U.S. regulators have proposed a unified AI governance framework to standardize oversight of AI-driven workflow agents in banking operations. The draft framework aims to establish consistent governance controls, audit mechanisms, cross-border interoperability, and risk management protocols for banks, AI vendors, and external auditors. This initiative is designed to simplify compliance and reinforce accountability as financial institutions expand their use of AI technologies.
Background
Banks are increasingly deploying AI agents to automate tasks such as compliance processes, transaction monitoring, and customer engagement. The U.S. Treasury recently unveiled the Financial Services AI Risk Management Framework (FS AI RMF), adapting the NIST AI Risk Management Framework into 230 control objectives specific to financial institutions. These objectives address lifecycle governance, vendor risk management, cybersecurity, human oversight, and data provenance. The framework supplements the AI Lexicon released in February 2026, which established standardized terminology across institutions, regulators, and vendors.The FS AI RMF provides institutions with tools including an AI adoption questionnaire, risk-control matrix, implementation guides, and reference examples derived from NIST principles, tailored by institutional size and complexity, according to the U.S. Treasury. The AI Lexicon defines standard terms for key AI concepts, capabilities, and risk categories.1Treasury Releases Two New Resources to Guide AI Use in the Financial Sector | U.S. Department of the Treasury
Details
The proposal covers AI-powered workflow agents-autonomous or semi-autonomous systems that initiate, coordinate, or execute internal banking processes. It requires banks to adopt standardized governance controls, including mandatory audit trails, human-in-the-loop checkpoints, version-controlled policy artifacts, and documented explainability for AI-driven decisions. AI vendors must demonstrate interoperability through machine-readable policy enforcement. External auditors would review compliance using the FS AI RMF controls and definitions provided in the AI Lexicon.
Although the proposal remains in draft and is not yet published, it corresponds with previous supervisory guidance from agencies such as the Office of Management and Budget and the Federal Reserve. These agencies have advocated for designating Chief AI Officers, establishing structured AI governance boards, and integrating AI oversight with existing third-party and model risk management frameworks.2Our Take: financial services regulatory update – April 11, 2025
Outlook
If adopted, the framework would drive changes in vendor agreements related to AI capabilities and compliance. Banks would be expected to update audit plans and implement new regulatory controls. Alignment with cross-border standards, such as the EU AI Act and Basel Committee supervisory expectations, would be required to maintain interoperability for multinational banks. Regulators may introduce a phased adoption timeline based on institutional size and the extent of AI implementation.
