is: does this use case match the data quality and governance we actually have, not the ones we're planning to have? For vendor-delivered tools, the question is: does this capability fit into a coherent strategy, or are we adding another silo?
Both questions are worth asking before a contract is signed, not after.
Why Agentic AI Is Worth Understanding Now
Most AI in credit unions today is still reactive. It responds when we ask it to. A credit risk scorecard runs when an application is submitted. A GenAI assistant drafts an email when a staff member prompts it. Useful, but narrow.
AI agents go further. Given a goal, they can sequence tasks, call other systems, and move work forward without a human triggering each step. For the next few years, I think the practical way to look at it is this: AI agents as smarter workflow automation in specific, well-defined areas. Agentic AI, meaning systems that act with broader autonomy across workflows, will show up first in tightly scoped pilots, not in full operational deployment.
The reason I keep bringing this up even when it feels early: vendor roadmaps already include it. And when you think about the silo problem above, agentic AI makes that problem more consequential, not less. An agent that can cross systems and initiate actions needs to operate within a coherent governance and integration model, not a patchwork of disconnected tools. Knowing what's coming helps you make better architectural decisions now.
The Governance Question Gets Harder
There is a governance question that is manageable when AI is advising and becomes significantly harder when AI is acting.
When a model scores a loan application and a human decides, accountability is clear. When an AI agent sequences the verification steps, updates downstream systems, and generates the member communication, with a human reviewing only exceptions, accountability gets more distributed.
The question I find more useful than "who owns AI?" is this: who owns the business outcome, and do they have the right technical partnership to govern it responsibly? Lending outcomes belong to the lending team. Member service outcomes belong to member service. The data and technology functions build the foundation, but they cannot own the outcome on behalf of the business. That distinction matters more and more as AI moves from tools that advise to systems that act.
If you're honest about your current AI footprint, which problem are you actually facing: missing foundations, or tools that were never designed to work together? And does the answer change which conversation you need to have first?
