.svg)
State Street's CIO Outilnes What It Takes To Scale AI Amid Rising Geopolitical Pressure
State Street's CIO for International, Risk, Governance and Transformation, on how geopolitics, data sovereignty, and risk determine whether AI can scale across global enterprises.
Key Points
Geopolitical tension and fragmented regulations force CIOs to manage data location, access, and client trust as a core leadership challenge, not a technical task.
Pinar Kip Williamson, CIO for International, Risk, Governance and Transformation at State Street, explained how visibility, resilience, and a highest common denominator approach help organizations operate across conflicting regional demands.
By strengthening data foundations, modernizing infrastructure, and rethinking how value is measured, firms create the conditions needed to deploy AI responsibly and at scale.
The job of the Chief Information Officer has changed. It's expanding beyond managing technology to navigating the often conflicting demands of global clients. As geopolitical tensions rise, firms are fielding more pointed questions about where their data is stored, who can access it, and under what conditions, prompting many technology leaders to rethink their global strategies. And with the rise of AI, data sovereignty is now the price of admission for deploying the technology responsibly and at scale.
Pinar Kip Williamson is the Chief Information Officer for International, Risk, Governance and Transformation at State Street. With more than two decades of experience leading teams across 25 countries, she brings an MIT engineering background and a Harvard MBA to the role. She has also served as a Board Director at The Depository Trust & Clearing Corporation, working closely with the systemic risks and structural shifts shaping global finance. That perspective shapes how she thinks about data visibility, resilience, and AI readiness in an increasingly fragmented global environment.
"Specific geopolitical concerns will change over time. What matters more is that CIOs have the visibility, resilience, and agility to respond, because that matters more than any individual country, strategy, or cloud provider," said Williamson. For CIOs, intensifying client scrutiny means that data visibility is no longer a technical detail but a core leadership responsibility. That change often places them in the middle of diverging expectations between regions like the U.S. and Europe, where priorities are turning toward digital sovereignty and local control. Answering these questions requires a deep understanding of where data resides for each transaction and a foundational commitment to platform security and client trust.
Highest common denominator: Rather than reacting to each jurisdiction in isolation, Williamson focuses on raising standards across the organization. "We try to take a perspective of not doing what we have to do in every location, but really where possible, raise the bar to the highest common denominator that we need to drive," she said. That approach allows the firm to remain globally connected while still respecting local constraints. "We have always thought through how to be as globally connected as possible," she added, "but at the same time having the ability to corner things off where needed."
Differing interests: As geopolitical tensions rise, that balancing act has become more complex. "It's become more complicated in the last couple of years because we're getting a lot more questions from different clients," Williamson said. Those questions diverge sharply by region. "From a US perspective for example, there have been a lot of questions about data access in certain regions and jurisdictions," she explained. "But if you’re in Europe, clients are asking different questions entirely." The result is a CIO role increasingly defined by navigating competing expectations around data access, location, and regulatory exposure across markets.
That regulatory pressure, underscored by regulations like Europe's Digital Operational Resilience Act, is driving a move toward end-to-end resilience testing that extends far beyond internal playbooks. The move acknowledges a widely understood problem: traditional risk models are complicated by hyperscale cloud providers, which are so embedded in the financial system that regulators are designating them as "critical" infrastructure. The change also expands the priority to preparing an organization’s entire data landscape, given that the entire data landscape is now needed to deploy AI at scale.
All hands on deck: "We started doing a lot more resiliency tests not just by ourselves but with our clients, with our sub-custodians, and with our third-party providers to really do it end-to-end, make it real, and learn from it to be ready," Williamson said. That same end-to-end lens now applies to data. "AI is different; it has to learn," she added. "Before, we focused on critical data, but now we are thinking about the full estate, where that data is, who can access it, and what needs to be on-prem in a very different way."
Guardrails for speed: This foundational work isn't just about protection; it's also the launchpad for pursuing AI opportunities. The ability to scale AI responsibly is often the direct result of years of disciplined work in optimizing processes and establishing clear ethical frameworks long before the generative AI boom. "Since we were doing a lot with machine learning and optical character recognition before generative AI became so powerful, we had already spent a lot of time creating our frameworks around responsible and ethical AI. Having that foundation with the right guardrails and a human in the loop is helping us move faster now."
With this secure infrastructure in place, the focus can move to creating value. From this perspective, the goal is to use AI to transform entire enterprise processes, fundamentally rethinking how core work gets done rather than just chasing simple productivity gains.
Connecting the dots: "We don’t want to just give each developer a co-pilot and see what happens. We are looking at the entire, end-to-end software development lifecycle, from generating user stories to developing, quality-checking, and testing the code." The same end-to-end thinking applies to core operations, where fragmentation still slows progress. "There are still so many handoffs and hops as a transaction goes through its life cycle through middle office, back office, and the accounting ledger. That’s another area where we are looking for AI to make the process smoother and faster," Williamson said.
Learn, don't fail: That focus on transformation is also guided by a new understanding of how to manage AI innovation, one that directly challenges the "fail fast" mantra that has dominated the tech industry for a decade. "With artificial intelligence, you don't want to fail fast; you want it to keep learning, because that is how the model improves," clarified Williamson.
Looking ahead, Williamson’s focus is on finishing the work many organizations have already started. Simplifying legacy systems, modernizing infrastructure, and bringing clarity to data are not new ideas, but they increasingly determine whether AI delivers anything meaningful at scale. Measuring value also needs to evolve, with attention paid not just to short-term ROI, but to operational gains like faster onboarding, smoother execution, and the capacity to deliver more change with the same teams. In a climate shaped by regulatory pressure and geopolitical uncertainty, those fundamentals shape both resilience and progress.
"I think all CIOs are thinking through how to invest in the right places and how to be in that 10% or 20% of companies that actually see sustained productivity gains from AI," Williamson concluded. "Getting those foundations right is critically important to make sure we can get the best out of our investments going into next year."
