- Key insight: All three of the largest core providers have now picked an AI partner. Fiserv went with OpenAI, FIS with Anthropic, and Jack Henry with Google. Together they run the core systems for more than 70% of U.S. depository institutions.
- Expert quote: Partnering with a core provider "is the most practical --- and often the only --- path forward for community banks seeking to responsibly leverage AI," the Independent Community Bankers of America told the OCC in January. The group does not want new AI rules, only "greater supervisory clarity."
- Supporting data: Core providers are buying AI defense because AI offense got this good: Anthropic's Mythos model turned up thousands of previously unknown, high-severity software flaws, more than 99% of which are still unpatched.
Overview bullets generated by AI with editorial review.
Jack Henry is buying AI from Google to defend the roughly 7,400 community banks and credit unions it serves. Federal banking regulators have not decided how to regulate such technology, and they have said so.
Jack Henry will use Google Cloud's agentic defense products to build a proprietary AI security platform, the company said in a
Jack Henry is also not the first core provider to buy AI; it's the last.
Fiserv built an operating system for AI agents with OpenAI, called agentOS, and
The three companies that run the most U.S. bank core systems now serve as an AI vendor to those banks, running on three different foundation models.
That reaches the vast majority of U.S. banks; the three largest core providers served more than 70% of U.S. depository institutions in 2022, and the largest served 42% by itself, according to a November
That request for information sought comments on community banks' relationships with their core providers and "other essential third-party service providers."
A spokesperson for Jack Henry was not immediately able to provide comment to American Banker. A spokesperson for Google did not immediately answer questions.
Agentic AI is software that takes actions on its own rather than just answering questions. Jack Henry is a core provider, meaning it runs the fundamental account and transaction systems on which its client banks depend.
The framework a banker would use to govern such software is model risk management, the practice of overseeing the models a bank leans on to make decisions. The three primary regulators jointly issued
However, the guidance explicitly does not cover generative or agentic AI. Its principles apply only "to traditional statistical and quantitative models and non-generative, non-agentic AI models."
"Generative AI and agentic AI models are novel and rapidly evolving," a footnote in the guidance reads. "As such, they are not within the scope of this guidance."
The same footnote that wrote agentic AI out of the guidance hands the problem back to the bank. A banking organization's "risk management and governance practices should guide the determination of appropriate governance and controls for any tools, processes, or systems not covered in this document," it says.
The agencies do intend model risk management to catch up. They "plan to issue in the near future a request for information" on the subject that considers banks' use of AI, including agentic AI, the OCC said in
They have not issued it. Meanwhile, there has been plenty of advice.
The Treasury Department published a
The Fed asked what should govern this. It hasn't answered.
Michelle Bowman, the Federal Reserve's vice chair for supervision, said the agencies purposefully carved AI out of the new model risk management framework.
Working with the other two agencies, the Fed "recently amended our model risk management guidance to clarify that it does not apply to generative or agentic AI," Bowman
Supervisors had stretched the old guidance "in unintended ways," she said, and novel technologies "may require a different approach."
In the same remarks, she asked the question the carve-out leaves open.
"How should we consider third-party risk-management expectations for vendor-provided AI tools or partnerships?" Bowman said. "What aspects of model risk management should apply to AI?"
What's clear: Banks bear responsibility for vendors' risks
The other rulebook in the AI security picture is third-party risk management, which are the rules for how banks should oversee their vendors. Those rules are blunt: Banks own their vendors' problems.
A bank's use of third parties "does not diminish or remove" its responsibility to operate safely and soundly, the three agencies said in
The same guidance warns that subcontracting creates risk "due to the absence of a direct relationship between the banking organization and the subcontractor."
That describes the deals between the core providers and the AI model vendors, including the newest one. The bank hires Jack Henry. Jack Henry hires Google. The bank owns the risk and has no contract with the company whose AI is doing the work.
What the 2023 guidance does not do is say how to supervise a system that acts on its own. It predates the technology.
"For too long, this guidance has been vague in its scope and application," Bowman said of those rules in the same remarks. The Fed is working to "update and simplify" them, she said.
She has not said since how a bank should govern its vendor's AI vendor. The closest the Financial Stability Board committee she chairs has come is
Jack Henry is examinable, but against what standard?
Jack Henry is not unsupervised, and the company says so itself.
Its operations "are governed by the same regulatory requirements as those imposed on financial institutions," Jack Henry said in the regulation section of its most recent
Its private cloud services, the filing says, are "subject to examination by" federal banking regulators "under the Bank Service Company Act."
That authority follows the service, which means building the platform on Google's cloud does not move it out of examiners' reach, even though Google itself is not the bank's service provider.
Services a core provider performs for a bank "are subject to regulation and examination by the agency to the same extent as if such services were being performed by a client bank itself on its own premises," the OCC said in its November request for information, citing the Bank Service Company Act.
Examiners can walk into Jack Henry and look at the platform, but the public record does not say what they would measure it against.
Supervisory guidance does not carry the force of law, but a footnote to the model risk guidance the bank regulators issued in April says supervisory action may result following "any violations of law or unsafe or unsound practices stemming from insufficient management of model risk."
So a bank can be cited for handling an agentic system badly, but regulators have not publicly told banks or core providers what it looks like to handle one well.
The rulebook is not aimed at the banks buying AI security
The banking regulators said in the April guidance that they expected it would prove "most relevant to banking organizations with over $30 billion in total assets," and generally leaving smaller banks out "is consistent with a tailored supervisory approach."
Jack Henry's customers are nowhere near that line. Its average core bank client held $1.29 billion in assets and its average core credit union client $1.20 billion, the company said in its annual report.
The guidance can still reach a smaller bank with "significant exposure to model risk because of the prevalence and complexity of their models or because of activities outside the scope of traditional community banking," the agencies wrote.
Large banks have model risk departments that have an interest in governing an agentic system whether or not a rulebook exists. Community banks don't have the staff to improvise on this, though, and that squeezes them toward vendors.
"We recognize that smaller banks may not have access to the same resources as their larger peers but still need to innovate and provide the latest technology to their customers," Bowman said in her May remarks.
The threat against which they are buying defenses is, by the regulators' telling, real. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell
Community banks were not in the room.
The model that prompted the meeting, Anthropic's Claude Mythos Preview, turned up thousands of previously unknown, high-severity software flaws, the company said in an
Jack Henry's platform does not appear to run on Mythos. The release last month names Google's own Gemini models and never mentions Anthropic.
But a community bank cannot staff a security team that keeps pace with a model finding flaws at that speed.
"Few, if any, community banks have the scale, specialized talent, or data resources necessary to develop AI solutions in-house," the Independent Community Bankers of America, or ICBA, wrote in a January
Partnering with core providers or other technology firms, the trade group said, "is the most practical --- and often the only --- path forward for community banks seeking to responsibly leverage AI."
Regulators say they want that path to work. Comptroller of the Currency Jonathan Gould, speaking at the American Bankers Association's Washington Summit in March,
Saying no to a core comes with its own problem. Community banks in the OCC's listening sessions "almost unanimously voiced concerns" about whether their core providers could, on time, deliver what the banks need to stay competitive, according to the agency's request for information.
The agency tied that worry to the crypto and stablecoin markets and to "changes to the banking industry that may accompany recent and ongoing developments in artificial intelligence."
The agency listed what community banks reported makes refusing hard: nondisclosure agreements that hide pricing and contract terms, bundled services, termination and conversion costs and limits on bringing in vendors that are not affiliated with the core.
Supervision itself pushes banks the same way, ICBA said in its comment letter. Because examiners scrutinize newer technology firms more closely, according to the group, an established core provider looks like the safest choice.
That dynamic "reinforces dependence on a small number of core service providers, reduces banks' negotiating leverage, and effectively makes some community banks captive to a single vendor," ICBA said.
Banks that wrote to the agency
ICBA is not asking for AI rules to fill the gap. Writing three months before the agencies carved agentic AI out of the model risk guidance, the group said community banks "do not believe that new, AI-specific regulations are necessary at this time."
They manage the risk primarily with the 2023 third-party guidance, ICBA said, which it called "intentionally scalable and risk-based." What community banks need, the group said, is "greater supervisory clarity and timely guidance on how existing expectations apply in the AI context."
What the announcement leaves out
Jack Henry left a few specifics unaddressed in its press release last month.
The company broadly described the platform as reinforcing security across its "entire operational environment," spanning Google Cloud, other cloud providers and on-premises equipment.
The company is also using AI "in a bold and balanced way," while "maintaining the strong security, governance, and human oversight required in financial services," Shanon McLachlan, Jack Henry's chief operating officer, said in the release.
A banker interested in risk management will want to know what an agentic system can do without a human approving it, such as whether it can isolate a machine, block traffic or shut off an account on its own authority.
The press release did not say whether Jack Henry's platform, built with Google Gemini, can do any of that.
It does not say whether the platform reaches into a bank's own network or stops at the core provider's edge. It gives no general-availability date, discloses no pricing, and does not say whether an institution can decline it or whether it comes bundled with the core contract.












