Feature AI Risk
Agentic AI in Financial Services 2026: The Governance Framework Your Board Doesn't Know It Needs
SR 26-2 carved agentic AI out of model risk scope in April 2026. That didn't make the risk disappear — it moved the governance burden entirely onto you. Here's what a functional agentic AI governance framework looks like and why you need one before your next exam.
Table of Contents
On April 17, 2026, the Federal Reserve, OCC, and FDIC jointly issued SR 26-2 — the first overhaul of model risk guidance in fifteen years. The headline was what it covered. The story that matters for risk teams is what it didn’t cover.
TL;DR
- SR 26-2 (April 2026) explicitly excludes generative AI and agentic AI from model risk scope — calling them “novel and rapidly evolving”
- The exclusion shifts governance responsibility entirely to the institution, with no regulatory template
- NYDFS Part 500 + May 2026 frontier AI guidance creates real compliance obligations for NY-regulated entities using AI agents
- The Financial Stability Board is signaling what supervisors globally expect: agent identifiers, restricted external access, and transaction controls
Agentic AI — systems that autonomously plan and execute multi-step tasks without human approval at each step — is no longer a lab experiment. It’s in production at financial institutions right now: running compliance checks, drafting regulatory filings, executing multi-step data queries, and interacting with external APIs. And as of April 2026, the regulatory guidance framework explicitly has nothing to say about how to govern it.
“Outside the framework is not outside the risk perimeter.” That line comes from an analysis of SR 26-2’s AI exclusion, and it’s the most important thing compliance and risk teams need to internalize.
What SR 26-2 Actually Says About Agentic AI
SR 26-2 replaced SR 11-7, which had governed model risk management for fifteen years. The new guidance is intentionally principles-based and voluntary — a significant departure from SR 11-7’s de facto mandatory standards.
On AI, the guidance makes a critical distinction: traditional statistical and quantitative models remain fully in scope. Generative AI (LLMs, diffusion models) and agentic AI are explicitly excluded. The rationale is honest: these systems are novel, rapidly evolving, and the core validation concepts from SR 11-7 — conceptual soundness, outcomes analysis, ongoing monitoring — don’t translate cleanly to systems whose outputs are generative or whose behavior emerges from chains of autonomous decisions.
The agencies have promised a separate AI-specific Request for Information. As of July 2026, it has not been published.
The nuance that matters: If an AI agent accesses or utilizes a traditional statistical model — a credit scoring model, a fraud detection model, an AML transaction monitoring model — that underlying model remains fully in scope under SR 26-2. The exclusion applies to the agent layer itself, not to the models it invokes. This means your governance program needs to track which traditional models are being called by agents, and make sure those models are still getting proper validation regardless of how they’re being accessed.
For a deeper look at what SR 26-2 actually changed (and what examiners will still test), see our post on SR 26-2 and the GenAI governance gap.
What NYDFS Expects Right Now
While the federal model risk framework punted on agentic AI, NYDFS hasn’t been quiet.
NYDFS Part 500’s 2023 amendments already require covered financial institutions to include AI systems within their cybersecurity programs — risk assessments, access controls, and audit trails for any AI system processing customer data. An AI agent that touches customer data, accesses internal systems, or interfaces with third parties is squarely within the scope of what Part 500 requires you to have assessed and documented.
In May 2026, NYDFS amplified this with frontier AI guidance warning that frontier AI models amplify the speed and scale at which vulnerabilities are discovered and exploited. The guidance directed covered entities to strengthen vulnerability management, third-party coordination, secure programming practices, and monitoring and reporting specifically in the context of AI deployment.
If you’re NYDFS-supervised and using AI agents — even off-the-shelf agents from vendors — and you haven’t updated your Part 500 risk assessment to address those agents explicitly, you have a gap. Our post on the NYDFS May 2026 frontier AI cybersecurity guidance walks through the specific requirements.
The RAISE Act: What Your AI Vendors Now Owe You
New York’s Responsible AI Safety and Education Act (RAISE Act) was signed by Governor Hochul on March 27, 2026 and takes effect January 1, 2027. It doesn’t apply to most financial institutions directly — it targets AI developers with $500M+ in annual revenue operating frontier models trained using 10^26+ FLOPs with $100M+ compute costs. OpenAI, Google DeepMind, Anthropic — those developers.
But for financial institutions using those developers’ models and agents, the RAISE Act creates indirect compliance obligations through your vendor relationships. Under the Act, covered developers must:
- Publish safety and security protocols
- Report incidents to NYDFS within 72 hours of determining one occurred
- File disclosure statements with NYDFS
- Potentially undergo annual independent audits
Penalties start at $1 million for an initial violation and reach $3 million for subsequent violations. NYDFS has broad rulemaking and enforcement authority under the amended Act.
What this means practically: your third-party AI vendor due diligence now needs a RAISE Act component. You should know whether your key AI vendors are covered developers, what their safety protocols say, and whether they have incident reporting obligations that would affect your SLA and notification requirements if an AI system fails.
The Governor Hochul’s signing announcement includes the key provisions worth reviewing with your vendor management and legal teams.
What the FSB’s Framework Tells You About Where Global Supervisors Are Heading
Regulatory guidance tends to lag deployment by 18-24 months. But the Financial Stability Board’s work on AI agents gives you a preview of where supervisory expectations are heading globally — and therefore what your governance program should be building toward now.
The FSB’s recommended controls for AI agents in financial services include:
- Individual agent identifiers: Every AI agent should have a traceable identity so its actions can be attributed, audited, and reconstructed. Not “our AI system did this” — the specific agent instance, with its version, configuration, and access scope.
- Human approval gates for external system interactions: Agents that can interact with external systems — APIs, external databases, third-party services — should require explicit human approval or have technical controls preventing autonomous external actions beyond defined parameters.
- Transaction-level controls: Any AI agent that can execute financial transactions — even internal ones — needs hard limits and human-in-the-loop checkpoints. An agent that can approve a wire, move a balance, or modify a credit decision is a fundamentally different risk profile than one that can only read data.
These aren’t requirements yet. They’re the baseline that will become requirements once the AI-specific RFI closes and guidance gets issued. Build toward them now and you’re ahead of the curve; ignore them and your next exam cycle after guidance drops will be expensive.
Building a Governance Framework for Agentic AI
The core problem with agentic AI governance is that the validation playbook from SR 11-7/SR 26-2 doesn’t transfer cleanly. You can’t backtest an agent the way you backtest a credit model. You can’t evaluate “conceptual soundness” for a system that’s autonomously reasoning through multi-step tasks.
What you can do is establish governance around the conditions under which agents operate:
1. Agent Inventory and Risk Tiering
Extend your AI use case inventory to specifically capture agentic systems. For each agent:
- What is it authorized to do? (read data vs. execute actions vs. make decisions vs. communicate externally)
- What data can it access?
- What is the maximum impact of an autonomous decision it makes?
- Is there a human-in-the-loop checkpoint before consequential actions?
Risk-tier agents by their autonomy level and potential impact. A read-only research agent is materially different from an agent that can draft customer communications, execute trades, or modify account settings.
2. Pre-Deployment Review
Before any agent goes to production, document:
- The agent’s permission architecture — what it can and cannot access
- The audit trail design — how every action is logged, attributed, and reviewable
- The rollback plan — if the agent produces a bad output or takes an unintended action, how do you detect it and reverse it?
- The human escalation path — what triggers a human review, and who?
This doesn’t need to be the full SR 26-2 validation framework. It needs to be documented, reviewed by risk and compliance, and approved before deployment. That evidence trail matters at exam time.
3. Ongoing Behavioral Monitoring
Agentic systems built on LLMs can change behavior as underlying models are updated. A vendor that updates their model may change how your agent reasons through tasks without telling you. Your monitoring program needs to include:
- Periodic behavioral benchmarking — does the agent still do what it was approved to do?
- Output sampling and review — especially for agents that communicate externally or produce documents
- Drift detection — statistical or qualitative signals that the agent’s behavior has shifted
See our post on SR 26-2 proportionality for community and regional banks for how to scale monitoring requirements to your institution’s size.
4. Third-Party AI Due Diligence
If you’re using an agent built by a vendor — and most institutions are — your TPRM program needs an AI-specific supplement that covers:
- What model is the agent built on? What version? How do model updates get disclosed?
- What data does the agent retain? How long? Where?
- What permission architecture does the vendor’s platform enforce?
- How does the vendor handle incidents involving their AI systems?
- For NYDFS-supervised institutions: are they a covered developer under the RAISE Act?
Standard TPRM templates don’t ask these questions. Your vendor questionnaires need updating.
5. Incident Response for AI Agent Failures
An AI agent failure is different from a system outage. The failure mode might be subtle — an agent producing consistently biased outputs, an agent gradually expanding its own access permissions, an agent taking an action that was technically within its permission scope but clearly unintended.
Your incident response plan needs a playbook specifically for AI agent incidents:
- Detection: how do you know the agent failed?
- Isolation: can you suspend the agent without taking down the systems it connects to?
- Rollback: can you reverse the actions it took?
- Notification: do you need to notify NYDFS or other regulators? (Under Part 500, a cybersecurity event involving an AI system may trigger notification requirements)
- Documentation: what evidence do you preserve for the regulatory file?
The Compliance Reality in Q3 2026
Let’s be direct about where this lands. There is no prescriptive regulatory framework for agentic AI governance at U.S.-regulated financial institutions as of today. SR 26-2 explicitly excluded it. The AI-specific RFI hasn’t landed. The RAISE Act doesn’t take effect until 2027.
But Freshfields analysis of AI in financial services captures the examiner posture correctly: regulatory expectations for AI governance are rising even ahead of formal guidance. Examiners are asking about AI in every examination regardless of whether specific AI guidance exists. “We don’t have formal AI governance because there’s no specific rule requiring it” is not a satisfying answer.
What examiners are looking for right now: evidence that you’ve thought about the risk, documented what you’re doing, and have controls around the areas of highest potential impact. A thoughtful internal framework — even an imperfect one — is dramatically better than a blank page.
So What?
Agentic AI is in your institution right now, or it will be within the next 12 months. The regulatory framework that should govern it deliberately punted. That means the governance gap is yours to fill before examiners start asking about it — and they will.
Three things to do in Q3 2026:
- Inventory your agentic AI systems — what agents are you running, what can they do, what data can they access?
- Review your NYDFS Part 500 risk assessment — does it explicitly address AI agents and their cybersecurity risk profile?
- Update your TPRM vendor questionnaires to add AI-specific fields, including RAISE Act coverage for your key AI model vendors
The AI Risk Assessment Template & Guide includes an AI use case inventory with auto-tiering, pre-deployment checklists, third-party AI vendor questionnaire, and worked examples across 8 AI use cases — built for the 2026 regulatory landscape including SR 26-2 and NYDFS expectations.
Sources:
- NY Overhauls Transparency and Governance Requirements for Frontier AI Developers — Davis Wright Tremaine
- Governor Hochul Signs Nation-Leading Legislation to Require AI Frameworks for Frontier Models
- SR 26-2 Carved Out Agentic AI. The Liability Didn’t Move — Duczer East
- AI in Financial Services: Emerging Regulatory Expectations — Freshfields
- SR 26-2 & Agentic AI: Navigating the Fed Model Risk Guidance — Cutover
◆ Need the working template?
Start with the source guide.
These answer-first guides summarize the required fields, evidence, and implementation steps behind the templates practitioners search for.
◆ Related template
AI Risk Assessment Template & Guide
Comprehensive AI model governance and risk assessment templates for financial services teams.
◆ Immaterial Findings · Weekly
Sharp risk & compliance insights. No fluff.
◆ FAQ
Frequently asked questions.
Did SR 26-2 create a compliance gap for agentic AI?
What is agentic AI and why is it different from standard machine learning models?
Does NYDFS Part 500 cover agentic AI?
What does New York's RAISE Act require of AI developers that financial institutions use?
What controls does the Financial Stability Board recommend for AI agents?
What should a financial institution's agentic AI governance framework include?
Author
Rebecca Leung
Rebecca Leung has 8+ years of risk and compliance experience across first and second line roles at commercial banks, asset managers, and fintechs. Former management consultant advising financial institutions on risk strategy. Founder of RiskTemplates.
◆ Related framework
AI Risk Assessment Template & Guide
Comprehensive AI model governance and risk assessment templates for financial services teams.
◆ Keep reading
Related posts.
AI Risk
SR 26-2 for Community and Regional Banks: What the Proportionality Principle Actually Requires
SR 26-2 and OCC 2026-13 replaced SR 11-7 on April 17, 2026 — and the proportionality principle changes what model risk management looks like for banks under $100 billion. Here's what's actually required, what's still expected, and how to calibrate your program.
Jul 3, 2026
AI Risk
SR 26-2 and OCC 2026-13: What the New Model Risk Management Guidance Changes — and the GenAI Gap Your Program Needs to Close
The interagency guidance that replaced SR 11-7 on April 17, 2026 is voluntary and principles-based — and it explicitly excludes generative AI and agentic AI from scope. Here's what changed, what examiners will still test, and the gap your AI governance program needs to close before the AI-specific RFI lands.
Jul 2, 2026
AI Risk
EU AI Act August 2, 2026: Your 32-Day Compliance Checklist — What's Still Required After the Omnibus Deferral
The Digital Omnibus pushed Annex III high-risk AI to December 2027 — but August 2, 2026 still brings Article 50 transparency requirements and full GPAI enforcement powers. Here's your verified 32-day checklist.
Jun 30, 2026