Are banks adopting AI fast enough? | Miguel Navarro & Angela Diaz

Miguel Navarro is an innovator, patent holder, and fraud fighter currently obsessed with agentic factories at KeyBank. Angela Diaz is a senior risk manager for external fraud oversight, second line of defense, with a focus on scams, AI governance, and industry education. 

In this interview from Fraud Fight Club III, we explore why fraud teams are falling behind on AI adoption, what makes deepfakes so hard to catch, and why they both land in the same place: people still matter most.

Advice on AI: Stop reading about riding the bike

Miguel's challenge to fraud teams: too many people are reading about AI instead of using it. The Gartner reports get read. The pilots don't get run. His framing was direct: identify the specific threats in your environment, then actually test the tools available to you. Not as a proof of concept. As operational practice.

Angela's entry point is more immediate. Most banks already give employees access to tools like Microsoft Copilot. You can use it today to screen large data sets, cross-compare policies against regulations, and find gaps in standard operating procedures. Those are real wins that don't require a procurement cycle.

Her advice on fear: it's okay to not understand AI yet. Stay open, take baby steps, build confidence. What's not okay is deciding not to try. Fraud evolves whether or not you do.

“There are too many people reading about riding a bike versus actually riding the bike.”

Miguel Navarro

Head of Applied Emerging Technologies, KeyBank

Why deepfakes are so threatening to banks

Angela's answer to what keeps her up at night was immediate: deepfakes. Not because they're hard to generate, but because of where the damage happens.

Deepfake-enabled scams typically involve social engineering that takes place entirely outside the bank's visibility. A legitimate customer is manipulated before any transaction is initiated. By the time the bank sees the activity, the customer is acting on what they believe is a legitimate instruction. The behavior looks normal. Standard anomaly detection has no signal to work with.

Miguel's concern is the breadth of the category. Most fraud teams have heard of deepfakes but treat it as a single problem. It isn't. There are AI-generated documents, traditional forgeries, insider methods, and variations within each that require different detection mechanisms. Knowing a deepfake exists is not the same as knowing how to catch it.

And the baseline keeps moving. As Miguel put it: today is the worst AI will ever be. Everything that comes next will be more capable.

“Deepfakes are a thousand percent what keeps me up at night. When that social engineering happens outside the bank and involves a legitimate customer, it's very hard to detect as abnormal behavior.”

Angela Diaz

Senior Risk Manager, TD Bank

Managing risk vs. avoiding it

One of the clearest moments in the conversation: Miguel's distinction between managing risk and avoiding it. Organizations that avoid risk learn nothing, fall behind, and eventually disappear. Organizations that manage risk learn, adapt, and stay in the game.

Neither Miguel nor Angela is arguing for reckless AI adoption. Angela's point is that a solid governance framework is what makes confident adoption possible. Defined use cases, performance monitoring, appropriate controls. Not a compliance exercise. The structure that lets you move.

“There's a huge difference between managing risk and avoiding risk. When you manage risk, you learn. When you avoid risk, you stay exactly the same.”

Miguel Navarro

Head of Applied Emerging Technologies, KeyBank

Collaboration as strategy, not buzzword

Angela's hot take: the fraud industry needs more genuine collaboration. Not the surface-level kind, but real coordination on recovery between banks, between banks and law enforcement, and between institutions and regulators. In a real-time payments environment, the speed of fraud outpaces the speed of response. That gap closes through relationships, not just technology.

Miguel's version of the same idea: show up at industry events and actually talk to people. Talk to vendors. You might not buy anything, but you will learn something. Anybody in financial services who says they don't have gaps is not being honest. The question is how you close them, and sometimes the answer is outside your organization.

Speaker bios

Miguel Navarro is an inventor, patent holder, fraud fighter, and agentic AI builder at KeyBank. His focus is on moving fraud teams from AI curiosity to AI application.

Angela Diaz is a Senior Risk Manager for external fraud oversight and second line of defense at TD Bank. She specializes in scams, deepfake risk, and building AI governance frameworks that give institutions the confidence to actually deploy.

Frequently Asked Questions

What are deepfake scams and how do they affect banks?

Deepfake scams use AI-generated audio or video to impersonate trusted individuals — a family member, a bank representative, a CEO — to manipulate victims into transferring funds or disclosing credentials. For financial institutions, the challenge is that the manipulation often happens entirely outside the bank's visibility, involving a legitimate customer acting on what they believe is a legitimate instruction. The resulting transaction looks normal from the bank's perspective.

Where should fraud teams start with AI?

Angela Diaz's recommendation: start with tools already available inside the organization. Microsoft Copilot, for example, can screen large data sets, compare policies against regulations, and surface gaps in standard operating procedures. Real wins, no procurement cycle required. Miguel Navarro's version: identify the specific threats in your environment and test available tools against them. Not a proof of concept. Operational practice.

What is an AI governance framework and why does it matter?

An AI governance framework defines approved use cases, how model performance gets monitored, and who is accountable for outcomes. Angela Diaz's argument is that it is not primarily a compliance document. It is the structure that allows an institution to move with confidence, test, deploy, and iterate without getting stuck in approval loops.

What is the difference between managing risk and avoiding risk?

Miguel Navarro's distinction: organizations that avoid risk learn nothing and fall behind. Organizations that manage risk learn, adapt, and stay competitive. The goal is not to eliminate risk. It is to manage it well enough to keep moving.

Related Reading

• Love Con Revenge: What fraud leaders can learn from Netflix's romance scam docuseries — A prior conversation with Angela Diaz on AI scams, deepfakes, and how banks detect behavior that starts outside their walls.
• From forgeries to deepfakes: Document fraud in the age of generative AI — How document fraud has crossed the threshold where manual review is no longer sufficient.
• AI Fraud Detection for Document & Credit Risk — How Inscribe approaches the detection problem Miguel and Angela described.

Subscribe to Inside Inscribe for monthly updates on fraud, AI, and what I'm learning from the people fighting it.