The banking sector increasingly sees AI as a strategic lever enabling it to strengthen competitiveness, optimize operations, and personalize the customer experience. According to a 2025 survey by S&P Global Market Intelligence on more than 550 banks worldwide, over 54 per cent have deployed AI initiatives in internal operations, surpassing the cross-industry average.
At a roundtable on Vietnam’s digital banking landscape in the AI era, Mr. Pham Anh Tuan, Director General of the Payment Department at the State Bank of Vietnam, emphasized that AI is not merely a technological tool but a new capability that is reshaping how banks operate, make decisions, and serve customers. However, behind the strong wave of AI investment, many Vietnamese banks continue to face a major “bottleneck”: data fragmentation, or, more specifically, problems in the quality of data sources, which form the core foundation of any AI system.
Data bottleneck
According to Mr. Luu Danh Duc, Deputy CEO of LPBank, data governance foundations at many banks remain incomplete and ineffective in practice. “Data systems are becoming increasingly complex, tangled, and fragmented across departments and business systems,” he believes. “Data exists, but it does not ‘flow’; there is plenty of data, but it is unusable; data is collected quickly, but it is difficult to maintain, scale, and control over the long term.”
In that context, many banks have opted to restructure their entire data architecture or deploy new data platforms in the hope of creating a more unified, modern, and manageable data flow. This approach clearly reflects the broader picture for Vietnam’s banking sector as it confronts the demands of digital transformation and effective data utilization.
However, the challenge is far more complex than simply selecting a new technology platform. In theory, there is no shortage of data governance, analytics, and AI solutions, but in practice the gap between solutions “on paper” and effective real-world deployment remains significant, requiring long-term vision, persistence, and a fundamentally-sound approach starting with data foundations.
Many business leaders still believe that investing in data technologies or AI alone will solve their problems. Technology vendors are eager to roll out pilot projects and proof-of-concept (PoC) models. Yet most of these initiatives ultimately fail to meet expectations, because the data required to run the models either does not exist within the system or exists but is substandard, inconsistent, or not available in a timely manner.
Another major challenge lies in measuring the return on investment (ROI) of data and AI projects. Mr. Duc noted that as AI becomes a global trend, many organizations feel pressured to “do AI” simply because their competitors are doing so. Without a solid data foundation, however, AI delivers little real value. Data is not a magic solution that creates immediate results; it is a long-term capability that must be built steadily, strategically, and with discipline.
Mr. Tran Phu Nghia, Chief Information Officer at VietBank, pointed out that data used for reporting and decision-making remains scattered across multiple systems and departments. Aggregating data, meanwhile, is time-consuming, lacks timeliness, and directly undermines the quality of management and operations.
In addition, many banks have stopped at digitization rather than true automation. Reporting, appraisal, approval, and case processing workflows still rely heavily on human intervention. This slows down operations, reduces flexibility, and makes it difficult to fully leverage AI’s potential, particularly autonomous AI models, or agentic AI, which require highly-integrated data and standardized processes.
At the core of the issue, many experts argue, is not technology but people, processes, and organizational culture. When business units lack cooperation and discipline in data management, chasing new technologies only adds further complexity to already strained systems. Without identifying the true root causes, data and AI initiatives risk becoming costly investments that fail to generate meaningful value.
Compliance pressure
The Law on Personal Data Protection No. 91/2025/QH15, effective from January 1, 2026, together with Decree No. 356/2025/ND-CP guiding its implementation, significantly raises the bar for how customer data is stored, protected, and used.
Under these instruments, personal data, particularly banking and financial data, must be strictly managed throughout its entire lifecycle, from collection and processing to storage, utilization, sharing, and disposal. For banks with foreign partners or international customers, compliance requirements are even more stringent, as institutions must meet both domestic and international standards simultaneously.
Specifically, the law imposes rigorous requirements for the protection of sensitive personal data in the banking and financial sector. Banks are required to apply the highest standards of safety, security, and confidentiality to customer data, and may collect and process only data that is genuinely necessary for clearly-defined business purposes.
In addition, the Law mandates that banks appoint dedicated personnel or a specialized unit responsible for data protection, commonly referred to as a Data Protection Officer (DPO). This function must meet minimum standards in qualifications and experience, and is tasked with developing and overseeing data protection policies, conducting risk assessments, organizing internal training, and serving as the focal point for engagement with regulators when necessary. This marks a significant shift, underscoring that data protection is no longer an auxiliary responsibility of IT departments but an independent governance function within banks.
With regard to cross-border data transfers, particularly when banks work with foreign partners such as cloud service providers or international fintech firms, the Law requires institutions to conduct cross-border Data Transfer Impact Assessments (DPIAs). Banks must also apply technical measures such as encryption, anonymization, or data minimization for sensitive datasets. These provisions mean that decisions on data architecture, technology partners, and AI deployment models are now more tightly linked than ever to legal compliance requirements.
Data governance is no longer the sole domain of IT or cybersecurity teams, it has become a strategic issue at the highest level of management. In practice, while many data governance frameworks have been designed in considerable detail, translating them into effective day-to-day operations remains a long and challenging journey.
According to Mr. Nghia, as AI is applied more deeply across banking operations, information security and personal data protection have become increasingly critical, especially given the limitations that still exist in overall data governance platforms. Training and operating AI models require vast volumes of data, heightening the risk of data leakage, misuse, or misapplication in the absence of robust control mechanisms.
Experts stress that data security today is not merely about defending systems against external attacks but about embedding protection across the entire data lifecycle. This includes clear access controls, monitoring data usage, governing data inputs for AI models, and ensuring traceability and accountability in the event of incidents.
In reality, there have already been cases in which organizations used public AI tools and inadvertently uploaded financial and customer data onto uncontrolled platforms, resulting in serious data breaches. Such risks not only damage institutional credibility but can also trigger severe legal penalties as Vietnam’s personal data protection framework continues to take shape and be more strictly enforced.
Foundational factors
The Law on Personal Data Protection 2026 is likely to drive up investment costs for building and operating data governance and AI frameworks, from refining processes and standardizing systems to training dedicated personnel and conducting regular assessments and audits. However, strict compliance with these regulations will also help banks strengthen and enhance customer trust in the digital environment.
More importantly, a well-governed and secure data foundation can become a critical competitive advantage, enabling banks to roll out digital initiatives and deploy AI in a more sustainable manner.
At present, debate continues over whether banks should prioritize an “AI-first” strategy by launching small AI projects to generate quick wins, or a “Data-first” approach, focusing on building a robust data foundation before moving into AI.
From the perspective of someone directly involved in deploying AI for multiple banks in Vietnam, Mr. Ha Quang Thai, AI Consulting Director at FPT Digital, argues that the success of AI projects does not hinge on “adopting technology as early as possible” but rather on three foundational factors that banks must pay close attention to.
First, AI can only deliver real value when built on a sufficiently strong and consistent data platform. AI models perform best when “nourished” with high-quality data that is continuously updated and synchronized across systems. In reality, however, data at many Vietnamese banks remains fragmented, scattered across legacy systems, lacking interoperability, or not standardized under common frameworks. In such conditions, rushing into AI deployment can result in high costs with disappointing outcomes.
Second, Mr. Thai emphasized the need for a well-defined AI strategy, rather than a fragmented, pilot-driven approach. “While these initiatives may deliver some early results, they easily lead to ‘siloed’ AI; disconnected solutions that fail to create synergies across the broader system,” he explained. Without a clear integration roadmap, banks will struggle to build an intelligent AI ecosystem capable of supporting end-to-end operations and decision making.
Third, beyond data and strategy, the human factor remains decisive in AI implementation. Mr. Thai noted that one common mistake is placing excessive emphasis on technology while underinvesting in workforce training and operational mindset change. “AI cannot fully replace people; it must be operated by teams that understand both banking operations and how AI models work,” he said. “Therefore, alongside technology investment, banks need to build internal capabilities, upskill their workforce, and prepare for changes in working methods as AI moves into real-world operations.”
There is no one-size-fits-all formula for banks. What cannot be overlooked, however, is that data must be treated as a core capability, requiring long-term investment, a clear roadmap, and direct leadership from the top. CEOs cannot simply delegate data responsibilities to IT departments; they must act as chief architects of data and AI strategy.
Only by addressing data fragmentation, establishing a unified data architecture, embedding legal compliance by design, and fostering a data-driven culture across the organization can AI truly become a decision-support tool and deliver sustainable value for the banking sector. Otherwise, continuing to deploy AI on fragmented and weakly-governed data foundations will see the data “bottleneck” persist, constraining the AI transformation ambitions of Vietnamese banks.
Google translate