The Financial Stability Board published a consultation report on June 10 outlining 12 sound practices for the responsible adoption of artificial intelligence by financial institutions. The report arrives as banks, insurers, and asset managers accelerate AI deployment, putting pressure on boards and senior management to govern new risks that existing frameworks were not designed to handle. Comments on the consultation are due by July 22, with a final report expected in October.
The FSB said the sound practices are not a new international standard and are not aimed at frontier AI models, though some of the guidance would help institutions respond to those risks. Instead, the document builds on work from the FSB and other standard-setting bodies to promote coordination among firms and supervisors across jurisdictions.
Governance starts in the boardroom
The first cluster of practices addresses organization-wide AI governance. The FSB wants boards to set strategic direction and maintain active oversight of AI adoption. That includes embedding AI risks into the institution's risk management framework and creating accountability structures that link executives to specific AI-related decisions. The report also highlights organizational adaptability - the ability to restructure teams, skills, and processes as AI capabilities change.
The FSB "strongly encouraged" boards and senior management to reference the practices when weighing business strategy, technology choices, and risk appetite. For management teams building or refining their AI governance, structured upskilling in AI for Executives & Strategy can help bridge the gap between policy documents and operational reality.
Managing the AI lifecycle
A second group of practices runs from model selection to decommissioning. Financial institutions are expected to conduct materiality and risk assessments before deploying a model, apply rigorous data governance, and deliver explainability and transparency appropriate to the model's impact. Performance management and human oversight remain mandatory throughout the model's life - not just at the approval stage.
These practices echo longstanding model risk management principles but extend them to AI-specific failings like drift, bias amplification, and opaque decision logic. The consultation makes clear that automation does not dilute accountability; a human must still be answerable for outcomes.
Third-party and cyber risks
The FSB zeroes in on the risks that come from reliance on external AI providers. The report tells firms to manage third-party performance, demand transparency, verify data quality, and map supply chain concentration. Business continuity planning must account for a critical vendor's AI service going dark or delivering degraded results. Cyber and ICT risks that accompany AI - model theft, data poisoning, prompt injection - are also covered as part of a broader operational resilience posture.
Institutions with heavy dependence on a small number of AI vendors face a concentration risk that the FSB wants management to quantify and mitigate. That pressure will likely grow as regulators in multiple jurisdictions examine the same few technology partners across their supervised firms.
Why this matters for management
The consultation signals that AI governance is no longer a technical sidecar - it is becoming a board-level accountability item. Managers who treat the FSB's practices as an early compliance roadmap can shape their firm's AI adoption before final rules land. Waiting for a binding standard in a year or two means building processes retroactively, often at higher cost and with less organisational buy-in. The July 22 comment deadline gives management teams a short window to influence the final version, but the real work begins inside their own committees and risk reviews right now.
Your membership also unlocks: