Ukrainian banks are under growing pressure to automate processes and cut manual workload, but their freedom to experiment with artificial intelligence is tightly defined by regulation. Requirements from the National Bank of Ukraine (NBU), internal policies of international groups such as BNP Paribas and European GDPR rules form a narrow corridor in which AI is allowed to operate.
Compliance first: how regulation shapes AI roadmaps
For banks, any AI discussion starts with privacy and cybersecurity, not with technology. NBU rules stipulate how cameras are installed in branches and prohibit processing video recordings of clients for profiling or recognition purposes. GDPR and group-wide policies of BNP Paribas further restrict what data can be used, how long it can be stored and where it may physically reside.
This is why Ukrsibbank cannot simply deploy classic computer vision on CCTV streams or experiment with open cloud services that move sensitive information abroad. Regardless of the technical possibilities, client data must remain in Ukraine and within controlled infrastructure, and every new use case has to pass through a multi-layer compliance filter.
Practical AI: from manual paperwork to assisted processing
Within these constraints the bank focuses on low-risk, high-impact scenarios such as document processing. When clients open accounts or initiate complex operations, they submit scans or photos of documents. AI tools extract key data fields, validate formats and prefill internal systems, but the final decision always belongs to a human employee.
This hybrid model does not replace bankers; it reduces routine work, shortens queues and lowers the probability of manual data entry errors. For the client the process looks faster and more convenient, while for the bank it frees up time of qualified staff for tasks that truly require judgment.
Where banks draw the line: video, voice and biometrics
In contrast, Ukrsibbank deliberately avoids high-risk biometric scenarios. Voice verification is not being rolled out, and photo verification is used only in a limited way because of fraud risks and regulatory expectations. Sensitive authentication flows remain under the control of trained staff, even if this means sacrificing part of the potential automation.
The same logic applies to generative AI. The bank uses it only in internal processes where no personal data is involved – for example, to prepare minutes and summaries of committees that the regulator requires the bank to document. This offloads legal and back-office teams but never touches confidential customer information.
Data residency: local infrastructure as a strategic choice
Before the full-scale invasion, banks were generally banned from using cloud services to store any data. Some of those restrictions have since been softened, yet client data is still expected to stay within Ukraine. For Ukrsibbank that means keeping core systems, databases and AI workloads on local infrastructure or within tightly controlled environments.
This approach may slow down adoption of global cloud AI platforms, but it also forces banks to build resilient local architectures and work with vendors who can deploy solutions on-premise or in sovereign clouds aligned with Ukrainian and EU rules.
AI, jobs and the future operating model
Contrary to fears that AI will destroy jobs, the data and analytics team at Ukrsibbank has grown several times over the last four years. New roles appear at the intersection of risk, IT and business units: model owners, data engineers, compliance specialists and product managers who understand both regulation and AI capabilities.
For investors and technology partners the message is clear: Ukrainian banking will adopt AI, but only in forms that are compliant by design. Solutions that respect data residency, embed NBU and GDPR constraints and prove their resilience against cyber risks will have the best chance to be scaled across the sector.
