Feature AI Risk
Shadow AI in the 2026 Bank Exam: What Examiners Are Finding and the Inventory Problem Most Banks Haven't Solved
Examiners at OCC, Fed, and FDIC have elevated AI governance to a permanent exam priority — and they're finding unauthorized AI tools embedded in workflows that no one inventoried. Here's the shadow AI problem, what the CB Financial 8-K tells you, and how to build an inventory your examiners will actually accept.
Table of Contents
TL;DR
- OCC, Federal Reserve, and FDIC have made AI governance a permanent exam priority — and examiners are finding unauthorized AI tools across every business line
- CB Financial Services filed the first SEC 8-K disclosing a cybersecurity incident from an unauthorized employee AI tool in May 2026 — it’s now in every examiner’s briefing
- SR 26-2 (April 2026) updated the interagency MRM framework but explicitly excludes generative AI and agentic AI — leaving a governance gap precisely where shadow AI risk is highest
- Banks consistently underestimate their AI footprint by 30-50%; if your inventory doesn’t match what’s running, your examiner will notice
On May 5, 2026, CB Financial Services — a Pennsylvania community bank — filed a Form 8-K with the SEC disclosing a cybersecurity incident. The cause: an employee had been using an unauthorized AI tool, and customer data was exposed. It was the first SEC disclosure specifically tied to unauthorized AI use at a bank. If you hadn’t seen it, your examiners have. They’re using it.
The incident crystallized what federal bank examiners have been signaling for two examination cycles: the shadow AI problem isn’t theoretical anymore, and it’s not limited to large banks running proprietary models. It shows up wherever employees have browser access and a work problem to solve. The question for your next exam isn’t whether you have an AI policy — it’s whether you can produce an inventory that accounts for what’s actually running.
What “Shadow AI” Means in a Bank Context
Shadow AI is the population of AI tools operating in your institution without formal IT approval, compliance review, or risk management oversight. The term borrows from “shadow IT” — the unsanctioned technology that business lines deploy to solve problems when official procurement is too slow. But AI has accelerated the problem dramatically.
In a traditional shadow IT environment, an employee might install unauthorized software that creates a vulnerability. In a shadow AI environment, the same employee is processing customer data through an external model, generating compliance-adjacent outputs, or embedding AI assistance into workflows that touch regulated activities — without anyone in risk management knowing it’s happening.
The scale is consistent across industries: Salesforce’s 2026 Workforce AI Survey found that 67% of employees use AI tools at work, while only 18% of companies have formal AI security policies in place. For banks operating under BSA/AML, fair lending, model risk management, and data privacy obligations, that gap between usage and governance isn’t just a technology risk — it’s a regulatory exposure.
The Productiv 2026 research is equally instructive for inventory planning: the average enterprise has 14 AI tools in active use, but IT departments are aware of only 4 to 5. That ratio holds even at organizations that believe they have AI governance programs. The tools IT doesn’t know about are the ones that become exam findings.
The Examination Environment in 2026
OCC and Federal Reserve examiners elevated AI governance to a standing exam priority beginning with 2026 examination cycles. It’s no longer a thematic review or a “we might ask about this” item — it’s a permanent agenda component. The FDIC followed the same trajectory.
What’s driving it: a combination of the SR 26-2 MRM update, the acceleration of AI deployment at community and regional banks, and incidents like the CB Financial 8-K showing that the risk isn’t hypothetical. Examiners who spent 2024 and 2025 asking general questions about AI strategy are now asking specific questions about AI inventory, risk tiering, and validation programs.
The examination requests look like this:
- Provide a complete inventory of all AI tools and models in use across the enterprise, including business-deployed SaaS tools
- Explain your risk-tiering methodology — how do you determine which AI applications require formal model validation?
- Provide validation evidence for models classified as high-risk
- Provide a sample of vendor contracts for your top AI vendors — do they include AI-specific terms?
- Show us your board-level AI risk reporting — how often does governance receive AI risk updates?
That fifth question is where many banks get caught. The policy exists. The inventory exists, in some form. But the documented governance trail — evidence that the board or risk committee is receiving regular AI risk information — often doesn’t.
The SR 26-2 Gap: Why Your MRM Program Doesn’t Cover Your Biggest Risk
SR 26-2, issued jointly by the Federal Reserve, OCC, and FDIC on April 17, 2026, was the first meaningful update to the interagency model risk management framework since SR 11-7. It modernized guidance on model validation, governance expectations, and third-party model risk.
Here’s the problem: SR 26-2 explicitly excludes generative AI models and agentic AI systems from its scope.
The agencies acknowledged the exclusion directly — the guidance states that generative AI and agentic AI present distinct risk profiles that will be addressed in separate guidance. That separate guidance hasn’t published. In the interim, banks are being examined on AI governance even though the updated MRM framework — the framework that would tell you what “good” AI governance looks like — doesn’t cover the tools examiners are most concerned about.
The practical consequence: a bank can have a fully SR 26-2 compliant model risk program and still have examiners walk out with findings about its ChatGPT Enterprise deployment, its Microsoft Copilot rollout, or its AI-assisted loan origination tools — because those tools fall in the gap between the existing MRM framework and the forthcoming GenAI guidance.
The governance gap creates an inventory problem. If your MRM framework only captures models that fall within SR 26-2 scope, you have a defined boundary for what goes in the inventory. Generative AI tools don’t fit that boundary — so they tend not to get inventoried under MRM, and they tend to also fall outside IT security’s traditional software asset management. The result: a meaningful portion of your actual AI footprint is in no one’s register.
The Inventory Problem: Why 30-50% Always Goes Missing
Banks conducting thorough AI inventories — the kind that involve surveying business line leaders, reviewing SaaS subscription logs, and checking browser extension usage — consistently discover 30 to 50 percent more AI tools than their initial estimates.
This is structural, not accidental. AI deployment in banks happens simultaneously across multiple vectors:
Centrally procured tools — Microsoft Copilot, ServiceNow AI, core banking vendor AI features — that IT knows about but may not have inventoried under an AI-specific framework.
Business-line-deployed SaaS — Credit analysts subscribing to AI research tools, compliance officers using AI document summarization, HR using AI screening — often procured on corporate cards or through vendor trials, not through central IT.
Vendor-embedded AI — Your existing vendors are adding AI features to products you already use. Your core banking system, your loan origination platform, your compliance monitoring tool — many have added AI capabilities in the last 18 months that were not in scope when your original vendor risk assessment was completed.
Employee-deployed consumer AI — This is where the CB Financial Services incident lives. Employees using personal or work accounts to access Claude, ChatGPT, Gemini, or specialized AI tools, processing work data through those tools, without any institutional awareness.
A defensible AI inventory needs to capture all four vectors. Most banks’ initial inventories capture the first and sometimes the second. Examiners are trained to probe for the third and fourth, because that’s where the risk concentrates.
The 73 percent statistic that surfaced in a June 2026 survey of 230 banking professionals is worth sitting with: 73% of respondents said they could not confirm their institution’s ability to shut down a malfunctioning AI model or report an AI failure to regulators within required timeframes. That’s not a policy gap — it’s an operational readiness gap that only an accurate inventory can close.
What Examiners Actually Ask For
The examination request that trips banks up most consistently isn’t the inventory itself — it’s the evidence that the inventory was produced through a systematic process, not assembled in response to the exam request.
A dated, versioned AI inventory that predates the examination and shows review activity over time signals governance maturity. An inventory that appears to have been compiled last week signals that you’re building your program around the exam schedule, not around actual risk management.
The specific documentation examiners want:
Per-tool inventory fields:
- Tool name and vendor
- Business function and use case description
- Data inputs (does it process customer data? regulated data? employee data?)
- Risk tier classification and the criteria used to assign it
- Validation status — has this tool been tested? By whom? When?
- Control owner — who in the organization is accountable for this tool?
- Last review date
Governance documentation:
- Board or risk committee AI risk reporting — at minimum quarterly
- AI acceptable use policy with enforcement evidence
- Vendor AI addendum status — which vendors have you obtained AI-specific contractual terms from?
- Incident response integration — is AI failure a defined incident type in your IR plan?
The vendor contract point is increasingly examined. Examiners are asking whether your AI vendor agreements include provisions on: model change notification, data handling and retention by the vendor’s AI system, indemnification for AI-generated errors, and your right to audit vendor AI practices. Standard SaaS agreements don’t have these provisions. If you’ve been adding AI tools without updating vendor contracts, that’s a gap.
Building an Inventory That Survives an Exam
The inventory process that consistently holds up under examination has three phases:
Phase 1: Discovery
Start with sources, not surveys. Pull your SaaS subscription logs, expense reports with software charges, browser extension logs from managed devices, and IT procurement records. Cross-reference against your existing vendor inventory. Then survey business line leaders — not asking “do you use AI?” but asking “which of your workflows involve any AI-assisted tools, including features in software you already use?”
The vendor-embedded AI question is the one most banks miss. Your document management system has AI summarization. Your email platform has AI drafting features. Your compliance monitoring tool added AI transaction categorization. These need to be in the inventory whether or not they were procured specifically as AI tools.
Phase 2: Risk Tiering
Every tool in the inventory needs a risk tier, and the tiering methodology needs to be defensible. A workable framework:
| Tier | Criteria | Governance Requirement |
|---|---|---|
| High | Customer decisions, credit, fair lending, BSA, output used without human review | Full model validation, board reporting |
| Medium | Internal decisions, significant workflow impact, customer data processed | Risk assessment, periodic review |
| Low | Productivity assistance, no customer data, output always human-reviewed | Acceptable use policy, logging |
“Output used without human review” is the determinative factor for Tier 1. If an AI output directly feeds a customer decision without a human checking it first, that tool needs formal validation treatment regardless of how it’s branded or marketed.
Phase 3: Gap Remediation
For any tool that’s in the inventory but lacks required governance documentation, build a remediation timeline. Examiners understand that legacy tools and recently discovered tools will have gaps. What they expect is a plan with dates, owners, and evidence of progress.
The AI risk assessment framework that structures this inventory and tiering process includes the field specifications that align with current examiner expectations — particularly on the risk tiering criteria that examiners are challenging most frequently.
The Three Findings That Become MRAs
Based on the examination pattern across 2025 and early 2026, three specific findings are generating Matters Requiring Attention most frequently:
Finding 1: Incomplete inventory with no systematic discovery process. Banks that assembled inventories from memory or central IT knowledge, without business line outreach or SaaS log analysis, produce inventories that examiners can quickly demonstrate are incomplete. The finding isn’t that the inventory has gaps — it’s that the process for building it was inadequate to find them.
Finding 2: Risk tiering with no documented criteria. An inventory that lists tools with risk tiers but can’t explain how the tiers were assigned is treated as ungoverned. Examiners will ask you to walk through your tiering rationale for two or three tools. If the answer is “our team made a judgment call,” that’s insufficient.
Finding 3: No board-level AI risk reporting. The governance expectation has shifted. Boards at institutions of all sizes are expected to receive AI risk information — the specific tools in use, the risk profile, any incidents or near-misses, and the status of the governance program. If the board has approved an AI policy but has never received an AI risk report, that’s an MRA.
The board reporting templates in the AI governance implementation guide cover the format and content frequency that examiners are expecting in 2026 — including how to structure AI risk reporting for community bank boards that aren’t yet fluent in model risk concepts.
So What?
The CB Financial 8-K put unauthorized AI on every bank examiner’s radar. SR 26-2’s exclusion of generative AI created a governance vacuum precisely where shadow AI risk is highest. And the examination cadence has shifted — AI governance isn’t a forward-looking topic anymore, it’s a current examination item.
The good news is that the inventory problem is solvable. It requires a systematic discovery process, not an advanced technical program. A community bank with $2 billion in assets can build a defensible AI inventory in four to six weeks with the right framework. The banks generating MRAs aren’t failing because their AI programs are too complex — they’re failing because no one ran the discovery process before the exam.
Three things to do before your next examination cycle:
- Run a full discovery process — SaaS logs, expense reports, vendor embedded AI review, and business line surveys. Assume your current count is 40% low.
- Document your tiering methodology — Write down the criteria before you apply them to the inventory. The methodology is what examiners are reviewing, not just the tiers.
- Get AI on the board agenda — A single AI risk report to the board or risk committee, documented in meeting minutes, closes the most common exam finding before it starts.
An AI Risk Assessment Template provides the inventory structure, risk tiering framework, and vendor assessment criteria that align with current examiner expectations — including the field-level documentation that makes the difference between an inventory that satisfies and one that generates follow-up questions.
The full picture of what OCC and Federal Reserve examiners are asking in 2026 AI reviews includes the specific questions being asked in examination letters — useful context for confirming your documentation covers the right ground before the exam team arrives.
Sources:
- CB Financial Services Form 8-K, SEC EDGAR, May 5, 2026
- Federal Reserve SR 26-2: Interagency Guidance on Model Risk Management, April 17, 2026
- Salesforce State of Work and AI Report 2026
- ABA Banking Journal: AI Governance Examination Priorities 2026
- Productiv SaaS Intelligence Report 2026: The AI Shadow IT Problem
◆ Need the working template?
Start with the source guide.
These answer-first guides summarize the required fields, evidence, and implementation steps behind the templates practitioners search for.
◆ Related template
AI Risk Assessment Template & Guide
Comprehensive AI model governance and risk assessment templates for financial services teams.
◆ Immaterial Findings · Weekly
Sharp risk & compliance insights. No fluff.
◆ FAQ
Frequently asked questions.
What is shadow AI and why does it matter for bank examinations?
What happened in the CB Financial Services AI incident?
Does SR 26-2 apply to generative AI and agentic AI tools?
What do examiners look for when reviewing AI governance?
How large is the typical shadow AI problem at banks?
What should a bank's AI inventory contain to satisfy exam requirements?
Author
Rebecca Leung
Rebecca Leung has 8+ years of risk and compliance experience across first and second line roles at commercial banks, asset managers, and fintechs. Former management consultant advising financial institutions on risk strategy. Founder of RiskTemplates.
◆ Related framework
AI Risk Assessment Template & Guide
Comprehensive AI model governance and risk assessment templates for financial services teams.
◆ Keep reading
Related posts.
AI Risk
Agentic AI in Financial Services 2026: The Governance Framework Your Board Doesn't Know It Needs
SR 26-2 carved agentic AI out of model risk scope in April 2026. That didn't make the risk disappear — it moved the governance burden entirely onto you. Here's what a functional agentic AI governance framework looks like and why you need one before your next exam.
Jul 6, 2026
AI Risk
SR 26-2 for Community and Regional Banks: What the Proportionality Principle Actually Requires
SR 26-2 and OCC 2026-13 replaced SR 11-7 on April 17, 2026 — and the proportionality principle changes what model risk management looks like for banks under $100 billion. Here's what's actually required, what's still expected, and how to calibrate your program.
Jul 3, 2026
AI Risk
SR 26-2 and OCC 2026-13: What the New Model Risk Management Guidance Changes — and the GenAI Gap Your Program Needs to Close
The interagency guidance that replaced SR 11-7 on April 17, 2026 is voluntary and principles-based — and it explicitly excludes generative AI and agentic AI from scope. Here's what changed, what examiners will still test, and the gap your AI governance program needs to close before the AI-specific RFI lands.
Jul 2, 2026