All articles
Why Banking's AI Moment Demands a New Governance Playbook and the Unified Stack to Run It
Kevin Frank, VP and Data Warehouse Manager at Glacier Bancorp, says the institutions that separate AI governance from data governance and consolidate their platform architecture will capture AI's upside
Key Points
Platform consolidation, collapsing storage, ETL, orchestration, and governance into fewer layers, is giving early movers an architectural advantage that multi-vendor stacks cannot replicate through partnerships.
Kevin Frank, VP and Data Warehouse Manager at Glacier Bancorp, argues that AI governance and data governance are fundamentally different disciplines requiring different speeds, different stakeholders, and different review cycles.
Banking started cautious on AI by regulatory design, but annual control reviews cannot keep pace with a technology that iterates monthly, and the cost risk of over-engineering agentic solutions is real.
Change equals opportunity and risk. AI is massive change, so it is massive opportunity and massive risk all at the same time. AI gives you opportunity to solve lots of problems you just couldn't solve in the past. You literally could do more with less.
For 25 years, building an enterprise data platform meant assembling five or six tools from five or six vendors and praying they upgraded in sync. Oracle for storage, Informatica for ETL, AutoSys for orchestration, Erwin for modeling, Collibra for governance. The individual tools work. The space between them is where things break down.
Kevin Frank is VP and Data Warehouse Manager at Glacier Bancorp, a regional bank holding company operating across the western United States. His career across Washington Mutual, JPMorgan Chase, Rabobank, and now Glacier gives him a long view on how data infrastructure shifts from one architectural era to the next. His argument: platform consolidation matters more for banking's AI future than any single agentic feature.
"Change equals opportunity and risk. AI is massive change, so it is massive opportunity and massive risk all at the same time. AI gives you the opportunity to solve problems you just couldn't solve in the past. You literally can do more with less," says Frank. The friction in a fragmented stack is coordination. When one vendor ships an update, every adjacent tool has to absorb that change at the same time. "You have four or five vendors that all need to be coordinating with each other," Frank says. Platforms that have collapsed these layers into a unified architecture, with Databricks pushing furthest into agentic engineering and security, can ship features in weeks that a multi-vendor stack needs quarters to coordinate.
Consolidation unlocks speed: "It's hard for two vendors to even get the idea that they need to do this together. Where if it's all a single stack, the idea quickly becomes obvious, and execution comes together as one team."
The clearest proof point Frank cites is a capability he tested in private preview last year: an agentic PII detection feature within Databricks' unified platform that ties data, governance, and security together in a way that takes multiple vendors a year to coordinate.
Agent scans, governance tags, security enforces: "The agent scans tables and recognizes patterns to flag whether a column might be a phone number, Social Security number, or account name. Then it tags every field in the governance layer with what kind of PII it is, and you write security rules to mask the data for different user groups."
Real data, masked appropriately: "I want my developers to be able to develop against real data, but I don't want them to see customer account numbers. This lets me pull in real data, mask it, and maintain referential integrity so they can still join a credit card customer to a loan customer on Social Security number without ever seeing it."
That PII workflow, scanning, tagging, and enforcing in a single pass, previews the governance challenge Frank says most teams are getting wrong. Frank recently posted that he has come around to viewing AI governance and data governance as separate practices that require separate approaches. Data governance is slow and methodical. AI governance has to move at the speed of the technology itself.
Different speeds, different shapes: "Data governance is slow, thoughtful, plodding. You identify your critical data elements, build governance around those, and expand outward. AI is the exact opposite. It's a massive benefit, so everyone wants it, and a massive risk at the same time."
Annual review cycle is dead: "Banking's tradition is you review your controls once a year. That's not the right pace for what's happening. Compare what OpenAI shipped three and a half years ago to what's possible today."
Cross-functional or it fails: "AI governance needs security, compliance, and data at the table. And there's a cost risk people don't think about. It's easy to build agentic tools to solve problems an Excel sum column could do without burning a single token."
The regulatory backdrop reinforces Frank's urgency. Banking started cautious on AI, directed by the FFIEC to avoid it until further guidance arrived, and that posture bought time. But the gap between regulatory review cycles and AI's iteration speed is widening. The institutions that build governance structures responsive enough to keep pace, on platforms consolidated enough to execute, are the ones that will move fastest. The rest will spend their AI budgets coordinating vendors who are not coordinating with each other.
