Between 70% and 85% of AI projects in financial services fail to reach production or deliver measurable business value, according to research from Gartner, FinTellect, and the RAND Corporation. The failure rate is consistent across markets, and there is no reason to believe South Africa is an exception. The SARB and FSCA’s joint AI report, published in November 2025, found that governance frameworks across South African financial institutions are uneven, that 41% of institutions identified lack of explainability and transparency as a constraint on AI deployment, and that many banks rely on existing risk management structures without dedicated AI oversight mechanisms. These are not descriptions of institutions that have developed and then lost AI programmes. They are descriptions of institutions that have not yet built the programme infrastructure that would allow AI to succeed. The preconditions for the 85% failure rate are present.
The way to avoid joining that statistic is not a technology decision. It is a programme design decision, made before technology is selected.
Volume and value are not the same thing — and the highest-value decisions in South Africa are specific
The familiar misprioritisation applies in South Africa as everywhere: teams build AI cases around high-volume, lower-consequence decisions because the efficiency saving is legible and the sponsor is easy to find. Account administration, STP routing, basic card authorisation — these are reasonable automation candidates and the big four banks have made meaningful progress on them. They are not where the material value sits.
The decisions with the highest value at stake combine high volume with severe financial consequence per error. In South Africa, three decisions define this category clearly and each has a regulatory dimension that makes it more urgent than a pure commercial case would suggest.
AI-powered fraud detection against social engineering and deepfake attacks sits at the top of the portfolio. SABRIC’s 2024 data documents 86% growth in digital banking fraud incidents and explicit AI-generated attack vectors — voice deepfakes, AI-crafted phishing, synthetic identity documents — that rule-based systems were not designed to detect. The consequence per error is not a declined transaction that can be reversed. It is an authorised payment that the customer was deceived into making, which is irrecoverable without a dispute process that banks bear the cost of regardless of outcome.
VAF and credit fraud prevention is the second high-priority decision. Vehicle Asset Finance fraud with potential losses of R23 billion represents a concentration of AI-enabled document forgery risk that traditional origination controls cannot adequately address. Unsecured credit fraud rising 57.6% in 2024 adds further pressure across the credit decisioning portfolio. These are decisions where AI on alternative data and document verification directly addresses the fraud vector, and where the cost of continued rule-based approaches is documented and growing.
AML transaction monitoring under FICA obligations is the third priority, with the same high false positive burden that characterises AML systems globally — 90 to 95% of rule-based alerts are not fraud — and the same regulatory exposure for inadequate monitoring that has produced enforcement actions in every other market covered by this series.
The SARB/FSCA joint report adds a ZA-specific dimension to this prioritisation: the report documents that governance frameworks are absent or underdeveloped in many institutions, and explicitly cites the need for board-level AI oversight, model risk management, and explainability documentation. Institutions targeting the high-value decisions without building the governance infrastructure simultaneously are producing the exact programme conditions that drive the 85% failure rate. In South Africa, those governance requirements are not only good practice — they are the stated supervisory expectation of both the Prudential Authority and the FSCA.
The three reasons AI programmes fail — and what they look like in South Africa
The failure patterns break into three categories in roughly the same proportions across every market assessed. They are not technology failures. They are programme design, organisational, and measurement failures.
Governance failure accounts for around 42% of failed initiatives. Technology is selected before the problem is defined. The proof of concept proves the model works. Nobody is assigned to act on it. No production funding pathway exists. In the South African context, governance failure has a specific additional texture: the SARB/FSCA report found that 53% of staff in financial institutions are not sufficiently trained to use AI appropriately, and that accountability frameworks are often absent. A model deployed without a named decision owner, without a named board sponsor, and without the human oversight mechanism that POPIA Section 71 requires for automated credit decisions is simultaneously a failed programme and a compliance gap.
Sequencing failure accounts for around 31%. Data was not ready. Nobody admitted it until the proof of value was already running. In South Africa, the data readiness question has a specific dimension in fraud detection: the labelled outcome data required to train social engineering and deepfake detection models is qualitatively different from the labelled outcome data used for traditional card fraud models. Incidents where the customer authorised the transaction under duress or deception are often not correctly labelled in existing fraud management systems — they appear as authorised transactions, not fraud events, until the dispute is raised. Institutions that begin building AI social engineering detection without first auditing their outcome data labelling practices discover the gap after the programme has started.
Measurement failure accounts for the remaining 27%. The model achieved its technical targets — strong AUC, meaningful false positive improvement — but no economic baseline was established and no accountability assigned for business outcomes. In the South African regulatory context, measurement failure creates a specific additional exposure: the SARB/FSCA report calls for effective disclosure practices especially where AI influences credit and insurance outcomes. An institution that cannot measure and document what its AI credit model produces cannot meet that disclosure expectation, regardless of how technically capable the model is.
| Failure mode | Share of failed initiatives | South Africa-specific dimension |
|---|---|---|
| Governance failure | ~42% | POPIA Section 71 human oversight requirements unmet by ungoverned models. SARB/FSCA governance expectations unsatisfied. 53% of staff untrained per joint report. |
| Sequencing failure | ~31% | Social engineering fraud outcome data often incorrectly labelled as authorised transactions. Deepfake detection requires different training data than traditional fraud models. |
| Measurement failure | ~27% | No economic baseline means no FSCA disclosure capability for AI-influenced credit outcomes. Supervisory expectation from joint report cannot be met. |
Source: South Africa Banking Practice analysis, consistent with findings across North America, EMEA, APAC, ANZ, and LATAM markets.
The structural implication is direct. Investment in model sophistication generates diminishing returns if governance, sequencing, and measurement conditions are not in place. The SARB/FSCA joint report has, in effect, documented the conditions for programme failure across the South African financial sector and signalled the supervisory direction in which those conditions must be addressed. Institutions that read the report as a prompt to build governance infrastructure before selecting technology will produce better AI programmes and better regulatory relationships simultaneously.
What this means for how South African banks should sequence their AI investment
The correct sequencing for most South African institutions produces a consistent first answer: AI social engineering and digital fraud detection, targeting the 86% growth vector that traditional systems cannot address. It has the highest volume of any escalating fraud category, the highest consequence per error in terms of irrecoverable customer losses, adequate labelled outcome data in dispute records if correctly structured, and direct regulatory relevance to the SARB/FSCA supervisory expectations on governance and explainability.
VAF and credit fraud prevention sits immediately behind — the R23 billion potential loss estimate from SABRIC makes the value case without requiring complex modelling, and the AI document verification and synthetic identity detection capabilities required are well-established. AML transaction monitoring under FICA is the third priority, where the false positive burden reduction case is the same as in every other market but the FICA compliance dimension adds regulatory urgency.
RPP real-time fraud scoring is the forward-looking priority — the infrastructure that should be designed alongside the immediate fraud detection programme so that when RPP volumes create the irrevocable settlement challenge, the inline scoring capability is ready rather than being built reactively.
Part 2 of 3.
Sources
South African Reserve Bank Prudential Authority / Financial Sector Conduct Authority. Artificial Intelligence in the South African Financial Sector — Joint Report. 24 November 2025. South African Banking Risk Information Centre (SABRIC). Annual Crime Statistics 2024. August 2025. Republic of South Africa. Protection of Personal Information Act (POPIA), 2013. Section 71. Gartner. AI Project Failure Rates. Multiple editions, 2023–2025. FinTellect AI. Why 80% of AI Projects in Finance Fail. 2024. South Africa Banking Practice. Decision Portfolio and Failure Mode Analysis. Internal analysis, consistent across North America, EMEA, APAC, ANZ, and LATAM markets.
