More than a third of U.S. bankers cannot say with confidence that they have kill switches for their AI models.
This is a finding of Wolters Kluwer's US Banking AI Risk and Governance Index for the first half of 2026, which surveyed 230 U.S. banking professionals across community, midsize and large institutions.
Asked in which area of AI-related risk their bank was least prepared, 72% of bankers chose model kill-switch protocols (34%) or regulatory reporting of AI failures (38%).
"Regulatory reporting and kill-switch protocols are not esoteric capabilities — they are the minimum viable requirements for managing an AI incident in a regulated environment," the report stated.
The bankers' notable admission comes at a time when many banks are deploying autonomous AI agents in software development, loan processing, loan underwriting, operations, customer service and other areas. When agentic AI is deployed rapidly without a kill switch, a lot could go wrong.
"Agentic AI changes the math completely," Sultan Meghji, CEO of technology consulting firm Frontier Foundry and former chief innovation officer at the Federal Deposit Insurance Corp., told American Banker. "A traditional model may make a bad prediction. An agent may take a bad action — and then take a thousand more in 20 seconds before anyone notices."
Meghji pointed to a glitch at high-frequency trading firm Knight Capital as a case study in runaway automation. In August 2012, during a software deployment, Knight accidentally reactivated a dormant program that was designed to perform market tests and lacked necessary safety throttles. The rogue algorithm executed millions of rapid-fire, mistaken trades (buying high and selling low). Within 45 minutes, the firm suffered a $440 million loss.
"Now imagine that failure mode in collections or credit decisioning, where the victims are consumers instead of market makers," Meghji said. "An agent misclassifying accounts and initiating collections actions at machine speed isn't a hypothetical — it's the obvious next headline."
But the worst case isn't one catastrophic moment, he said. "It's the quiet disaster: a drifting model making thousands of slightly-wrong, discriminatory or non-compliant decisions per day for months, invisible because nobody instrumented it."
This is not a kill-switch failure, but a monitoring failure, Meghji said. "It ends in consent orders, restitution and a referral to the Department of Justice, not just a bad news cycle."
The real challenge for banks is not just having a kill switch, according to Sumeet Chabria, CEO of consultancy Thoughtlinks and a former tech executive at Bank of America.
"It's having a rehearsed, governed playbook: who has the authority, what the trigger is, what the fallback is, and who notifies the regulator and the customer," Chabria told American Banker. "A kill switch you haven't tested in production isn't a control. The kill switch is the last line of defense. Good governance works upstream of it: enforcing AI's actions in the path so the wrong model or data is never touched in the first place, and documenting what the AI did so you can monitor it continuously."
When asked where agentic AI introduces the greatest risk due to automation without sufficient human-in-the-loop controls, survey respondents put lending and underwriting workflows (33%) and collections and recovery (30%) first and second.
The area of collections and recoveries comes with fewer consumer protections than other well-regulated areas such as credit underwriting, said Elaine Duffus, senior specialized consultant at Wolters Kluwer. In previous roles, she was chief compliance officer at Nationwide Financial and deputy chief compliance officer at M&T Bank.
"There's more opportunity to treat customers differently that are similarly situated, and they're at a bad time, they're already in distress because you're in collections or recovery," Duffus told American Banker.
"You've got third parties talking to your customer, and if it's an AI-generated message of some kind just coming on their machine, does the collections agency you contract with, for example, have an obligation to tell you when they're getting complaints or when they change that message?" Duffus said. "How much of a connection do you have with them, or is it set it and forget it, and you just are looking at what the outcomes are from that relationship and not looking so much … at how they're getting there?"
Duffus pointed out that the typical generative AI model "wants to give you an answer, and if it doesn't have one, it's probably going to create one," she said. "So it may modify some things that it does in its dealings with each customer, and it may be very small, but then it just scales over time into something that now the bank's concerned, because now something odd is happening within this process, or something bad for the customer."
Why not kill switches?
Kill switches for AI models and model failure reporting both seem like unavoidable essentials for heavily regulated banks.
"Overall, the sense I got from the results was that banks are scaling AI much faster than they're building the governance, incident response, consumer protections and the whole architecture that they need to defend it," Duffus said.
Chabria also said deployment is outrunning governance by a wide margin. "And the gap is widest exactly where the consequences are highest," he said.
Automation bias — employees deferring to AI models instead of checking them — is the related human-side risk, Chabria said. "You can't train that away," he said. "Governance has to be designed into the system itself. The banks that can produce it on demand are the ones who'll scale AI into revenue-generating workflows. We're in the trust business in banking. Trust isn't claimed, it's proven. As processing shifts to AI, it has to be proven one transaction at a time."
Meghji views kill switches as table stakes, but also not enough.
"A kill switch is the smoke alarm, not the fire code," Meghji said. "If a bank is debating whether it can turn a model off, it has already lost control of that model. The real question isn't 'Can you kill it?" — it's 'Would you know when to?' Most institutions deploying AI today have no trip wires defining what abnormal behavior even looks like, so the switch would never get pulled until the damage was done."
In banking, the kill switch itself can be a risk, Meghji pointed out. "If your AI is mid-stream in payments, fraud screening or collections, yanking it offline without a fallback is its own operational incident. A mature program has graduated controls: throttle, constrain, human-in-the-loop, then full stop — never a single red button."
What banks can do
Regulators have said every bank needs to appoint a human to be responsible if something goes wrong with an AI model it's deployed, and have the ability to step in and stop it or redirect it, Duffus said.
The Office of the Comptroller of the Currency came out with revised model guidance for banks in April, but the guidance does not apply to generative and agentic AI models because they are "novel and rapidly evolving."
Duffus recommends banks check out the
Banks that deploy AI models need to have strong contractual clauses ensuring that the vendor will provide clarity about what the model does and how, and will tell the bank when an incident occurs, Duffus said. Banks need to pressure their vendors to provide kill switches and regulatory reporting of failures.
Banks need to see the models and the data those models are being fed, Duffus said, "so that it has those responses that we've all agreed are OK." Synthetic data used to train AI models can be biased or incorrect, she noted.
Some vendor contracts "have to be completely redone or amended to reflect the new myriad risks that are presented," she said.
