U.S. banking regulators are increasing scrutiny of how financial institutions deploy artificial intelligence, according to people familiar with the situation. The Office of the Comptroller of the Currency and the Federal Reserve are now pressing firms to detail their AI governance, data access controls, and third-party vendor risks during routine examinations.
Existing frameworks guide current oversight
Regulators are not yet issuing new rules tailored specifically to artificial intelligence. Instead, supervisors are leaning on established model risk management, third-party risk oversight, and consumer protection laws to evaluate emerging technology. The Government Accountability Office noted last year that agencies are actively assessing these risks, and the OCC, Fed, and FDIC plan to issue a formal request for information on banks' use of generative and agentic systems. This request will help agencies gather input before deciding whether to draft prescriptive regulations.
Focus on guardrails and vendor risk
Examiners are asking detailed questions about how banks safeguard client data and prevent models from accessing information beyond authorized limits. Lenders must demonstrate they have guardrails, human oversight, and contingency plans like kill switches to shut down systems if necessary. A major area of scrutiny involves third-party vendors, as banks increasingly rely on external providers for AI tools. Regulators want to know how firms ensure these vendors and their subcontractors meet the same security standards, and whether banks have exit strategies in the event of a safety breach.
Pace of innovation challenges rulemaking
The speed of technological advancement is proving difficult for regulators to match. Sources indicate that AI is advancing at a pace that exceeds the traditional cycle of regulatory learning and rulemaking, raising concerns that formal guidance could quickly become outdated. Consequently, authorities are expected to rely on broad, principles-based supervision for the time being. Federal Reserve Vice Chair for Supervision Michelle Bowman addressed this in May, stating, "Today, banks are relying on existing risk-management frameworks to guide their use of AI. While these supervisory tools are intended to support banks in applying sound governance and risk management, we should assess whether our supervisory guidance is fit for the future."
Why this matters for finance professionals
Financial leaders must proactively map their organization's AI usage, particularly in high-risk areas like credit underwriting and sanctions screening. Chief financial officers and risk managers should audit their third-party contracts to ensure clear data access limits and vendor exit strategies are in place. Professionals seeking to match their strategies with these regulatory expectations can explore targeted resources like an AI Learning Path for CFOs to strengthen their governance frameworks. Additionally, understanding the broader applications of AI for Finance will help teams anticipate how supervisory scrutiny will evolve across the sector.
Your membership also unlocks:
