U.S. banking regulators are significantly escalating their scrutiny of how lenders deploy artificial intelligence, as the rapidly evolving technology sweeps across the financial industry. This intensified oversight by agencies like the Office of the Comptroller of the Currency (OCC) and the Federal Reserve is prompted by AI’s accelerated adoption in complex functions such as credit underwriting and regulatory monitoring, exposing the sector to heightened cybersecurity and fraud risks. Regulators are primarily focused on deepening their understanding of AI deployment.
During routine bank examinations, supervisors are now routinely pressing firms on various critical aspects of their AI usage. This includes mapping out AI technology deployment in higher-risk areas such as lending, “know-your-customer” checks, and sanctions screening. Detailed questions address data access, governance controls, client data safeguarding, and the presence of “kill switches” for system shutdowns. Regulators are also probing human oversight, third-party risk management, subcontractor exposure, and contingency plans for potential failures.
A central concern for supervisors involves ensuring AI systems do not exceed intended functions or access unauthorised data, particularly given their capacity to extract and connect information. This raises significant risks around privacy, confidentiality, and compliance. Banks must demonstrate robust controls, including guardrails limiting model behaviour and data access, alongside clear authority for human intervention. The increasing reliance on third-party AI vendors is also a major focus; regulators question if providers meet stringent governance and security standards and if exit strategies for breaches exist. While AI’s rapid advancement challenges regulators, authorities are expected to rely on broad, principles-based supervision for now, as Federal Reserve Vice Chair Michelle Bowman recently highlighted.
