- Key insight: Regulators' decision to avoid discussion of generative and agentic AI does not remove banks' obligation to face up to their risks.
- What's at stake: Financial institutions are among the most heavily targeted by bad actors, and the pace of AI adoption in adversarial contexts has outrun traditional governance frameworks.
- Expert quote: "Generative AI and agentic AI models are novel and rapidly evolving. As such, they are not within the scope of this guidance. Nonetheless, a banking organization's risk management and governance practices should guide the determination of appropriate governance and controls for any tools, processes, or systems not covered in this document. However, the principles described in this guidance apply to traditional statistical and quantitative models and non-generative, non-agentic AI models." —SR 26-2
Somewhere in your institution, three things are happening right now. Someone is using a personal AI tool on their work laptop
On April 17, the Fed, OCC, and FDIC updated the framework every major bank uses to govern quantitative models, from credit underwriting to stress testing, capital calculations, and fraud detection, for the first time in 15 years.
SR 11-7, the replaced guidance, was designed to fight the risk of using bad models. The new guidance, SR 26-2,
Most of the commentary on SR 26-2 has interpreted regulators' decision to avoid discussion of generative and agentic AI as a sign that they are stepping back. The agencies excluded generative and agentic AI from formal model risk management scope not necessarily because governance does not apply for these tools, but because the technology is evolving too rapidly for any fixed framework to keep pace. More guidance is coming. In the meantime, the existing risk management expectations still apply, other regulations that govern what banks do with AI outputs haven't changed and auditors are still following the data chain wherever it leads. The footnote is not a reprieve. It is a challenge to adapt faster than the rules can be written. The language of
"Generative AI and agentic AI models are novel and rapidly evolving. As such, they are not within the scope of this guidance. Nonetheless, a banking organization's risk management and governance practices should guide the determination of appropriate governance and controls for any tools, processes, or systems not covered in this document. However, the principles described in this guidance apply to traditional statistical and quantitative models and non-generative, non-agentic AI models."
A letter released publicly from the Government Accountability Office on Monday underscored previously raised concerns about the Federal Deposit Insurance Corp.'s lack of "rotation" requirements for case managers on bank supervisory teams.
Institutions may need to reassess traditional governance approaches and consider how first-principles risk management frameworks apply in this context. SR 11-7 was written for a world of more static, rule-based models: A credit model takes defined inputs, applies a documented methodology and produces a quantitative estimate. That process can be validated before deployment because the model's behavior can be fully understood in advance. The fraud detection models, cybersecurity tools and generative AI systems transforming banking today are a different breed. Their pattern recognition adapts as the threat landscape evolves, and frontier models are updated by vendors continuously. These tools can also be applied to problems their developers never anticipated, which means the boundary between appropriate and inappropriate use is not fixed. Boundaries must be actively managed.
That's why practitioners working in model risk management will tell you plainly: Traditional pre-deployment validation is not just harder to apply to these tools; it's nearly impossible. You cannot fully validate a model whose behavior evolves after deployment, whose inputs shift with the threat environment and whose applications are determined by the ingenuity of the people using it. SR 26-2 is flexible not as a retreat by regulators, but as an honest acknowledgment of that reality.
Many banks have responded to this new technology by moving quickly to establish enterprise relationships with model providers. Those contracts provide architectural protections that matter, but a contract is only part of a risk management framework. That contract may protect the institution's data, but how the technology gets used is still a wide-open risk. Examiners and other stakeholders care about what happens to model outputs. How outputs shape decisions, reach customers and where they travel before they get there are key governance questions. Your auditors are already following one thread of that exposure: the data chain that runs from a generative AI tool through your credit models and straight into your reserves for current expected credit losses, or CECL. But the compliance playing field is broader than any single chain.
Governance must account for the risk created by model use, but cannot overlook the risk of forgoing models altogether. Take Mythos, developed by Anthropic. It can identify real software vulnerabilities at machine speed, a capability that simply did not exist when SR 11-7 was written. Adversarial actors are likely deploying equivalent tools against the banking system right now, without validation cycles and without waiting for regulatory permission. A financial institution that cannot deploy defensive AI tools because its validation framework was designed for a CECL model is not operating in a lower-risk environment. It is operating in a higher-risk environment with fewer tools.
Financial institutions are among the most heavily targeted by bad actors, and the pace of AI adoption in adversarial contexts has outrun traditional governance frameworks. This increasingly complex system requires flexibility and a multidisciplinary bench of experts who understand what the institution is holding, because one third-party failure has the potential to bring the whole system down. AI is moving faster than existing validation frameworks were designed to manage. The first principles of governance still apply: Know the risk, know where the output goes, know who is accountable. Adaptation remains the highest strategic virtue. Build your program around the risk, not the footnote. And find person three: the one who already knows the difference.
