The Financial Stability Board (FSB) is urging financial firms to implement stricter controls over agentic AI as these autonomous systems move deeper into financial services. Published on June 10, a new consultation report outlines 12 proposed practices to manage the risks of AI that can plan, reason, and execute tasks independently, warning that unchecked automation could trigger operational or cyber failures at high speed.
The push for governance comes as adoption accelerates. The Cambridge Centre for Alternative Finance's 2026 Global AI in Financial Services Report found that 52% of surveyed industry respondents are already actively adopting agentic AI. Firms are deploying these systems across anti-money laundering checks, credit risk, fraud detection, and portfolio management, making AI for Finance governance a critical operational priority.
The risks of independent action
The FSB's primary concern is what happens when AI can act rather than merely advise. The report warns that the high autonomy of these systems can create or amplify risks that "can materialise at great speed," including unauthorized actions, erroneous decisions, and data breaches.
Connected systems magnify this threat. To execute complex tasks, AI agents integrate with application programming interfaces, databases, and other software. If an agent malfunctions, those links can turn a localized failure into a wider operational or cyber incident.
Human oversight also breaks down as these systems scale. The report says monitoring agent decisions in real time is impractical. It adds that an agent "can take hundreds of intermediate steps toward a goal, creating points where errors may occur before staff can intervene."
Managing AI agents as synthetic employees
The proposed controls focus on boundaries, identity, and accountability. The FSB advises financial institutions to explicitly define prohibited actions, assign unique identifiers to AI agents, and restrict external access until firms can verify safe operation.
For financial transactions, the guidance is more stringent. Firms should implement human approval or dual authorization above certain thresholds, restrict direct access to payment systems, and maintain strict audit trails for all agent transactions.
The report also suggests adapting human resources controls to treat these systems as synthetic employees. Because boards and senior management are encouraged to reference these practices for risk management, this focus on identity and responsibility supports the training frameworks found in the AI Learning Path for CFOs.
Non-binding guidance with global echoes
The FSB clarified in a press release that the toolkit is not intended to establish a binding international standard or dictate specific technology choices. Instead, it strongly encourages boards and senior management to reference the practices when evaluating business strategy and risk management.
This financial warning mirrors broader government guidance. In May, the Australian Cyber Security Centre, alongside CISA and the NSA, warned that agentic AI systems can operate without continuous human intervention. Those agencies recommended organizations avoid granting broad access to sensitive data or critical systems.
Security vendors are adopting similar frameworks. Critical Start, for example, markets its CORR platform around human-validated investigations and complete audit trails, ensuring every AI-generated finding is checked by a certified analyst before action is taken.
Why this matters for finance professionals
The immediate control question for finance teams is no longer whether AI can improve efficiency, but whether the firm can prove what an agent was allowed to do. You must be able to demonstrate exactly what data an AI accessed, where human approval was required, the specific actions it took, and the audit record that remains for review.
Your membership also unlocks:
