US bank regulators increase scrutiny of AI use in financial firms

U.S. banking regulators are significantly increasing their oversight of how financial institutions are implementing artificial intelligence, according to individuals familiar with the matter. This heightened scrutiny comes as AI adoption accelerates across the financial services sector, introducing new cybersecurity and fraud risks.

The Office of the Comptroller of the Currency (OCC) and the Federal Reserve are actively questioning banks during routine examinations about their AI strategies, particularly in high-risk areas like lending, know-your-customer processes, and sanctions screening. Supervisors are seeking detailed information on data governance, the use of third-party vendors, client data protection, and the existence of critical controls such as "kill switches."

Discussions around AI are now a standard part of bank examinations, conducted through both written and verbal communications. While regulators are not yet issuing prescriptive rules, their primary aim is to deepen their understanding of AI deployment. They are examining how banks manage risks associated with evolving systems, including those from companies like Anthropic, and how they are prepared for potential cybersecurity threats.

Instead of creating new AI-specific regulations, agencies are leveraging existing frameworks, including model risk management, third-party oversight, and consumer protection laws. A key concern is ensuring AI systems do not exceed their intended functions or access unauthorized data, which could compromise privacy and compliance. Regulators are also probing vendor risk management, requiring banks to ensure third-party providers and their subcontractors meet stringent governance and security standards, and to have contingency plans in place.

However, the rapid pace of AI development presents a challenge for regulators, who may find their guidance quickly outdated. Consequently, authorities are expected to rely on broad, principles-based supervision for the time being. Federal Reserve Vice Chair for Supervision Michelle Bowman acknowledged the need to assess whether current supervisory guidance remains adequate for the future of AI in banking.