Why every fintech needs an AI audit before they buy a platform

You are in the back half of a sales cycle for an AI platform. The vendor's pitch deck is good. The demo was crisp. The pricing makes sense, more or less. The case studies are from companies that look like yours. Your CFO is asking when you're signing. Your head of ops is asking when she gets her team back. Your CEO read a McKinsey piece on the plane and wants you to "do something with AI" before the next board.

You have probably not yet done the one thing that would have saved you the next eighteen months of regret: a structured, honest audit of where AI actually fits in your business, conducted by someone who isn't selling you the platform.

This piece is for the executive who is about to sign a big software contract, and the team that's going to have to live with the result. It explains why platforms keep failing in South African fintech, what an audit actually looks like, and how to know whether you should buy, build, or do nothing at all.

The platform trap

Most "AI platforms" sold to fintech right now fall into one of three buckets. There's the workflow automation suite that adds an LLM to the existing Make/Zapier playbook. There's the document-AI vendor that processes KYC, contracts, and invoices through a black-box pipeline. There's the customer-experience tool that promises a deflection-rate uplift on your support tickets.

Each one demos beautifully. Each one is selling you a generalised abstraction of a problem you have a specific version of. The demo is built against perfect synthetic data. Your production data is a mess of legacy PDFs, mid-2010s Word docs that have been resaved fourteen times, scanned faxes from 2017, and a queue of WhatsApp screenshots from your relationship managers. Your specific compliance constraints (FICA, FAIS, FSCA conduct standards, POPIA) need to be encoded in writing, in policy, with audit trails. None of that is in the demo.

So you buy the platform. You get six weeks into onboarding and one of three things happens:

1. The platform technically works but only on the 30% of your data it can ingest cleanly. The other 70% sits in a backlog you'll process "later."
2. The platform processes everything but produces output your compliance team won't sign off on, so you assign two analysts to review every decision, which is what you were already doing.
3. The platform works, but only when the vendor's professional services team is in the room. They invoice you R40k a week to keep it working. Renewal in nine months.

This isn't because vendors are dishonest. It's because the platform's job is to be general, and your problem is specific. Without doing the work to figure out which parts of your operation are actually shaped like the platform, you don't have a basis to know whether the platform fits.

What an audit actually buys you

An AI audit is a paid one-to-two week engagement (we charge for ours; anyone offering it free is selling you something else). At the end of it you have four things you didn't have before:

1. A real inventory of where the time goes. Not what your team thinks they spend their time on. The actual minutes, mapped against the actual workflows, observed firsthand. This is the input to every other decision.
2. A ranked list of high-impact opportunities. Five to ten places where AI could plausibly reduce time, error, or risk. Each one sized: how much time, how much error reduction, how technically feasible, how much it would cost to build.
3. A short list of things you should explicitly not automate. Sometimes the answer is "this needs a human, here's why." Knowing what's off the table is as important as knowing what's on it.
4. A build-ready scope for the top three. Detailed enough that you could put it out to bid, internally or to a third party, without doing more discovery.

The audit does not buy you an AI strategy deck. It does not buy you a "transformation roadmap." It does not buy you a workshop where everyone agrees AI is exciting. It buys you a document specific enough that you can read it next to a platform's brochure and immediately see what overlaps and what doesn't.

What we look at in a fintech audit

Every fintech audit covers roughly the same surface, weighted by the specific business. The pattern:

Compliance ops (KYC, FICA, AML)

Onboarding, ongoing diligence, source-of-funds review, transaction monitoring, suspicious-activity reporting. These are usually the highest-volume manual workflows and the ones most exposed to staff turnover. We map every handoff, count the average minutes per case, and identify the deterministic 60% (document extraction, ID verification, sanctions screening) that's automatable and the 40% (judgement calls, escalations, regulator-facing decisions) that probably shouldn't be.

Customer servicing

Inbound queries across email, WhatsApp, support tickets, advisor portals. We look at the realistic deflection opportunity (usually 30 to 50% of low-complexity questions), the cost of getting it wrong (much higher in regulated advice contexts than in retail), and the integration surface (where does an AI assistant need to read from your core system to give a useful answer).

Operations and back office

Reconciliations, reporting, escalations, exception handling. Often the highest ROI in a fintech audit. A single well-built reconciliation agent can pay for the entire engagement in three months. We identify the rules-vs-judgement split here, because the rules half is automation and the judgement half is decision support.

Advice and underwriting (if applicable)

This is where the audit earns its keep. AI in regulated advice is a minefield. The FAIS Act requires a licensed Financial Services Provider to remain accountable for any advice delivered, which means AI-assisted advice is permissible only under a licensed FSP and Key Individual who carries the regulatory liability for what the model produces. In practice that constrains how you build: the AI can pre-read, retrieve, summarise, and flag, but the audit trail, the sign-off, and the accountability chain have to land on a human FSP. Getting this line wrong is what puts your FSP licence at risk. We are explicit and conservative about what an AI system can and can't do in this layer.

Data and integrations

The boring half, and the half that decides whether any of the above is achievable. Where does the customer record actually live? How current is it across systems? What's the practical cost of getting clean data to the AI? Many "AI projects" are actually data-integration projects in a trench coat. The audit makes that explicit before you commit.

Build vs buy: how the audit settles it

After the audit you'll be in one of three positions. Most audits land in the first two.

Buy the platform. The platform genuinely covers the top three opportunities, the integrations are realistic, the compliance fit is good, and the total cost over three years is lower than building. This is rarer than vendors will tell you but it does happen, particularly for very generic workflows.

Build something specific. The opportunities are specific enough to your operation that no generic platform fits well. The cost to customise the platform to your needs is higher than building the thing directly. You build, you own, you ship. This is a common outcome of an honest audit, particularly for fintechs above SME scale.

Don't do it now. Some audits land here. Either the data isn't clean enough yet, or the workflows are about to be redesigned, or the ROI is real but small and you have more important fires. The audit told you not to spend the money. That's a win you couldn't get any other way.

If you are about to sign a contract that has more zeros than your last bonus, pause for two weeks. Get someone independent to map the actual problem against the actual platform. Worst case you delay a sign-off by a fortnight. Best case you save the next eighteen months and several million rand.