ASX reset: 7 lessons for AI-ready finance teams

ASX has been told to “reset” its transformation program and hold an extra $150 million in capital until it rebuilds technology and organisational resilience. That’s not just an operational headline. It’s a flashing warning sign for every bank, insurer, super fund, and fintech trying to scale AI while running critical financial infrastructure.

I’ve seen a pattern across financial services: organisations talk about “AI strategy” when they still have availability risk, brittle change management, and weak data controls. The ASX review (and the long list of tech “incidents” that triggered it) is a clean case study in what happens when resilience becomes a side quest.

This post unpacks what the ASX reset signals for digital transformation in financial services, and how to design an AI in finance roadmap that regulators, customers, and your on-call team can live with.

What the ASX review really says (beyond the headlines)

The direct message is simple: underinvestment compounds. When upgrades are deferred and capability gaps linger, you don’t just “fall behind”—you build a backlog of risk that eventually forces an expensive, public reset.

The interim findings paint an organisation that:

• Underinvested in technology, processes, and people over multiple years
• Became reactive (“firefighting”) instead of building durable systems
• Struggled to turn feedback and reviews into targeted remediation
• Carried cultural signals that weren’t friendly to innovation

One detail should make every transformation leader wince: since 2020, ASX has faced 120+ external review reports about governance, capability, culture, and risk management. That’s not “rigour.” That’s noise, context switching, and decision paralysis—especially if the work isn’t sharply scoped.

For AI and fintech leaders, the lesson is uncomfortable but useful: you can’t audit your way into resilience. You build it.

Why major transformations fail in financial services (and why AI makes it harder)

The core failure mode isn’t “bad tech choices.” It’s misaligned incentives.

When shareholder returns, cost pressure, and short-term delivery metrics dominate, investment shifts away from the unglamorous work that keeps markets running: platform upgrades, dependency mapping, testing automation, incident response, data quality, and talent development.

The compounding effect: technical debt + operational risk

Financial institutions run systems where downtime has real-world consequences—missed settlements, halted trading, delayed payments, customer harm. If resilience work is delayed for years, the organisation ends up paying in three currencies:

1. Outages and incidents (and the reputational damage that follows)
2. Regulatory intervention (capital holds, remediation programs, reporting)
3. Transformation slowdown (because every change becomes riskier)

Now add AI to the mix. AI programs intensify every existing weakness:

• If data lineage is unclear, model risk becomes unmanageable.
• If environments aren’t stable, MLOps turns into a reliability nightmare.
• If change control is weak, you end up with “shadow AI” in spreadsheets and inboxes.

AI doesn’t fix broken plumbing. It depends on it.

The missing bridge: resilience is the foundation for AI in finance

Here’s the stance I’ll defend: Resilience is the prerequisite for responsible AI adoption in finance.

If your organisation can’t consistently deliver core services, it shouldn’t be scaling AI into higher-stakes workflows like credit decisions, fraud controls, trading, or market operations.

Where AI can help (when the basics are in place)

Once foundational controls exist, AI is genuinely useful for resilience—not as a PR story, but as an operating capability:

• Predictive incident detection: anomaly detection across logs, latency, and transaction patterns to catch degradations before customers feel them.
• Change risk scoring: models trained on past releases to predict which deployments are likely to trigger incidents.
• Automated root cause analysis support: summarising incident timelines, correlating alerts, and proposing likely fault domains.
• Capacity forecasting: better demand planning for peak periods (end-of-year trading, EOFY, holiday payment spikes).

Notice what these have in common: they require clean telemetry, consistent tagging, and disciplined operational processes. Without that, AI just creates confident-sounding guesswork.

7 practical lessons from the ASX reset for banks and fintechs

Each of these is framed as a decision you can make in Q1 planning—useful now, not “someday.”

1) Treat capital holds as a transformation cost you can avoid

ASX being asked to hold $150 million is a reminder that resilience failures don’t just create IT spend—they create balance-sheet consequences.

For regulated entities, the equivalent pain shows up as remediation overlays, higher operational risk capital, delayed approvals, and heightened supervisory attention.

What to do: bake resilience investments into your transformation business case as risk-weighted cost avoidance, not “tech improvement.” Your CFO understands capital.

2) Stop running transformations as gap-closing exercises

The review language criticises a focus on “closing gaps” rather than “striving for excellence.” That’s blunt, but fair.

Gap-closing creates a culture of minimum compliance: pass the audit, ship the patch, move on. Excellence looks different: fewer incidents, faster recovery, and systems designed for change.

What to do: set resilience targets that are hard to game:

• Mean time to detect (MTTD)
• Mean time to recover (MTTR)
• Change failure rate
• Percentage of services with tested runbooks

Tie leadership incentives to them.

3) Don’t let “too many reviews” replace ownership

120+ reports since 2020 is the kind of number that signals over-analysis and under-execution.

What to do: create a single remediation portfolio with:

• One accountable executive owner
• A ranked list of risks (top 10, not top 200)
• A quarterly “kill list” of low-impact initiatives
• Clear acceptance criteria for closure (not “report delivered”)

4) Invest in people like you invest in platforms

The review calls out underinvestment in “its own people.” In AI-heavy environments, talent gaps become existential.

You can buy tools. You can’t buy institutional knowledge overnight.

What to do: fund capability as a line item:

• SRE / reliability engineering
• Platform engineering
• Security engineering
• Data engineering and governance
• Model risk and AI governance

If you’re building AI in finance, add: MLOps engineering and AI assurance.

5) Make customer feedback operational, not ceremonial

A recurring critique is lack of action in response to customer feedback. For market infrastructure, “customers” are participants, brokers, clearing members, and vendors—people who feel issues early.

What to do: operationalise feedback into release planning:

• Tag feedback by service and failure mode
• Set SLAs for response and remediation decisions
• Publish a “what we changed” cadence internally (and externally where appropriate)

This also helps AI programs: user feedback becomes labelled data for prioritisation and triage.

6) Build business continuity that assumes tech will fail

Resilience isn’t “no incidents.” It’s graceful degradation and rapid recovery.

What to do: test contingency like you mean it:

• Quarterly failover tests for critical services
• Chaos engineering for non-critical components first
• Tabletop exercises that include execs (not just IT)
• Vendor incident drills for key third parties

If your AI models drive decisions, include model outage scenarios: what happens if the model, feature store, or real-time data feed is unavailable?

7) Use AI where it reduces risk, not where it increases novelty

Many finance teams start AI in the highest-stakes areas because the ROI story is exciting. That’s backwards.

What to do: sequence AI adoption like this:

1. Operational AI (monitoring, incident summarisation, knowledge search)
2. Decision-support AI (human-in-the-loop for fraud ops, compliance triage)
3. Customer-facing AI (chat, personalisation) with strict guardrails
4. High-stakes automation (credit, trading) only after governance maturity

You earn the right to automate.

A simple “AI-ready resilience” checklist for 2026 planning

If you’re building your 2026 roadmap right now, this is the checklist I’d put in front of a CIO, COO, or Chief Risk Officer.

Core resilience controls (non-negotiable)

• Critical services mapped end-to-end (dependencies, owners, RTO/RPO)
• Automated testing coverage for high-risk change paths
• Centralised observability (logs/metrics/traces) with consistent taxonomy
• Incident management with measurable MTTR improvements quarter over quarter
• Vendor and third-party resilience requirements embedded in contracts

AI governance controls (before scaling use cases)

• Data lineage and quality controls for key datasets
• Model inventory (what’s in production, who owns it, what data it uses)
• Monitoring for drift, bias, performance, and security
• Clear human accountability for AI-driven decisions
• Audit-ready documentation that doesn’t require heroics

If you can’t tick most of these boxes, don’t pause AI entirely—but keep it focused on reducing operational risk, not expanding it.

What this means for Australian fintech and bank leaders

ASX’s reset is a market-infrastructure story, but the signal travels. Regulators, boards, and customers are less patient with avoidable outages, and they’re increasingly sceptical of glossy “transformation narratives” that don’t show reliability outcomes.

For teams working on AI in finance and fintech, the practical takeaway is straightforward: build resilience like it’s a product. Fund it like it’s a risk control. Measure it like it’s a customer promise.

If your organisation is pushing AI into fraud detection, credit scoring, algorithmic trading, or personalised financial solutions, ask this internally: would we trust our current operating model to support higher automation next year—during peak load, vendor incidents, and staff turnover? If the answer is “not really,” your next investment decision is already made.