Patient data systems, compliance reporting, and workflow automation for regulated environments.
Real-time tracking, route optimization, and inventory visibility across your distribution network.
Scale your product infrastructure, integrate third-party tools, and ship features faster with reliable ops.
Secure transaction processing, regulatory reporting, and customer-facing portals for financial services.
HITL governance banking is no longer a best practice option for financial institutions under OCC and FDIC supervision. When examiners audit your technology delivery process, they are not just checking which systems you deployed. They ask who approved each change, at what point in the process, and where the documentation lives. Banks that cannot answer those three questions consistently are carrying a compliance gap, not running a governance program.
This post covers what a working HITL governance model looks like inside a bank's software delivery pipeline, how OCC and FDIC supervisory expectations translate into concrete approval checkpoints, and how azure consulting services, azure cloud migration services, and power platform governance tools can embed those controls directly into how your team delivers software.
The regulatory pressure behind hitl governance banking has been building since 2021. OCC guidance on model risk management, reinforced through supervisory letters in 2023, explicitly requires human validation before any model enters production. FDIC examiners, particularly under the technology assessment sections of the FFIEC IT Examination Handbook, look for evidence that humans are reviewing outputs before those outputs affect customers or risk calculations.
What changed recently is the scope. When AI was confined to niche credit scoring models, banks could treat governance as a model risk management problem. Now that AI generates code, writes compliance summaries, and automates customer-facing workflows, the question of who reviewed the output before it went live applies to nearly every technology project.
Human-in-the-Loop (HITL) governance places a mandatory human review and approval step between any automated or AI-generated output and its production deployment. In a banking context, the sequence is:
The critical difference from standard code review is the audit trail. Every approval must be retrievable, attributable to a person (not a team), and tied to the specific artifact reviewed. For a practical breakdown of how this works in software delivery, see what is human-in-the-loop governance.
Most bank technology projects need human approval at three moments in the delivery cycle:
OCC technology risk management guidelines require banks to document who authorized each technology change and retain that documentation for examination review.
If your team uses AI to generate code and ships it through a fully automated pipeline with no human review step, you are creating a material examination finding. The problem is not the AI itself. It is the absence of a documented human decision point that examiners can verify. We covered this in depth in what happens when AI writes code and nobody reviews it.
HITL governance banking, in operational terms, is a set of structured checkpoints embedded in your delivery process, each requiring a named human to review and approve before the pipeline advances. It is not a committee that meets monthly. It is not a sign-off form buried in a SharePoint folder. It is a gate in the pipeline itself.
The most effective banking HITL programs share four characteristics:
Azure consulting services play a specific technical role in HITL governance for banking. Microsoft Azure includes native tooling that, when properly configured, enforces human approval checkpoints at the infrastructure level. Most banks are not using that tooling to its full compliance potential.
QServices is a Microsoft Certified Solutions Partner specializing in Azure, and across 500+ Azure and Microsoft platform projects since 2014, the pattern we see most often is this: banks have Azure DevOps pipelines, but approval gates are either absent or configured as optional. Making them mandatory is a configuration change that takes hours. Getting the governance policy written so those gates satisfy regulators takes considerably longer.
As an azure migration partner for regulated financial institutions, we start every engagement by mapping the regulatory surface area before touching infrastructure.
An azure architecture review for a banking client begins by identifying every system that touches customer data, risk calculations, or compliance reporting. Each of those systems needs its own change management policy. The review maps where human approval is currently absent and which gaps carry the most examination exposure.
FDIC examiners expect banks to maintain oversight even when delivery is handled by a third-party vendor. That means your azure consulting services partner needs to understand your compliance obligations, not just your technical architecture.
An azure infrastructure assessment documents the current state of on-premise systems before any migration begins, identifies what controls exist, and defines what controls need to be rebuilt in Azure. Skipping this step is the single most common reason compliance gaps appear after migration.
A thorough assessment for a mid-size bank with 10-30 workloads takes 2-3 weeks. It produces a risk-ranked system inventory, a compliance gap analysis, and a proposed governance model for the target Azure environment.
Azure app modernization is where the HITL governance conversation gets complicated. Legacy banking systems, some still running COBOL on mainframes, were not designed for modern deployment pipelines. Modernizing them means building delivery processes from scratch, which is an opportunity: you can embed HITL checkpoints from day one rather than retrofitting them years later.
The location of human approval gates depends on your delivery methodology. Most banking clients use some form of agile delivery with two-week sprints. HITL governance maps onto that cadence without requiring a methodology change.
Sprint governance for banks means adding two formal approval moments to each two-week cycle. At sprint start, the business owner confirms the planned work aligns with current risk tolerance. At sprint end, before any changes are promoted to production, a compliance representative reviews and signs off. The sprint start review typically takes 30 minutes. The end review takes 45-60 minutes and doubles as a demo for the compliance team.
We cover this model in sprint governance: where human checkpoints fit in agile delivery.
Azure DevOps consulting services handle the technical implementation of HITL gates. For regulated banking clients, we typically configure:
The automated checks do not replace the human reviewer. They eliminate low-signal noise so the reviewer focuses on what actually needs a judgment call.
For banks currently running on-premise infrastructure, hitl governance banking has an added dimension. Banks that need to migrate on premise to azure are actually in a better position than they might realize: a migration project gives you a defined window to build governance into the delivery pipeline from the start rather than grafting it on later.
Azure cloud migration services for banks should always begin with a governance design phase. If you skip that phase, you will spend 12-18 months post-migration retrofitting controls that OCC or FDIC examiners expect to find in place from day one.
The five phases of Azure migration for banking environments are: Assess, Design (including governance architecture), Migrate, Validate (with HITL review gates at each stage), and Operate. Human approval is required at the transition between each phase, not just at the end. Azure cloud migration for a mid-size bank typically costs between $150,000 and $800,000 depending on the number of workloads and whether systems are being lifted and shifted or fully modernized.
An azure landing zone implementation for a bank establishes the foundational guardrails before any workloads migrate. This includes network segmentation, identity and access management policies, audit logging configuration, and Azure Policy definitions. Without a proper landing zone, every subsequent migration inherits whatever compliance gaps existed in the source environment.
For a structural explanation of how landing zones work, see Azure landing zones explained for mid-size companies. For banking specifically, the landing zone is where you configure the policy definitions that enforce HITL gates across all subscriptions, so no workload can deploy without passing through the documented approval process.
Lift and shift to azure moves a system to the cloud with minimal changes. It is faster and typically 30-40% less expensive in project cost than a full rewrite. The compliance problem is that lifting and shifting also preserves the governance gaps. If the on-premise system had no formal change approval process, the cloud version inherits that too.
Full modernization takes 6-18 months for a major banking system, but it is the only path that lets you build HITL governance into the deployment process from the start. The honest answer is that most banks need both: lift and shift for low-risk, stable systems; modernize for anything touching risk models, fraud detection, or customer financial data.
A hybrid cloud azure setup is the operational reality for most mid-size banks. Core banking systems stay on-premise for another 3-7 years while newer capabilities are built natively in Azure. HITL governance has to work across both environments. That means your approval pipeline cannot be Azure DevOps-centric only. It needs to handle deployments to on-premise systems with the same documentation and approval requirements, which typically means integrating Azure DevOps with your existing ITSM tooling (ServiceNow or Jira).
Power platform governance is a separate but related challenge for banking clients. Power Platform tools, particularly Power Automate and Power Apps, have spread inside banks because they let business users build automations without waiting in IT queues. The compliance problem is that those automations can touch sensitive systems, process customer data, or affect financial calculations, all without going through formal change review.
A power platform development company working in a regulated banking environment needs to understand this regulatory dimension. The default Power Platform model, where any licensed user can build and publish a flow to production, is not compatible with OCC or FDIC expectations around change management.
Power BI consulting services face a similar issue in banking: reports that pull sensitive financial data need governance controls on the report publishing process, not just on the underlying database permissions.
Power automate consulting for banks starts with an inventory of what already exists. In our experience, a mid-size bank with 500+ employees typically has 200-400 active Power Automate flows, and fewer than 20% have gone through any formal review. The flows connecting to core banking APIs or processing customer data are the priority for governance remediation.
Governance here means applying the same HITL checkpoint model used in the rest of the delivery pipeline: named reviewer, documented approval, and a change management record before any flow goes live in production. Power platform governance for SMBs: stop technical debt early covers how to structure this remediation without disrupting the business teams that built those flows.
Power apps development services for banking clients require careful attention to data access controls. Every Power App connecting to a sensitive data source needs a review for appropriate access permissions, data residency compliance (critical for banks subject to state or federal data localization rules), and auditability before publication. The review should happen before the app goes live, not six months after deployment when an examiner starts asking questions.
An azure security assessment is the technical foundation of any HITL governance program in banking. It identifies what systems are exposed, what controls exist, and where human review is absent. Across banking engagements, we consistently find three categories of problems: overly permissive service principal permissions, missing or optional approval gates on production pipelines, and inconsistent logging that makes audit reconstruction difficult.
An azure managed services provider running your Azure environment can monitor continuously for configuration drift and flag changes that bypass approval gates. This is ongoing oversight, not a one-time check. The NIST Cybersecurity Framework recommends this continuous monitoring model, and FDIC examiners look for evidence that it is in place.
Azure cost optimization consulting often runs in parallel with security assessments for banking clients. Properly enforced governance controls, particularly conditional access policies and Azure Policy enforcement, eliminate the sprawl of unauthorized shadow IT resources that drive up Azure spending. We have seen banks reduce Azure spending by 15-25% simply by technically enforcing the governance controls they already had on paper.
FDIC examiners use the FFIEC IT Examination Handbook as their primary framework. The Information Security booklet requires banks to document their change management processes and demonstrate that unauthorized changes cannot reach production systems. An azure security assessment maps directly to these requirements by identifying where unauthorized changes are possible and recommending the HITL policy changes that close those gaps.
As a microsoft azure consulting company serving financial institutions across 500+ projects since 2014, we see the same governance failures repeatedly.
Approval gates that are optional. In Azure DevOps, a gate that reviewers can bypass for urgent fixes is not a compliant control. Regulators will find those bypass events in the audit logs.
Reviews that go undocumented. Verbal approval from a senior engineer does not satisfy an OCC examiner. The review must be recorded with the reviewer's identity, the artifact reviewed, and a timestamp.
Governance that covers code but not configuration. A bank may have rigorous code review but push Terraform changes or Power Platform flows without any review. Infrastructure-as-code changes can be just as consequential as application code.
An audit trail that can be edited. If approval records can be modified after the fact, they do not meet the evidentiary requirements for examination. Append-only logging systems are the correct solution.
Auditing your current process takes about a week for a typical mid-size bank. Pull the last 90 days of production deployment records. For each deployment, ask: is there a named approver? Is there a timestamp? Is there documentation of what was reviewed? If any of those three elements are missing for more than 10% of deployments, you have a material gap worth addressing before your next OCC or FDIC examination.
HITL governance banking is how OCC and FDIC compliance expectations translate into day-to-day software delivery. Every pipeline gate, every named reviewer, every immutable approval record is a direct and verifiable answer to the questions examiners ask during a technology examination.
Azure consulting services, delivered by an experienced azure migration partner, provide the technical infrastructure to enforce these checkpoints at the platform level. Power platform governance extends that coverage to business-user automations that frequently operate outside traditional IT change management. Together, they create a delivery environment where human approval is not just written policy; it is the only way the pipeline moves forward.
QServices has completed 500+ Azure and Microsoft platform projects since 2014, including governance engagements for banks operating under OCC and FDIC supervision. If your current delivery process cannot answer "who approved this and when" for every production change, that gap is worth closing before your next examination. An azure infrastructure assessment or governance readiness review gives you a clear picture of your material exposures within two weeks.
Written by Rohit Dabra
Co-Founder and CTO, QServices IT Solutions Pvt Ltd
Rohit Dabra is the Co-Founder and Chief Technology Officer at QServices, a software development company focused on building practical digital solutions for businesses. At QServices, Rohit works closely with startups and growing businesses to design and develop web platforms, mobile applications, and scalable cloud systems. He is particularly interested in automation and artificial intelligence, building systems that automate routine tasks for teams and organizations.
Talk to Our ExpertsAzure cloud migration for a mid-size bank typically costs between $150,000 and $800,000, depending on the number of workloads, whether systems are being lifted and shifted or fully modernized, and the complexity of the existing on-premise environment. Banks under OCC or FDIC supervision also need to budget for governance implementation, including HITL approval gate configuration, compliance logging, and audit trail infrastructure, which typically adds 15-20% to the base migration cost. For a detailed breakdown by scenario, see our guide on how much Azure cloud migration actually costs.
For banks under OCC or FDIC supervision, the best approach begins with an azure infrastructure assessment that maps current systems and identifies compliance requirements before any migration work begins. Most banks use a hybrid strategy: lift and shift for stable, low-risk systems, and full modernization for anything touching risk models, fraud detection, or customer financial data. A governance design phase, including azure landing zone implementation and HITL checkpoint configuration, should precede all migration work. Skipping this phase is the most common reason compliance gaps appear after migration.
A lift-and-shift migration of a single banking workload typically takes 4-12 weeks from assessment to production. Full modernization of a core banking system can take 6-18 months. Banks should plan for an additional 2-3 weeks at the start for governance and compliance design, including azure landing zone implementation and HITL approval gate configuration. The governance design phase is not optional for regulated institutions, it is what makes the rest of the migration defensible during examination.
An Azure landing zone is a pre-configured, policy-enforced Azure environment that establishes security, networking, identity, and governance controls before any workloads are deployed. For banks, the landing zone is where HITL governance controls are configured at the platform level, so every workload operating in that environment automatically operates under the bank’s documented change management policies. It is the compliance foundation that all subsequent migration and modernization work builds on.
An azure managed services provider monitors your Azure environment continuously for configuration drift, unauthorized changes, and policy violations. For banking specifically, they alert on any changes that bypass HITL approval gates, maintain audit logs in an immutable format that satisfies OCC and FDIC examination requirements, and handle the operational work of keeping security controls current as Azure services evolve. This is ongoing oversight, not a one-time engagement, and it is the model that FDIC examiners expect to see documented.
The primary risks for banks migrating to Azure include compliance gaps if governance controls are not configured before migration begins, data residency issues if workloads deploy to the wrong Azure region, identity and access management vulnerabilities from misconfigured service principal permissions, and audit trail gaps from inconsistent logging. An azure security assessment before migration identifies these risks in advance and produces a remediation plan tied to specific OCC or FDIC examination requirements.
Look for a partner that understands both the Microsoft Azure platform and banking regulatory frameworks including OCC, FDIC, and FFIEC requirements. Ask specifically whether they have experience configuring HITL approval gates in Azure DevOps for regulated environments, whether they have completed azure architecture reviews for financial institutions, and whether they can map their technical recommendations to specific examination criteria. QServices has completed 500+ Azure and Microsoft platform projects since 2014, including compliance and governance engagements for banks under OCC and FDIC supervision.
HITL governance banking is no longer a best practice option for financial institutions under OCC and FDIC supervision. When examiners
Azure landing zone implementation is the foundation every mid-size company needs before moving workloads to Microsoft's cloud. Without it, teams
The dynamics 365 vs salesforce debate comes up in almost every mid-market CRM evaluation. Both platforms have matured significantly, and
Digital transformation failure is the most expensive problem enterprise leadership refuses to name directly. According to McKinsey, 70% of digital
Azure cloud migration cost is the first number every CFO asks for before a project kicks off, and the answer
Human in the loop ai governance is the practice of embedding mandatory human checkpoints into AI-assisted software delivery, so no
Earning Global Recognition: A Testament to Quality Work and Client Satisfaction. Our Business Thrives on Customer Partnership
