How Union Bank PH modernized internal ops on a compliance-aware AI stack.

Union Bank of the Philippines is one of the most digitally forward banks in Southeast Asia. The customer-facing product is modern. The mobile app is a market leader. The product organization has shipped category-defining features in payments, lending, and digital onboarding. The customer experience is what you would expect from a leading digital bank. The internal operations side did not always match the customer-facing modernization. Document-heavy workflows in compliance, internal finance reconciliation, and inter-team request handling were still running on operating models that produced bottlenecks the customer-facing speed could not absorb.

The structural problem was the compliance-AI tradeoff that every regulated financial institution faces. Off-the-shelf AI tools that would have solved the document processing problem on a generic operations team are not viable on workflows that handle PII, KYC data, or customer financial records. Sending customer documents to cloud-based AI models without explicit data handling guarantees is a compliance failure waiting to happen. The bank could not absorb that risk. At the same time, refusing to use AI at all on internal ops was leaving real productivity on the table. The question was not whether to use AI. The question was how to use AI inside a compliance posture that did not move.

The deeper problem was the internal knowledge ops layer. The bank had thousands of employees across operations, compliance, risk, and product. Internal requests for information about procedures, policies, system documentation, and how-to questions were consuming a meaningful share of Slack and email volume. The same questions got asked and re-answered. The institutional knowledge was extensive and structurally hard to access without a human pointing the asker at the right document. The labor cost of internal knowledge ops was significant and the productivity drag was real.

Union Bank came to EOI for the compliance-aware AI architecture specifically. The bank had clear opinions on what could and could not leave the bank network. PII, KYC, customer financial records, and compliance-sensitive documents had to stay on infrastructure the bank controlled end to end. Non-PII operational documents, internal policy materials, system documentation, and knowledge management surfaces could run on sanitized cloud agents as long as the data classification was explicit and audited.

The shape of the architecture that fit was a split-surface deployment. On-device agents running on bank-controlled infrastructure for the PII-sensitive workflows. Sanitized cloud agents for the non-PII operations. Explicit data classification at the workflow level so every document was routed to the correct processing surface by policy, not by individual judgment. The matching service breakdown sits at Local Agent Setup for the on-device side and AI Ops Department for the operational surface, with the fintech-vertical context at AI for Fintech.

The other reason the fit was clean was the strategic AI advisory layer. The bank wanted a partner that could think through the AI architecture decisions across multiple operational surfaces, not a vendor selling a single tool. EOI ran the strategic AI consultancy alongside the operational deployment. Architecture decisions about data classification, model selection, audit logging, and human-review gates all got worked through with the bank operations and compliance teams as part of the engagement rather than as separate vendor handoffs.

The first measurable result was the compliance posture holding. On-device agent deployment on the PII-sensitive workflows produced the same processing quality as cloud equivalents with zero PII exposure outside the bank network. The compliance and risk teams could trace any document through the audit log and reconstruct the routing decision. The structural answer to the compliance-AI tradeoff that every regulated bank faces was the architecture itself. The compliance posture was not a constraint that bottlenecked the AI deployment. It was an input that shaped the architecture and let the deployment ship.

The internal knowledge copilot is the result the employee population felt most directly. The Slack and email volume for tier-one internal knowledge questions collapsed. Employees got the policy answer with the source citation in seconds instead of waiting for a human to point them at the right document. The institutional knowledge that had been structurally hard to access became a real productivity asset. The labor cost of internal knowledge ops moved from significant to negligible on the in-scope surface.

The document processing side compounded next. The operational workflows that had been consuming meaningful labor hours on invoice processing, form handling, and inter-team request artifacts moved to the agent layer. The humans on the operations team transitioned to exception handling and the higher-judgment ops work that needed their experience. The labor reallocation followed the same pattern we have seen across every operational consolidation we run, with the compliance-aware architecture as the differentiator that made it viable in a bank context.

The strategic AI partnership is the result that matters for the long-term operating model. The bank executive team has a partner thinking through AI architecture decisions across operational surfaces over time. New workflows that come into scope get architected against the existing compliance posture. Emerging AI tooling gets evaluated against the existing audit logging and data classification framework. The architecture compounds because the strategic layer is part of the engagement. The same pattern works across every regulated industry we work with, which we have detailed at AI for Fintech and the on-device side at Local Agent Setup.