Skip to main content

The Governance of Innovation: Why Financial AI is a Strategy Problem, Not a Tech Problem

A conversation with Sandeep Mangaraj—Co-founder and Managing Partner of Aileron Group, former Microsoft Managing Director of US Fintech, and veteran EY Partner—on bridging the gap between rigorous model risk governance, enterprise cloud scale, and the fast-evolving frontier of generative AI.

By Louise Servoin · 2026-06-15 · 11 min read

## Sandeep Mangaraj – Co-founder & Managing Partner at Aileron Group | Ex-Microsoft, EY

Expert in financial technology, model risk management, and GenAI implementation. NIT Rourkela, IIM Lucknow, and University of Minnesota alumnus. Based in NY, United States.

Some professionals understand credit risk validation. Others understand the architecture of neural networks. Rarely do you find someone who can navigate both while operating in the high-stakes environment of global financial systems.

Sandeep Mangaraj’s trajectory—from quantitative academic studies in Applied Economics at the University of Minnesota to building a $50 million model risk platform as an EY Partner, and driving over 50% year-over-year AI workload growth at Microsoft—places him at a unique intersection of risk control and technological scale. Now, as the Co-founder of Aileron Group, he helps organizations move beyond corporate "science experiments" into production-ready GenAI deployments.

We sat down with Sandeep to discuss why traditional implementation playbooks fail, how the "Risk Manager's Paradox" can unlock secure innovation, and why modern workforce enablement requires a shift from passive training to sandbox-driven "vibe coding."

## The Hybrid Risk Architect

Sandeep, you have transitioned from leading Microsoft's US Fintech business to co-founding Aileron Group, an AI-first advisory firm. How does this "builder" mindset change how you advise mid-sized financial institutions?

The opportunity and the challenge we set out to address when we founded Aileron Group came down to a gap we saw in the market. Here was a genuinely democratizing technology that could help mid-sized companies move faster, and yet it was perceived as too esoteric or too complex for them to take advantage of.

Let's think about it for a moment. A mid-sized bank doesn't pay substantially more for the same token than the largest banks in the world, nor does it need millions of dollars to get started. The cost of entry has collapsed. What it does carry is a different problem. Much more of its technology and operations are outsourced, and every SaaS vendor is now shipping its own AI feature. The failures rarely show up inside any one tool. They show up at the seams, where those tools are supposed to connect. These are the firms struggling to get started, and that is where we are primarily focused.

What I've seen over the last year and a half is that they don't have the bandwidth or the time for a traditional strategy, then plan, then POC, then scale approach. They need solutions that work, not POCs. We help bring those ideas to reality through rapid prototyping and a tight test-and-learn loop. And our clients have encouraged us not to stop at the business case but to help them ship it. We are building with our clients and partners.

## Reversing the Implementation Framework

Historically, technology adoption in highly regulated sectors follows a slow "crawl, walk, run" strategy to minimize risk. You argue for completely reversing this framework for generative AI. Why?

The traditional approach is fundamentally mismatched with the speed of this platform shift. Major technology providers have already invested billions of dollars to build highly capable, ready-to-use models. When the technology is this accessible, waiting for a perfect multi-year roadmap is how you fall behind. The slow path is the risky one.

So we invert the usual order. We call it Run-Walk-Crawl.

If you try to "crawl" first by spending months writing policy before touching the tools, your competitors have already lapped you.

"The greatest risk in AI transformation isn't moving too slowly — it's measuring the wrong things and drawing the wrong conclusions." — Sandeep Mangaraj

## Shifting to AI-Assisted Enablement and "Vibe Coding"

A major bottleneck in AI adoption is workforce readiness. How does generative AI shift how corporate teams learn, and how do we prevent talent from falling behind?

The instinct is to treat this as a training problem but that is where it often goes wrong. The only way to understand the jagged edge of GenAI is by doing. Test and learn is not a slogan, it is the only strategy that works, especially for a technology changing at the rate that AI is.

More importantly, this is not an exercise only for the rank-and-file. Executives cannot delegate the learning. They need to feel the edge themselves, on the problems they actually care about. When they do, the conversation changes. They stop debating what GenAI might do in the abstract. They start seeing what it does, and what it doesn't, on the outcomes that they care about most.

When they delegate, they lose that instinct. And the organization defaults to the same use cases everyone else is running. Email summaries. Customer support. The safe, obvious ones. That is not tapping into the potential of this technology. It is copying the person next to you.

## The Risk Manager's Paradox

Risk and compliance are usually seen as departments that slow down innovation. You’ve written about "The Risk Manager's Paradox," suggesting they should actually lead AI transformation. Can you explain this?

One can argue that AI, and GenAI specifically, brings unique risks. But when you dive deeper, what you find is that existing risk management frameworks, especially in regulated industries like financial services, are fairly robust and extend to these new risks. The principles hold. The application needs to be differently calibrated.

This puts risk managers in a unique position. Not to look at it only from a compliance point of view, but to genuinely help the organization adopt this transformative technology responsibly. If they stay on the sidelines, the people actually deploying it will be the ones who understand risk the least. You want to lead the change and not be the ones called in to clean up after the damage is done.

## The Challenge of BYOAI (Bring Your Own AI)

With studies showing that up to 78% of employees are using unsanctioned generative AI tools at work, how should leadership address the security and compliance risks of "Bring Your Own AI"?

Banning these consumer tools is a losing strategy. It only pushes the behavior underground, exposing the firm to potentially severe data leak and compliance risks.

The solution is not shutting the door but providing the right secure, enterprise-grade alternatives. When you give employees a controlled environment where they can safely work with real data, you eliminate the hazards of shadow IT while empowering them to productively use the technology.

And do not forget, banning your own employees does not make you immune. Your vendors, your competitors, and bad actors are all using these tools anyway. All you have given up is the learning that comes from using them yourself.

## The Golden Thread

We often see a gap between what technology can do and what professionals actually adopt. How do we ensure AI becomes a 'co-pilot' that elevates human judgment rather than a tool that encourages intellectual passivity?

With apologies to Robert Frost, two roads diverge here. One road uses AI to automate the "low value" work so people can focus on what moves the dial. It sounds like progress, and it is the comfortable choice. But follow it far enough and the human's real job could become training the models that will replace them.

The other road treats AI as a force multiplier for knowledge. Every worker brings their own experience and expertise to the encyclopedic knowledge and reasoning these models hold. It sounds like more work, because it is. But follow it far enough and you could build something that did not exist before: super-human knowledge workers.

It's clear to me which road I am taking. How about you?

Tags: AI, Fintech, Corporate Governance, Risk Management, Digital Transformation, Aileron Group