US Bank Regulators Intensify AI Scrutiny as Financial Institutions Rapidly Deploy Technology

Exclusive: U.S. bank regulators ramp up scrutiny of AI use at financial companies

NEW YORK, June 12 (Reuters) - U.S. banking regulators are stepping up scrutiny of how lenders deploy artificial intelligence as the developing technology sweeps through the industry, pressing firms on everything from data access and governance controls to risks posed by third-party vendors, according to people familiar with the situation. Banks have rapidly adopted artificial intelligence in recent years, expanding its use from virtual assistants to more complex functions such as regulatory monitoring and credit underwriting, drawing closer attention from regulators. Regulators are stepping up scrutiny as the use of AI accelerates across financial services, exposing the sector to cybersecurity and fraud risks. For now, their approach is to keep a close watch, with the aim of deepening their understanding of how banks are deploying the technology. The Office of the Comptroller of the Currency and the Federal Reserve have in routine bank examinations begun asking banks to map out how they use AI technology in higher-risk areas such as lending, know-your-customer checks and sanctions screening, three sources familiar with the matter said. Supervisors are asking detailed questions about how banks use vendors, safeguard client data and whether they have controls such as "kill switches," the sources said. They are also probing governance frameworks, including guardrails and human oversight, third-party risk and vendor oversight, subcontractor exposure, and contingency ⁠plans in case of failures, the sources said. Conversation around the use of AI is part of every bank examination, one of the sources said. The discussions are taking place through both written and verbal channels. Regulators are not yet being prescriptive but are seeking to better understand how banks are using the technology, the sources said. The sources declined to be identified because the discussions are private. The OCC, which regulates U.S. banks, did not respond to a request for comment, while the Fed declined to comment. The U.S. banking regulators have publicly signaled closer scrutiny of lenders' use of artificial intelligence. Last year, the Government Accountability Office said, opens new tab that regulators had told it they are assessing AI risks for financial services. In April, opens new tab, the OCC said that it, the Fed and the Federal Deposit Insurance Corporation planned a formal request for information on banks' use of AI, including generative and agentic systems. Such a request does not impose new rules but helps agencies gather input before deciding whether to act. Regulators are trying to assess how banks are grappling with fast‑evolving systems such as Anthropic's frontier AI model Mythos. Cybersecurity experts say that system poses significant challenges to the banking industry and its legacy technology systems due to its potential for exploiting cyber vulnerabilities. The U.S. Treasury and regulators are also examining the cybersecurity risks the new artificial intelligence model raises and how prepared financial firms are to tackle them. SCRUTINY OF SYSTEMS For now, ⁠supervisors are focused on gathering information and assessing industry practices rather than restricting specific uses, sources said. Instead of issuing new rules tailored specifically to AI, the agencies are leaning on existing frameworks including model risk management, third-party risk oversight and consumer protection laws to assess how banks are managing the emerging technology, the sources said. A central concern for supervisors is ensuring that AI systems don't exceed what they are meant to do or access, the sources said. Regulators are probing whether tools can access or infer data beyond authorized limits, particularly as AI models are designed to extract and connect information across systems. That raises risks around privacy, confidentiality and compliance with rules, according to the sources. Lenders are being asked to show what controls they have in place, including ⁠guardrails that limit how models behave and what data they can access, they added. Supervisors are also focusing on human oversight and "kill switches" that allow firms to shut down systems if necessary, as well as clarity on who has authority to intervene, all three sources said. Another major area of scrutiny is vendor risk. As banks increasingly rely on third-party providers for AI tools, regulators are questioning how firms ensure those vendors and their own subcontractors meet the same governance and security standards as the banks themselves, the ⁠three sources said. Regulators are also asking if banks have exit strategies if there is a safety breach with the vendor's system, one of the sources said, a growing concern as the use of AI becomes more embedded in various bank systems. At the same time, the velocity at which AI is moving is proving to be challenging for regulators themselves. The three sources said the technology is advancing at a pace that far exceeds the traditional cycle of regulatory ⁠learning and rulemaking, raising concerns that formal guidance, when issued, could quickly become outdated. As a result, authorities are expected for now to rely on broad, principles-based supervision rather than prescriptive rules, but this could potentially change. "Today, banks are relying on existing risk-management frameworks to guide their use of AI," Federal Reserve Vice Chair for Supervision Michelle Bowman said in a speech in May. "While these supervisory tools are intended to support banks in applying sound governance and risk management, we should assess whether our supervisory guidance is fit for the future." Reporting by Nupur Anand in New York, additional reporting by Pete Schroeder, editing by Megan Davies and David Gaffen Our Standards: The Thomson Reuters Trust Principles., opens new tab * Suggested Topics: * Future of Money * Regulatory Oversight Nupur Anand Thomson Reuters Nupur Anand is a U.S. banking correspondent at Reuters in New York. She focuses on JPMorgan Chase, Wells Fargo and regional banks. Anand covered banking and finance in India for more than a decade, chronicling the collapse of major lenders and turmoil at digital banks and cryptocurrencies. She has a degree in English literature from Delhi University and a postgraduate diploma in journalism from the Indian Institute of Journalism & New Media in Bangalore. Anand is also an award-winning fiction writer.

Bank Regulators Probe Industry Use of AI | PYMNTS.com

Supervisors from the Office of the Comptroller of the Currency and the Federal Reserve are asking detailed questions about banks' controls, protections for client data, governance frameworks, third-party risk, vendor oversight, subcontractor exposure and contingency plans in case of failures related to AI, according to the report. Key areas of concern include whether AI systems can access or infer data beyond their authorized limits, whether banks can shut down the systems if necessary, and whether banks' vendors and the vendors' subcontractors meet the same governance and security standards as the banks, per the report. Reached by PYMNTS, the Federal Reserve declined to comment on the report. The OCC did not immediately reply to PYMNTS' request for comment. According to the Reuters report, the supervisors' questions are meant only to deepen the regulators' understanding of how banks are using AI. The report also highlighted public statements from federal agencies that suggested regulators are looking at banks' use of AI. The Government Accountability Office (GAO) said in May 2025 that regulators told it that they were conducting AI-focused examinations. "Federal financial regulators primarily oversee AI using existing laws, regulations, guidance and risk-based examinations," the GAO said in a report on the technology. "However, some regulators have issued AI-specific guidance, such as on AI use in lending, or conducted AI-focused examinations. Regulators told GAO they continue to assess AI risks and may refine guidance and update regulations to address emerging vulnerabilities." The OCC said in April that it, the Federal Reserve and the Federal Deposit Insurance Corp. (FDIC) "plan to issue in the near future a request for information that addresses model risk management generally and considers, in particular, banks' use of AI, including generative AI and agentic AI and AI-based models." PYMNTS reported June 2 that Nvidia found that nearly 90% of financial institutions are deploying or assessing AI and that 65% already use the technology. KPMG found that 70% of banking CEOs plan to allocate 10% to 20% of their budgets to AI in the coming year. For all PYMNTS AI coverage, subscribe to the daily AI Newsletter.