Playbook · United States · Financial services

AI governance for US banks & financial services:
a supervisor-ready roadmap

Fed/OCC model-risk expectations (SR 11-7, now SR 26-2), the NIST AI RMF and fair-lending law now define how US financial institutions build, deploy and prove their AI — and enterprise buyers ask for the evidence in every security review. Here is the 5-phase roadmap examiners and buyers inspect, and the runtime gap your existing stack cannot close.

SR 11-7 / SR 26-2 NIST AI RMF + GenAI Profile ECOA fair lending OWASP LLM Top 10 · MITRE ATLAS
The mandate

What US financial regulators and buyers now expect

There is no single US AI statute for finance. Instead, three bodies of expectation set the bar for any regulated institution building or deploying AI.

Model Risk Management

Fed / OCC / FDIC · supervisory

SR 11-7, updated by SR 26-2 (Apr 2026) into a risk-based, scalable framework. Credit, market and capital models stay in scope; GenAI/agentic guidance is coming via an RFI.

NIST AI RMF + GenAI Profile

US baseline · voluntary

Govern · Map · Measure · Manage. The de facto reference for examiners and buyers; the GenAI Profile adds 12 risks including prompt injection and data poisoning.

Consumer & data law

Enforceable · consumer protection

ECOA fair-lending & adverse-action, SEC disclosure ("AI-washing"), GLBA safeguards, and state ADMT rules (Colorado 2027, California).

Overlays that may apply: ISO/IEC 42001 (a rising vendor-review requirement) · EU AI Act if you serve the EU · OWASP LLM Top 10 & MITRE ATLAS for AI security · your state's own AI and privacy rules.
The through-line

What every US expectation converges on

Accountability sits with the institution, not the model
Risk-based, validated controls across the model lifecycle
Explainable decisions & human oversight
Documented, per-decision evidence
The roadmap

Five phases examiners & buyers will inspect

A supervisor-ready sequence that maps to NIST functions, SR 11-7 / SR 26-2 model-risk discipline and fair-lending obligations.

PHASE 0
Govern
Own the risk before AI ships
AI & model-risk policy · NIST GOVERN · SR 11-7/26-2 model inventory · roles & board oversight
PHASE 1
Build & Test
Prove it's safe & fair before it ships
Validation & red-teaming · OWASP LLM Top 10 & MITRE ATLAS · disparate-impact / fair-lending testing · NIST MAP/MEASURE
PHASE 2
Deploy & Enforce
Control what the AI can access & do
Access control & agent guardrails · human-in-the-loop · shadow-AI controls · GLBA safeguards · NIST MANAGE
PHASE 3
Monitor & Respond
See it, contain it, explain it
Ongoing monitoring & logging · model drift · adverse-action reasons · incident response & escalation
CONTINUOUS
Assure & Disclose
Answer examiners, buyers & the board
Audit-ready evidence · ISO 42001 alignment · SEC/consumer disclosures · security-questionnaire responses
The readiness gap

Why this is urgent, not theoretical

Adoption has outpaced control — and that gap is the exposure.

88%
had a confirmed or suspected AI-agent security incident this year
80%
report moderate-to-pervasive shadow AI
18%
have a formal AI security policy
21%
have mature governance for AI agents
Sources: Gravitee (survey of 919 organizations), ISACA & industry surveys, 2026.
The blind spot

The gap your existing stack cannot close

Your IAM/PAM, WAF and API gateways, DLP/CASB, SIEM and EDR are built for deterministic software. None can catch a legitimately-authorised AI agent, driven by untrusted input, doing something inside its permissions but outside your policy — the dominant 2026 failure mode (prompt injection, the "lethal trifecta", agentic data exfiltration).
IAM / PAM
identity authenticated, in scope
waved through
WAF / API gateway
request well-formed
waved through
DLP / CASB
sanctioned tool & channel
waved through
SIEM / EDR
no known-bad signature
waved through
Every layer says "yes." None can see the AI's intent vs your policy.
Where Trampolyne fits

Make your AI stay within intended bounds — and prove it

From pre-deployment testing, through runtime, to audit-ready evidence. Trampolyne supplies the technical controls and evidence that make each phase credible — the policies, documentation and processes stay yours.

Product Govern Build & Test Deploy & Enforce Monitor & Respond Assure
AI Red-Teaming
Shadow AI Detection & Runtime Control
Enterprise AI Security & Runtime Control
AI Compliance Assistant
core control & evidence Trampolyne provides  ·  supporting input.

AI Red-TeamingAWS Marketplace

Continuous adversarial testing on a scheduled cadence and on every material change. 27+ attack classes, working exploits + fixes, mapped to OWASP LLM Top 10 & MITRE ATLAS — the validation and buyer evidence your model-risk and security reviews ask for.

OWASP LLM Top 10MITRE ATLASNIST MAP + MEASURESR 11-7 validation input

Enterprise AI Security & Runtime Control

Sits inline and evaluates every request before the model or agent acts — RBAC/ABAC/PBAC/NGAC enforcement in milliseconds. A deterministic guardrail over a non-deterministic model. No model rewrites.

Human oversightNIST MANAGEGLBA safeguardsISO 42001 controls

Shadow AI Detection & Runtime Control

Sits between employees and every public AI tool. Classifies data by type, provenance and role, blocks sensitive data before it leaves, and logs every interaction — without killing productivity.

Data leakage to public AIGLBA / privacyISO 42001 data controls

AI Compliance Assistant

Turns enforcement, red-team and runtime evidence into review-ready answers — a continuous, per-decision audit trail for examiners, adverse-action explainability, your board and enterprise-buyer security questionnaires.

ISO 42001 audit evidenceAdverse-action trailNIST GOVERN evidence
FAQ

AI governance questions we hear from US financial institutions

Which AI rules apply to US banks and financial institutions?
There is no single US AI law for finance. Existing supervision applies: Fed/OCC/FDIC model risk management (SR 11-7, updated by SR 26-2 in April 2026); the NIST AI RMF as the de facto baseline; and consumer and data law — ECOA fair-lending and adverse-action rules, SEC disclosure expectations around "AI-washing", GLBA safeguards, and emerging state ADMT rules (Colorado 2027, California). ISO/IEC 42001 increasingly appears in vendor reviews, and the EU AI Act applies if you serve the EU.
Does SR 11-7 model risk management cover generative and agentic AI?
Partly. SR 26-2 (April 2026) supersedes SR 11-7 with a more risk-based, scalable framework, and traditional quantitative models (credit scoring, market risk, capital) remain in scope. Generative and agentic AI were explicitly placed outside the current guidance, with a request for information planned. The prudent path is to hold GenAI/agentic systems to the same lifecycle discipline while layering AI-specific controls for prompt injection, tool-call authorization and runtime behavior.
How does fair lending law apply to AI models?
AI used in credit decisions is subject to ECOA and fair-lending rules regardless of model complexity. Lenders must provide specific, accurate adverse-action reasons and cannot hide behind a "black box." That requires explainability, disparate-impact testing, and a documented, per-decision audit trail — the evidence the Assure phase produces.
Can our existing security stack secure AI agents in a bank?
No. IAM, DLP, WAF and SIEM are built for deterministic software. They cannot catch a legitimately-authorised AI agent, driven by untrusted input, doing something inside its permissions but outside your policy — the dominant 2026 failure mode. Closing it requires runtime, pre-execution policy enforcement that evaluates intent versus policy.
More playbooks

Governance playbooks for other markets

Same 5-phase structure, tuned to each market’s regulators and buyers.

See where your US AI program stands

Take the 2-page roadmap to your board, examiners and buyers — then pressure-test your position in a 20-minute call.

Positioning collateral, not legal advice. Trampolyne AI helps you align with regulatory and supervisory expectations; it does not issue certifications.