AI governance in banking

Banks and regulators are moving from debating whether to use artificial intelligence to deciding what those systems are allowed to do. (risk.net, federalreserve.gov) On October 7, 2025, Reserve Bank of India Deputy Governor T. Rabi Sankar said artificial intelligence could widen financial access, improve fraud detection and cut back-office costs, but warned that finance has a “narrower” margin for error because it runs on trust and stability. (rbi.org.in) The Reserve Bank of India also published its FREE-AI committee report on August 13, 2025, laying out a framework for “responsible and ethical” artificial intelligence in finance after consultations with industry and other stakeholders. (rbi.org.in) That shift reflects how banking uses artificial intelligence in practice. Banks already use machine learning for credit decisions, fraud monitoring and customer service, and newer generative systems can draft text, answer questions and trigger actions across several systems at once. (federalreserve.gov, deloitte.com) The governance problem is changing with the technology. A credit model can be tested against historical outcomes, but a general-purpose chatbot or software agent can produce many different outputs and connect to outside tools, which makes the old model-validation playbook less complete. (risk.net, bis.org) Supervisors are converging on the same list of worries: bias in lending or pricing, weak data controls, hallucinated outputs, dependence on outside vendors and new cyber risks such as deepfake-enabled fraud. (rbi.org.in, federalreserve.gov, bis.org) In the European Union, the regulatory line is already sharper. The European Banking Authority said use of artificial intelligence to evaluate a person’s creditworthiness or credit score is classified as “high-risk” under the Artificial Intelligence Act and carries extra safeguards. (eba.europa.eu) United States regulators have taken a similar tone without a single new bank-specific artificial intelligence rule. Federal Reserve Vice Chair for Supervision Michael Barr said on April 4, 2025 that banks appear to be moving cautiously on generative artificial intelligence because of the technology’s limits, bank structures and the regulated environment. (federalreserve.gov) The practical response inside banks is to put limits around capability: what data a system can see, which tasks it can execute, when a human must approve an action and how every prompt, output and override is logged. The Bank for International Settlements said artificial intelligence governance needs to cover data security, confidentiality, model risks and reputational risks across critical functions. (bis.org, bis.org) That leaves compliance teams writing rules for tools that keep changing. The argument running through central-bank speeches, supervisory papers and bank risk commentary is no longer about banning artificial intelligence in banking; it is about keeping faster systems inside slower, auditable boundaries. (rbi.org.in, bis.org, federalreserve.gov)