
Table of Contents
Why Lenders Should Slow Down on AI Adoption
I was talking recently with the head of a specialty lending operation, a sophisticated team that has been in growth mode and expanding into new markets. I asked him how AI was showing up inside his organization. His answer surprised me. He said AI is not allowed at his company right now, with one exception: a single enterprise tool with proper controls in place. And he was clear that this was by design, not an oversight.
His reasoning was simple and direct. His team handles customer sensitive financial information every day. Borrower data. Loan files. Personal financial statements. And the risk of that information being mishandled through an AI tool without the right enterprise controls is not theoretical. It is real, and it is happening right now across the industry. His words stuck with me. He said his competitors are going to get themselves in trouble because they think AI is going to solve everything, and they are going to realize what they exposed themselves to a little too late.
I think he is right, and I think it is a perspective that deserves more attention than it is currently getting. The pressure on lending executives to do something with AI right now is enormous. Board members are asking about it. Investors are asking about it. Staff are asking about it. And the easiest thing in the world, when that pressure builds, is to start experimenting with whatever tools are available without fully thinking through what data is going into them and where that data goes once it leaves your hands.
The Real Risk Is Not Hypothetical
The specific risk this executive flagged is one I am hearing about more often in conversations across the industry. People inside lending organizations are dumping customer sensitive information into personal AI accounts. Chat tools. Document summarizers. Whatever is fast and easy to use in the moment. Most of them have no idea that the information they are entering may be retained, used to train underlying models, or accessible in ways that directly violate their organization’s data governance obligations.
In lending, this is not an abstract compliance concern. You are handling income data, credit information, tax returns, bank statements, and personal financial details that are protected under a range of regulatory frameworks. When that information moves through an AI tool that was never vetted for enterprise use, you have lost visibility into where it goes and who might eventually have access to it. That exposure does not show up immediately. It shows up later, often during an examination, an audit, or a data incident, at which point it is too late to undo.
This is the part of the AI conversation that gets skipped over in most of the current enthusiasm. Everyone wants to talk about what AI can do. Fewer people want to talk about what happens when it is deployed carelessly inside a regulated business that owes its customers, and its regulators, a duty of care around sensitive data.
Crawl, Walk, Run Is the Right Framework
The approach this executive described, restricting AI broadly while allowing one vetted enterprise tool with real controls, is not caution for its own sake. It is the correct sequencing for an organization that understands where its risk actually lives. Crawl, walk, run is not a slogan. It is a discipline, and it happens to be the right discipline for lending operations specifically because the value of AI in this industry is directly tied to the quality and structure of the data environment underneath it.
An AI tool querying a well-structured lending platform with proper enterprise controls produces reliable, auditable results. It can answer a specific operational question and you can trace exactly how it arrived at that answer, what data it touched, and who was authorized to ask. An AI tool with access to messy, unstructured data spread across disconnected systems produces outputs that nobody can fully trust, because nobody can fully explain where the answer came from or whether the underlying data was even accurate in the first place.
This is the distinction that gets lost in the rush to adopt. AI does not create good outcomes by itself. It amplifies whatever is already true about your data environment. If your loan data lives across five disconnected systems, spreadsheets, and email threads, AI will not fix that. It will simply generate confident-sounding answers built on top of an unreliable foundation, and confident-sounding wrong answers are more dangerous than no answer at all, especially in a lending context where decisions have real financial and regulatory consequences.
Why Salesforce-Native Lending Platforms Have an Advantage Here
What I find genuinely interesting, from an operational and architectural standpoint, is that lending organizations already running on Salesforce are in a materially better position than most when it comes to adopting AI responsibly. When your loan origination and servicing platform is built natively on Salesforce, the most natural AI layer available to you is Salesforce’s own Agentforce.
Agentforce operates entirely within your existing Salesforce security model. It respects your profiles, your permission sets, and your data sharing rules exactly as they are already configured. It does not require you to export sensitive borrower data to an external tool sitting outside your compliance perimeter. It does not create a new data governance exposure that your compliance and risk teams then have to go identify, evaluate, and retroactively control. The governance work you have already done to secure your lending data on Salesforce extends automatically to how AI is allowed to interact with that data.
In practice, this means a loan operations team can ask a natural language question, something like show me all loans maturing in the next ninety days, or which borrowers are past due on their next payment, and get an instant answer. The AI is querying data that already lives inside your existing, permissioned, audited environment. Nothing new is created outside the walls you already built. Nothing sensitive leaves the system to go sit inside a third party’s infrastructure with unclear retention practices.
That is not a flashy use of AI. It will not generate headlines. But it is useful, it is auditable, and critically, it does not introduce new compliance risk into an operation that is already carrying plenty of regulatory obligation. For a lending organization that takes its data obligations seriously, that is exactly the kind of AI adoption that makes sense as a starting point, and arguably as the only sensible starting point.
Speed Is Not the Advantage People Think It Is
There is a widespread assumption right now that moving fast on AI is inherently an advantage, and that lenders who hesitate are going to be left behind. I understand where that assumption comes from, but I do not think it holds up when you look closely at what is actually being adopted and how.
The lenders who are going to look smart in three years are not going to be the ones who adopted AI fastest. They are going to be the ones who adopted it thoughtfully, with the right enterprise controls in place, the right data governance discipline already established, and a platform architecture that supports AI without creating new exposure in the process. Everything else is just speed for its own sake, and speed without direction in a regulated industry tends to produce the kind of headline nobody wants attached to their organization.
The lenders moving fast without those guardrails in place are effectively placing a bet that regulators and examiners are not paying close attention right now, or will not catch up to what happened until well after the fact. That is not a bet I would want to make with customer financial data, and it is not a bet I would advise any lending executive to make on behalf of their organization, their board, or their borrowers.
What Deliberate Adoption Actually Looks Like
Deliberate does not mean slow for the sake of being slow, and it does not mean avoiding AI altogether. It means starting with a clear-eyed assessment of where your sensitive data actually lives, who currently has access to it, and what controls already exist around it before you introduce any new tool into that environment. It means choosing enterprise-grade tools that operate within your existing security architecture rather than tools that require you to hand data outside your walls in exchange for convenience.
It means being honest with your board and your investors about why you are moving at the pace you are moving, rather than adopting something quickly just to have an answer ready for the next board meeting. Boards and investors who understand lending, and increasingly most of them do, will respect a deliberate answer grounded in data governance far more than they will respect a rushed pilot that later becomes a liability.
It also means recognizing that the foundation matters more than the tool. An organization with clean, centralized, well-governed lending data on a platform like Salesforce is positioned to adopt AI capability incrementally and safely, expanding what the technology is trusted to do only as confidence in the underlying data and controls grows. An organization still operating across spreadsheets and disconnected point solutions is not actually choosing between fast AI adoption and slow AI adoption. It is choosing between AI built on a shaky foundation or doing the foundational data work first. The second path takes longer, but it is the only one that produces results anyone can actually trust and defend under examination.
The conversation I had with that lending executive was a useful reminder that the smartest people in this industry right now are not the ones chasing every new AI headline. They are the ones asking harder questions about data, governance, and architecture before they let any new tool near their borrowers’ information. That instinct is not caution born of fear. It is operational discipline, and in lending, operational discipline is what separates the organizations that grow sustainably from the ones that end up explaining themselves to a regulator.
