Certified Responsible, Operationally Disconnected

Taiwan's bank account freeze crisis last September had an overlooked prologue. Just one year earlier, Taishin Bank had been celebrated as Taiwan's first financial institution to earn a responsible AI designation — rigorous third-party testing, red-team methodology, alignment with AI governance principles. By September 2025, its anti-fraud AI had frozen hundreds of legitimate accounts without warning, with a self-reported accuracy rate that critics noted was statistically indistinguishable from a coin toss. The incident is not a story about bad AI. It is a story about what happens when organisations confuse AI security assurance with AI governance — and when legal and compliance treat "the digital transformation office handles everything AI" as a sufficient answer. Five questions every GC and compliance officer should be asking right now.