AI governance warning

Banks are starting to give artificial intelligence systems authority to move work and money, while U.S. model-risk guidance now says generative and agentic AI are outside its scope. (federalreserve.gov, forbes.com) On April 17, the Federal Reserve, Office of the Comptroller of the Currency, and Federal Deposit Insurance Corporation issued revised model risk guidance, the first major update since 2011. The attachment says “Generative AI and agentic AI models are novel and rapidly evolving” and “are not within the scope of this guidance.” (federalreserve.gov, federalreserve.gov, occ.gov) “Agentic” AI means software that does more than draft text: it can choose steps, interact with other systems, and carry out multi-step tasks toward a goal. That is different from the statistical models SR 11-7 was built around, which assumed fixed logic, stable outputs, and review before deployment. (forbes.com, federalreserve.gov) Banks are already moving past pilots. CNBC reported on February 6 that Goldman Sachs was building Claude-based autonomous agents for trade accounting and client vetting and onboarding, and Lloyds Banking Group said on January 29 that it expects more than £100 million in 2026 value from scaling generative and agentic AI after about £50 million in 2025. (cnbc.com, lloydsbankinggroup.com) Regulators have been talking publicly about AI in banking, but much of that discussion has centered on governance, partnerships, and longer-run safety. In an April 4, 2025 speech, Federal Reserve Governor Michael Barr said banks, fintechs, and regulators all have a role in making sure AI risks are managed as adoption accelerates. (federalreserve.gov) At the same time, securities and banking officials have been hearing that AI is already changing fraud. In prepared remarks to the Securities and Exchange Commission’s Investor Advisory Committee on March 6, 2025, KnowBe4 strategist Perry Carpenter said AI is making scams more scalable and convincing, citing a 2024 Hong Kong case in which a worker sent $25 million after a deepfake video call. (sec.gov) That puts pressure on the parts of finance where identity checks and money movement meet. FINRA’s 2026 oversight report says existing securities rules still apply when firms use generative AI, including supervision, recordkeeping, communications, and fair dealing, and says firms should assess model integrity, reliability, accuracy, and cybersecurity before deployment. (finra.org) Older customers are one focus of that fraud-control push. On December 4, 2024, the Federal Reserve, Consumer Financial Protection Bureau, FDIC, National Credit Union Administration, OCC, Financial Crimes Enforcement Network, and state regulators issued a joint statement on elder financial exploitation that pointed banks to transaction holds, disbursement delays, trusted contacts, monitoring, and staff training. (fdic.gov) The gap is not that banks lack any rules at all; it is that the newest systems can act in ways older control frameworks were not written to test. As firms hand AI more authority over onboarding, compliance, and transaction workflows, the next argument will be over whether existing supervision can stretch fast enough to cover software that changes its behavior while it works. (federalreserve.gov, finra.org, forbes.com)