As-Is Assessment for Banking Transformation in 2026

At a Glance

An as-is assessment anchors banking transformation by revealing current-state processes, systems, costs, risks, and performance gaps. Clear baseline insights enable realistic roadmaps, prioritized investments, reduced complexity, and measurable progress toward modernization and strategic objectives.

Why the as-is baseline is now a board-level governance requirement

An as-is assessment is the diagnostic phase that turns transformation ambition into a measurable baseline. In 2026, banks increasingly treat this baseline as a governance control rather than a discovery exercise. It is the reference point against which leaders test whether proposed change will improve delivery capacity, customer outcomes, and resilience without increasing compliance exposure.

The shift is driven by two realities. First, transformation scope now spans “agentic” operating models, real-time data expectations, and ecosystem connectivity, each of which amplifies operational and third-party risk. Second, regulators and internal audit functions expect stronger traceability: not only what changed, but why, under which controls, and with what evidence.

Key pillars of a 2026 as-is assessment

To establish a defensible baseline, banks document the current state in language that is specific, comparable over time, and tied to constraints that executives can act on. Four pillars typically determine whether modernization plans are feasible at the pace leadership expects.

Technology and data infrastructure

The assessment inventories core platforms, integration patterns, and the operational realities of technical debt: release windows, environment constraints, brittle dependencies, and incident blast radius. In 2026, a major focus is “data activation” for agentic workflows: whether data is unified, well-defined, and governed for lineage and access, or fragmented into silos that force manual reconciliation and undermine AI reliability.

Operational baseline

Operational documentation maps end-to-end journeys and the control points embedded within them. Banks use this view to identify friction that creates avoidable cost and risk, such as rework caused by unclear ownership, handoffs to control functions late in the lifecycle, or inconsistent policy interpretations across products and channels. Where global benchmarks influence local expectations, the baseline should also make explicit which outcome standards the institution is choosing to align with and how those standards are evidenced in operating routines.

Risk and regulatory resilience

In 2026, the as-is assessment must confirm whether risk management is truly horizontal: able to manage interdependencies across credit, market, operational, cyber, and third-party risks rather than treating them as separate reporting lines. This includes the bank’s capacity to evidence controls continuously as regulatory expectations evolve, and the ability to model compound shocks (geopolitical disruption, liquidity stress, cyber incidents) without relying on one-off annual exercises.

Talent and culture

Transformation baselines fail when they assume capability that does not exist. The workforce review should document skills supply versus demand in engineering, data governance, AI risk, model operations, and product management. It should also capture cultural and incentive constraints that affect execution, such as how accountability is assigned for operational incidents, whether control functions are embedded early, and whether decision rights are clear enough to support faster change.

Modern assessment methodology without maturity scoring

For a transformation baseline, banks typically avoid “scorecards” that create debate over labels. Instead, they apply a repeatable evidence-led method that produces clear artifacts and decision constraints.

1) Baseline inventory and dependency mapping

Document critical assets, data domains, key integrations, material manual controls, and operational dependencies (vendors, shared services, cloud platforms). The output should identify where the institution is constrained by design (architecture) versus process (governance and ways of working).

2) Executive and control-function workshops

Workshops are structured to surface non-negotiables: resilience objectives, customer outcome commitments, and risk appetite boundaries. The baseline language should reflect consensus on where the bank will accept trade-offs and where it will not, especially for AI-enabled change and ecosystem expansion.

3) Quantitative and qualitative modeling

Quantitative views (e.g., portfolio risk analytics, operational loss patterns, incident trends, cost-to-serve drivers) are combined with expert judgment to ensure the baseline reflects real operating conditions rather than diagrammed intent. The objective is not to model everything, but to isolate the few variables that will dominate transformation outcomes and risk exposure.

4) Continuous self-identification and control testing

Many banks are moving toward more frequent internal testing and quality controls rather than relying on annual reviews. As-is artifacts should therefore capture how evidence is produced today (or where it is missing), and which routines will need redesign to support faster change without weakening auditability.

Emerging tools shaping 2026 baseline practice

Two tool categories are increasingly visible in as-is assessments: regulator-aligned readiness diagnostics and AI-enabled benchmarking.

Regulator-aligned readiness diagnostics

In January 2026, Fidinam announced Fidesion, positioned around a “banking success assessment” concept aimed at helping firms anticipate onboarding and approval outcomes. While not a replacement for a bank’s internal baseline, tools in this category reinforce an important 2026 point: external-facing decisions (licensing, new services, ecosystem onboarding) increasingly require institutions to pre-validate controls and evidence from a regulator’s perspective.

AI-enabled benchmarking and scenario simulation

Risk analytics platforms are increasingly used to run scenario simulations and stress-like analyses closer to real time. For as-is baselining, their value is less in producing a single number and more in exposing where data quality, governance, and model operations are insufficient to support faster decision cycles.

Real GDP growth	~4.5%–4.9%	~4.7%–5.3%
Loan growth	~12%	~10%–12%
Stage 3 loans (largest banks)	~2.7% (as of Sep 2025)	Directionally stable (baseline to monitor)

The implication for transformation governance is straightforward: the baseline should include explicit assumptions about growth, portfolio risk, and funding capacity so leadership can distinguish performance gains driven by operating change from gains driven by the cycle.

Deliverables that make the baseline usable in steering and funding

A well-constructed as-is assessment concludes with artifacts that can be used repeatedly in governance rather than filed away. Common deliverables include: an agreed transformation baseline statement (what “current state” means and how it will be re-measured), an integrated dependency map, a control-evidence map for key journeys, a prioritized constraint register (top blockers to speed, resilience, and AI readiness), and a sequenced roadmap that ties initiatives to measurable constraint removal.

When these artifacts are consistent, executives can make sharper trade-offs: where to standardize, where to modularize, which controls must be redesigned before speed increases, and which capability gaps will limit adoption even if technology changes are funded.

Strengthening baseline governance for transformation sequencing

Baseline language becomes more durable when it is anchored in an assessment discipline that is repeatable across business lines and stable under audit scrutiny. That discipline explicitly connects what is being documented (technology constraints, operational routines, control evidence, and workforce capability) to the trade-offs leaders are already managing: speed versus stability, experimentation versus model and data risk, and ecosystem expansion versus exposure.

Within that framing, an approach such as the DUNNIXER Digital Maturity Assessment supports executives in using the as-is baseline to evaluate readiness and sequencing confidence without relying on subjective labels. The same evidence that defines current-state constraints can be assessed for governance effectiveness, data foundations, and control design maturity, helping leadership decide which prerequisites must be completed before scaling agentic capabilities, accelerating change cadence, or broadening API ecosystems.

References

• https://www.ey.com/en_gl/insights/financial-services/four-regulatory-shifts-financial-firms-must-watch-in-2026#:~:text=In%20brief:,off%20cascading%20risks%20and%20impacts.
• https://www.grasshopper.bank/who-we-are/blog/2026-banking-trends-how-data-security-and-trust-will-define-the-next-era/#:~:text=AI%2Dpowered%20agents%20will%20handle,volatility%2C%20and%20broader%20economic%20uncertainty.
• https://www.backbase.com/banking-predictions-report-2026/ai-and-the-future-of-banking#:~:text=As%20deepfakes%20and%20AI%2Dgenerated,accountability%20will%20earn%20lasting%20loyalty.
• https://corp.kaltura.com/blog/top-credit-risk-management-tools-in-banks-for-2026/#:~:text=Data%20aggregation:%20Collecting%20data%20from,compliance%20and%20scalability%20features.%E2%80%8B
• https://www.ey.com/en_gl/insights/financial-services/four-regulatory-shifts-financial-firms-must-watch-in-2026
• https://www.ey.com/en_id/banking-capital-markets-transformation-growth/if-transformation-needs-to-be-bold-do-banks-have-the-right-tools-for-success#:~:text=Refresh%20talent%20propositions&text=Once%20leadership%20has%20mapped%20out,and%20rewarding%20place%20to%20work.%E2%80%9D
• https://www.ncontracts.com/nsight-blog/emerging-risks-in-banking#:~:text=We've%20entered%20a%20do,FI%20six%20years%20from%20now.
• https://informaconnect.com/top-5-risks-for-financial-risk-managers-in-2026/#:~:text=Human%20capital%20risks%20are%20especially,market%20conditions%2C%20and%20societal%20shifts.
• https://practiceguides.chambers.com/practice-guides/banking-regulation-2026#:~:text=The%20new%202026%20Banking%20Regulation,and%20the%20latest%20regulatory%20developments.
• https://assets.kpmg.com/content/dam/kpmgsites/xx/pdf/2026/01/kpmg-and-sap-banking-accelerating-banking-transformation-data-and-ai.pdf.coredownload.inline.pdf
• https://www.centralbanking.com/benchmarking/risk-management/7974879/risk-management-benchmarks-2026-report-tracking-op-risk#:~:text=As%20with%20benchmarks%20in%20previous,risk%20management%20for%20any%20organisation.&text=Only%20users%20who%20have%20a,the%20restrictions%20in%20clause%202.5.
• https://www.progressoft.com/blogs/strategic-investments-for-banks-in-2026-unlocking-value-beyond-iso-20022-migration#:~:text=Additional%20Priorities%20for%202026%20and,efficiency%20and%20enhance%20customer%20experiences&text=Cybersecurity%20and%20Resilience:%20Strengthen%20defenses,and%20creating%20new%20revenue%20streams
• https://iwis.io/en/blog/digital-transformation/#:~:text=To%20avoid%20this%2C%20a%20structured,to%20plan%20everything%20at%20once.
• https://www.accenture.com/us-en/insights/banking/accenture-banking-trends-2026#:~:text=The%20future%20of%20banking%20hinges,connection%20with%20AI%2Ddriven%20convenience.
• https://www.alogent.com/blog/six-steps-maximize-your-digital-transformation-journey-within-digital-banking
• https://www.emerald.com/ics/article/26/5/584/109068/An-approach-to-information-security-culture-change#:~:text=Data%20from%20the%20as%2Dis%20assessment%20and%20the,which%20corrective%20actions%20are%20defined%20and%20implemented.