Skip to content
RiskTemplates · The Daily Brief Thursday, July 9, 2026
Wire CFPB's New Enforcement Principles: What the Bilt Case Tells You About How the Bureau Intends to Police Consumer Finance JUN 22

Feature AI Risk

Shadow AI in the 2026 Bank Exam: What Examiners Are Finding and the Inventory Problem Most Banks Haven't Solved

Examiners at OCC, Fed, and FDIC have elevated AI governance to a permanent exam priority — and they're finding unauthorized AI tools embedded in workflows that no one inventoried. Here's the shadow AI problem, what the CB Financial 8-K tells you, and how to build an inventory your examiners will actually accept.

By Rebecca Leung · June 21, 2026 ·
Table of Contents

TL;DR

  • OCC, Federal Reserve, and FDIC have made AI governance a permanent exam priority — and examiners are finding unauthorized AI tools across every business line
  • CB Financial Services filed the first SEC 8-K disclosing a cybersecurity incident from an unauthorized employee AI tool in May 2026 — it’s now in every examiner’s briefing
  • SR 26-2 (April 2026) updated the interagency MRM framework but explicitly excludes generative AI and agentic AI — leaving a governance gap precisely where shadow AI risk is highest
  • Banks consistently underestimate their AI footprint by 30-50%; if your inventory doesn’t match what’s running, your examiner will notice

On May 5, 2026, CB Financial Services — a Pennsylvania community bank — filed a Form 8-K with the SEC disclosing a cybersecurity incident. The cause: an employee had been using an unauthorized AI tool, and customer data was exposed. It was the first SEC disclosure specifically tied to unauthorized AI use at a bank. If you hadn’t seen it, your examiners have. They’re using it.

The incident crystallized what federal bank examiners have been signaling for two examination cycles: the shadow AI problem isn’t theoretical anymore, and it’s not limited to large banks running proprietary models. It shows up wherever employees have browser access and a work problem to solve. The question for your next exam isn’t whether you have an AI policy — it’s whether you can produce an inventory that accounts for what’s actually running.

What “Shadow AI” Means in a Bank Context

Shadow AI is the population of AI tools operating in your institution without formal IT approval, compliance review, or risk management oversight. The term borrows from “shadow IT” — the unsanctioned technology that business lines deploy to solve problems when official procurement is too slow. But AI has accelerated the problem dramatically.

In a traditional shadow IT environment, an employee might install unauthorized software that creates a vulnerability. In a shadow AI environment, the same employee is processing customer data through an external model, generating compliance-adjacent outputs, or embedding AI assistance into workflows that touch regulated activities — without anyone in risk management knowing it’s happening.

The scale is consistent across industries: Salesforce’s 2026 Workforce AI Survey found that 67% of employees use AI tools at work, while only 18% of companies have formal AI security policies in place. For banks operating under BSA/AML, fair lending, model risk management, and data privacy obligations, that gap between usage and governance isn’t just a technology risk — it’s a regulatory exposure.

The Productiv 2026 research is equally instructive for inventory planning: the average enterprise has 14 AI tools in active use, but IT departments are aware of only 4 to 5. That ratio holds even at organizations that believe they have AI governance programs. The tools IT doesn’t know about are the ones that become exam findings.

The Examination Environment in 2026

OCC and Federal Reserve examiners elevated AI governance to a standing exam priority beginning with 2026 examination cycles. It’s no longer a thematic review or a “we might ask about this” item — it’s a permanent agenda component. The FDIC followed the same trajectory.

What’s driving it: a combination of the SR 26-2 MRM update, the acceleration of AI deployment at community and regional banks, and incidents like the CB Financial 8-K showing that the risk isn’t hypothetical. Examiners who spent 2024 and 2025 asking general questions about AI strategy are now asking specific questions about AI inventory, risk tiering, and validation programs.

The examination requests look like this:

  • Provide a complete inventory of all AI tools and models in use across the enterprise, including business-deployed SaaS tools
  • Explain your risk-tiering methodology — how do you determine which AI applications require formal model validation?
  • Provide validation evidence for models classified as high-risk
  • Provide a sample of vendor contracts for your top AI vendors — do they include AI-specific terms?
  • Show us your board-level AI risk reporting — how often does governance receive AI risk updates?

That fifth question is where many banks get caught. The policy exists. The inventory exists, in some form. But the documented governance trail — evidence that the board or risk committee is receiving regular AI risk information — often doesn’t.

The SR 26-2 Gap: Why Your MRM Program Doesn’t Cover Your Biggest Risk

SR 26-2, issued jointly by the Federal Reserve, OCC, and FDIC on April 17, 2026, was the first meaningful update to the interagency model risk management framework since SR 11-7. It modernized guidance on model validation, governance expectations, and third-party model risk.

Here’s the problem: SR 26-2 explicitly excludes generative AI models and agentic AI systems from its scope.

The agencies acknowledged the exclusion directly — the guidance states that generative AI and agentic AI present distinct risk profiles that will be addressed in separate guidance. That separate guidance hasn’t published. In the interim, banks are being examined on AI governance even though the updated MRM framework — the framework that would tell you what “good” AI governance looks like — doesn’t cover the tools examiners are most concerned about.

The practical consequence: a bank can have a fully SR 26-2 compliant model risk program and still have examiners walk out with findings about its ChatGPT Enterprise deployment, its Microsoft Copilot rollout, or its AI-assisted loan origination tools — because those tools fall in the gap between the existing MRM framework and the forthcoming GenAI guidance.

The governance gap creates an inventory problem. If your MRM framework only captures models that fall within SR 26-2 scope, you have a defined boundary for what goes in the inventory. Generative AI tools don’t fit that boundary — so they tend not to get inventoried under MRM, and they tend to also fall outside IT security’s traditional software asset management. The result: a meaningful portion of your actual AI footprint is in no one’s register.

The Inventory Problem: Why 30-50% Always Goes Missing

Banks conducting thorough AI inventories — the kind that involve surveying business line leaders, reviewing SaaS subscription logs, and checking browser extension usage — consistently discover 30 to 50 percent more AI tools than their initial estimates.

This is structural, not accidental. AI deployment in banks happens simultaneously across multiple vectors:

Centrally procured tools — Microsoft Copilot, ServiceNow AI, core banking vendor AI features — that IT knows about but may not have inventoried under an AI-specific framework.

Business-line-deployed SaaS — Credit analysts subscribing to AI research tools, compliance officers using AI document summarization, HR using AI screening — often procured on corporate cards or through vendor trials, not through central IT.

Vendor-embedded AI — Your existing vendors are adding AI features to products you already use. Your core banking system, your loan origination platform, your compliance monitoring tool — many have added AI capabilities in the last 18 months that were not in scope when your original vendor risk assessment was completed.

Employee-deployed consumer AI — This is where the CB Financial Services incident lives. Employees using personal or work accounts to access Claude, ChatGPT, Gemini, or specialized AI tools, processing work data through those tools, without any institutional awareness.

A defensible AI inventory needs to capture all four vectors. Most banks’ initial inventories capture the first and sometimes the second. Examiners are trained to probe for the third and fourth, because that’s where the risk concentrates.

The 73 percent statistic that surfaced in a June 2026 survey of 230 banking professionals is worth sitting with: 73% of respondents said they could not confirm their institution’s ability to shut down a malfunctioning AI model or report an AI failure to regulators within required timeframes. That’s not a policy gap — it’s an operational readiness gap that only an accurate inventory can close.

What Examiners Actually Ask For

The examination request that trips banks up most consistently isn’t the inventory itself — it’s the evidence that the inventory was produced through a systematic process, not assembled in response to the exam request.

A dated, versioned AI inventory that predates the examination and shows review activity over time signals governance maturity. An inventory that appears to have been compiled last week signals that you’re building your program around the exam schedule, not around actual risk management.

The specific documentation examiners want:

Per-tool inventory fields:

  • Tool name and vendor
  • Business function and use case description
  • Data inputs (does it process customer data? regulated data? employee data?)
  • Risk tier classification and the criteria used to assign it
  • Validation status — has this tool been tested? By whom? When?
  • Control owner — who in the organization is accountable for this tool?
  • Last review date

Governance documentation:

  • Board or risk committee AI risk reporting — at minimum quarterly
  • AI acceptable use policy with enforcement evidence
  • Vendor AI addendum status — which vendors have you obtained AI-specific contractual terms from?
  • Incident response integration — is AI failure a defined incident type in your IR plan?

The vendor contract point is increasingly examined. Examiners are asking whether your AI vendor agreements include provisions on: model change notification, data handling and retention by the vendor’s AI system, indemnification for AI-generated errors, and your right to audit vendor AI practices. Standard SaaS agreements don’t have these provisions. If you’ve been adding AI tools without updating vendor contracts, that’s a gap.

Building an Inventory That Survives an Exam

The inventory process that consistently holds up under examination has three phases:

Phase 1: Discovery

Start with sources, not surveys. Pull your SaaS subscription logs, expense reports with software charges, browser extension logs from managed devices, and IT procurement records. Cross-reference against your existing vendor inventory. Then survey business line leaders — not asking “do you use AI?” but asking “which of your workflows involve any AI-assisted tools, including features in software you already use?”

The vendor-embedded AI question is the one most banks miss. Your document management system has AI summarization. Your email platform has AI drafting features. Your compliance monitoring tool added AI transaction categorization. These need to be in the inventory whether or not they were procured specifically as AI tools.

Phase 2: Risk Tiering

Every tool in the inventory needs a risk tier, and the tiering methodology needs to be defensible. A workable framework:

TierCriteriaGovernance Requirement
HighCustomer decisions, credit, fair lending, BSA, output used without human reviewFull model validation, board reporting
MediumInternal decisions, significant workflow impact, customer data processedRisk assessment, periodic review
LowProductivity assistance, no customer data, output always human-reviewedAcceptable use policy, logging

“Output used without human review” is the determinative factor for Tier 1. If an AI output directly feeds a customer decision without a human checking it first, that tool needs formal validation treatment regardless of how it’s branded or marketed.

Phase 3: Gap Remediation

For any tool that’s in the inventory but lacks required governance documentation, build a remediation timeline. Examiners understand that legacy tools and recently discovered tools will have gaps. What they expect is a plan with dates, owners, and evidence of progress.

The AI risk assessment framework that structures this inventory and tiering process includes the field specifications that align with current examiner expectations — particularly on the risk tiering criteria that examiners are challenging most frequently.

The Three Findings That Become MRAs

Based on the examination pattern across 2025 and early 2026, three specific findings are generating Matters Requiring Attention most frequently:

Finding 1: Incomplete inventory with no systematic discovery process. Banks that assembled inventories from memory or central IT knowledge, without business line outreach or SaaS log analysis, produce inventories that examiners can quickly demonstrate are incomplete. The finding isn’t that the inventory has gaps — it’s that the process for building it was inadequate to find them.

Finding 2: Risk tiering with no documented criteria. An inventory that lists tools with risk tiers but can’t explain how the tiers were assigned is treated as ungoverned. Examiners will ask you to walk through your tiering rationale for two or three tools. If the answer is “our team made a judgment call,” that’s insufficient.

Finding 3: No board-level AI risk reporting. The governance expectation has shifted. Boards at institutions of all sizes are expected to receive AI risk information — the specific tools in use, the risk profile, any incidents or near-misses, and the status of the governance program. If the board has approved an AI policy but has never received an AI risk report, that’s an MRA.

The board reporting templates in the AI governance implementation guide cover the format and content frequency that examiners are expecting in 2026 — including how to structure AI risk reporting for community bank boards that aren’t yet fluent in model risk concepts.

So What?

The CB Financial 8-K put unauthorized AI on every bank examiner’s radar. SR 26-2’s exclusion of generative AI created a governance vacuum precisely where shadow AI risk is highest. And the examination cadence has shifted — AI governance isn’t a forward-looking topic anymore, it’s a current examination item.

The good news is that the inventory problem is solvable. It requires a systematic discovery process, not an advanced technical program. A community bank with $2 billion in assets can build a defensible AI inventory in four to six weeks with the right framework. The banks generating MRAs aren’t failing because their AI programs are too complex — they’re failing because no one ran the discovery process before the exam.

Three things to do before your next examination cycle:

  1. Run a full discovery process — SaaS logs, expense reports, vendor embedded AI review, and business line surveys. Assume your current count is 40% low.
  2. Document your tiering methodology — Write down the criteria before you apply them to the inventory. The methodology is what examiners are reviewing, not just the tiers.
  3. Get AI on the board agenda — A single AI risk report to the board or risk committee, documented in meeting minutes, closes the most common exam finding before it starts.

An AI Risk Assessment Template provides the inventory structure, risk tiering framework, and vendor assessment criteria that align with current examiner expectations — including the field-level documentation that makes the difference between an inventory that satisfies and one that generates follow-up questions.

The full picture of what OCC and Federal Reserve examiners are asking in 2026 AI reviews includes the specific questions being asked in examination letters — useful context for confirming your documentation covers the right ground before the exam team arrives.


Sources:

◆ Need the working template?

Start with the source guide.

These answer-first guides summarize the required fields, evidence, and implementation steps behind the templates practitioners search for.

◆ Immaterial Findings · Weekly

Sharp risk & compliance insights. No fluff.

◆ FAQ

Frequently asked questions.

What is shadow AI and why does it matter for bank examinations?
Shadow AI refers to AI tools and models deployed within a bank's operations without formal IT approval, risk management review, or inventory capture. It matters for exams because OCC, Federal Reserve, and FDIC examiners are now specifically requesting complete AI inventories — and banks routinely discover 30-50% more AI footprint than they initially estimated. If your inventory doesn't match what's actually running, you have an immediate credibility problem with your examiner.
What happened in the CB Financial Services AI incident?
CB Financial Services (a Pennsylvania community bank) filed a Form 8-K with the SEC on May 5, 2026 disclosing a cybersecurity incident involving unauthorized use of an AI tool by an employee. Customer data was exposed. It was the first SEC 8-K disclosure specifically tied to an unauthorized AI tool — and it's now a case study regulators and examiners are using when they ask about your AI governance controls.
Does SR 26-2 apply to generative AI and agentic AI tools?
No — and that's the gap. SR 26-2 (issued April 17, 2026 by the Federal Reserve, OCC, and FDIC) updated the interagency model risk management framework, but it explicitly excludes generative AI and agentic AI models from its scope. That means the updated MRM framework doesn't govern your ChatGPT Enterprise deployment or your agentic workflow tools. Banks are being examined on AI governance even though the regulatory framework that would structure that governance doesn't yet cover the tools examiners are most concerned about.
What do examiners look for when reviewing AI governance?
In 2026 examinations, examiners are requesting: (1) a complete inventory of all AI tools and models in use across the enterprise, including business-deployed tools; (2) a risk-tiering methodology showing how each tool is categorized; (3) validation or testing evidence for higher-risk models; (4) vendor contracts with AI-specific terms covering model changes, data handling, and indemnification; and (5) board-level AI risk reporting — evidence that someone at the governance level is getting regular AI risk updates.
How large is the typical shadow AI problem at banks?
Banks conducting thorough AI inventories typically discover 30-50% more AI tools than their initial estimates. Separately, research from Productiv found the average enterprise has 14 AI tools, but IT departments are aware of only 4-5. For banks, the gap is particularly acute because AI deployment happens simultaneously across business lines — credit, operations, compliance, customer service, marketing — often without central coordination.
What should a bank's AI inventory contain to satisfy exam requirements?
A defensible AI inventory needs: the tool name and vendor, the business function and use case, the data inputs (including whether customer data or regulated data is processed), risk tier classification, validation status, the control owner, and last review date. Employee-deployed SaaS AI tools (Copilot, Grammarly Business, ChatGPT Enterprise) need to be included alongside internally developed models. If your inventory doesn't include the SaaS tools, examiners will find them — and they'll know your inventory is incomplete.
Rebecca Leung

Author

Rebecca Leung

Rebecca Leung has 8+ years of risk and compliance experience across first and second line roles at commercial banks, asset managers, and fintechs. Former management consultant advising financial institutions on risk strategy. Founder of RiskTemplates.

◆ Related framework

AI Risk Assessment Template & Guide

Comprehensive AI model governance and risk assessment templates for financial services teams.

Immaterial Findings · Newsletter

The brief, in your inbox.

Enforcement of the week, a framework breakdown, and the prompts that are actually worth running. Delivered to your inbox. Free.