US regulators intensify AI scrutiny in banking sector
Supervisors are leveraging existing risk frameworks to probe governance controls, third-party vendor risks, and data access limits as artificial intelligence adoption accelerates across financial institutions.
U.S. banking regulators are significantly ramping up oversight of how financial institutions deploy artificial intelligence, pressing lenders to provide granular details on their algorithmic usage in high-risk areas. The Office of the Comptroller of the Currency and the Federal Reserve have integrated these inquiries into routine bank examinations, requiring firms to map out their AI applications in lending, customer verification, and sanctions screening.
Supervisors are actively assessing governance frameworks, data access controls, and the robustness of safeguards such as kill switches and human oversight mechanisms. The approach relies on existing risk-management structures rather than introducing new prescriptive rules, aiming to gather comprehensive industry data before determining if formal regulatory action is necessary. This strategy allows authorities to understand current practices amidst rapid technological advancement and associated cybersecurity concerns.
A central focus of the scrutiny is whether AI tools can access or infer data beyond authorised limits, raising significant concerns regarding privacy, confidentiality, and compliance. Regulators are probing how banks manage third-party vendor risks, questioning whether external providers and their subcontractors meet the same governance and security standards as the banks themselves. Authorities are also examining exit strategies in the event of safety breaches within vendor systems.
The regulatory push extends to evaluating how financial firms are preparing for cybersecurity risks posed by fast-evolving systems, including Anthropic’s frontier AI model, Mythos. Cybersecurity experts note that such systems pose significant challenges to the banking industry’s legacy technology due to their potential to exploit vulnerabilities. The U.S. Treasury and regulators are simultaneously examining how prepared firms are to tackle these emerging threats.
Federal Reserve Vice Chair for Supervision Michelle Bowman highlighted the tension between rapid innovation and regulatory stability in May, noting that while existing supervisory tools support sound governance, agencies must assess if guidance is fit for the future. The OCC, Federal Reserve, and Federal Deposit Insurance Corporation have planned a formal request for information on banks’ use of AI, including generative and agentic systems, to help agencies gather input before deciding on future actions.
