Federal regulators are drafting cross-sector requirements that would hold financial institutions and health systems to common standards for tracing the origin, transformation, and deployment of AI training data - a shift that compliance, legal, and enterprise IT teams across both industries are watching closely.
The push reflects a broader regulatory convergence already underway. A 2023 interagency memorandum of understanding on AI oversight was signed by the FTC, DOJ, EEOC, and CFPB, formalizing coordination among agencies that had previously acted independently. That groundwork now extends into sector-specific AI deployments in banking and healthcare, with data provenance - the documented chain of custody for training datasets - emerging as a shared compliance requirement.
Background
Both sectors have faced separate but parallel regulatory obligations around AI transparency for several years. In healthcare, the ONC's HTI-1 final rule, published in the Federal Register on January 9, 2024, established new AI transparency requirements for predictive decision support interventions (DSIs) embedded in certified health IT products. The rule requires health IT developers to disclose 31 source attributes for predictive DSIs, enabling clinical users to evaluate how those tools were trained and on what data. Separately, the CFPB has explicitly rejected the "black box" defense for AI-driven credit denials, and its Circular 2023-03 states that creditors cannot use complex or opaque technology as a defense for violating equal credit opportunity law.
Despite sector-specific action, governance gaps remain significant. According to an August 2025 Healthcare Financial Management Association (HFMA) report, 88% of U.S. health systems are using AI in some form, yet only 18% have mature governance structures in place. In financial services, 59% of finance leaders report active AI use while still struggling with model risk management and explainability.
Details
The White House issued an executive order on December 11, 2025, signaling intent to establish a more coherent federal approach to AI oversight. The order creates a new AI Litigation Task Force and requires federal reporting and disclosure standards within 90 days. It was accompanied by an HHS artificial intelligence strategy memorandum issued December 4, 2025, which identified five pillars for AI implementation across the department, including governance and responsible use.
On the health IT side, HHS's ASTP/ONC released a proposed rule - HTI-5 - that frames deregulation as a means to redirect industry focus toward interoperable, AI-enabled health data exchange, while signaling longer-term AI governance requirements. The agency estimated the proposed changes would save certified health IT developers up to 4,000 compliance hours per developer in the first year, reducing near-term burden while preserving space for stronger data provenance mandates.
For banking, interagency coordination is advancing through existing model risk management channels. U.S. banking regulators expect financial institutions to treat AI tools as part of their core risk and compliance infrastructure, validating models and documenting controls as they would for traditional models. The ONC HTI-1 rule requires developers to provide 31 source attributes for predictive DSIs, enabling clinical users to assess how AI tools were trained - a documentation standard that banking regulators now reference as a template for comparable financial AI disclosures.
Several U.S. states have moved ahead of federal action. As of 2026, states including Texas, California, Illinois, and Colorado are enforcing AI statutes that require disclosures about training data sources and algorithmic logic.
Outlook
The Trump administration's March 20, 2026, National Policy Framework for Artificial Intelligence calls on Congress to establish a single federal approach for regulating AI use, which would affect how banking and health IT vendors structure compliance programs. If a unified federal standard for data provenance takes shape, enterprise AI vendors serving both sectors may face consolidated documentation requirements, audit trail mandates, and vendor risk protocols under a single governance regime. Compliance teams should anticipate alignment among HHS, ONC, the Federal Reserve, OCC, and CFPB as interagency coordination continues to formalize.
