Governing AI in a Regulated Industry
Mostly a Vendor Management Problem
The hardest part of using AI in banking is not the technology. It is figuring out where AI usage fits inside the vendor management discipline that banks already practice.
That sounds small. It is not. Banks know how to evaluate vendors that touch sensitive data. They have been doing it for a long time, and they do it well. Where AI lands inside that established discipline, and what genuinely new questions it raises, decides what kind of program is even possible.
I have been working through this, and the conclusion I have reached is that AI governance is mostly an extension of existing vendor management, plus a small set of considerations that are actually new.
What's Already Settled
Banks know that any system handling sensitive data is high risk. The vendor management framework already accounts for this. There is a vendor inventory, a risk classification, an assessment process, contractual protections, monitoring, and periodic review. The discipline exists, and it works.
That framework already covers the question of public tools versus enterprise-licensed services. Public versions of any cloud product are off the table for sensitive data. Banks use vendors with enterprise contracts that include appropriate data handling provisions, and data going to those vendors is governed by the same rules that govern data going to any other approved vendor. Sending data to OpenAI under an enterprise agreement is, in that sense, no different from sending data to Salesforce.
That reframes the AI vendor question into something familiar. Do you adopt AI through vendors you already have enterprise relationships with, where the contract terms and review process are established? Microsoft Copilot and Google Gemini are the obvious examples. Or do you stand up new enterprise relationships with AI-native providers like OpenAI or Anthropic, and accept the extra vendor management lift?
What's Genuinely New
The places where AI does not fit existing patterns are about model behavior, not data sharing.
Banks have a mature framework for model risk. When I started thinking about how it would apply to AI, SR 11-7, the supervisory guidance behind that framework, was the natural place to start. It was written for a category of model where the inputs, the math, and the assumptions can be documented. You can backtest it against historical data. You can revalidate it on a schedule. Logistic regression for credit scoring fits cleanly into that picture. So does a fraud rules engine or a loss-given-default model. Even a gradient boosted classifier can be validated this way with some effort.
A large language model is a different animal in a few specific ways. The same prompt can return different outputs. The inputs are unstructured text. The training data is opaque. There is no clean way to document what the model does, and no realistic way to backtest it the way the existing framework imagines.
The framework is not wrong. It was built for the kind of model the industry needed it for, and it has served well. The work is extending it for a new category of model, and the careful pace at which that extension is being done is the right pace. Banking moves carefully on these things for good reasons, and the regulators doing this work are doing it carefully because that is what the work calls for.
Where Data Tiering Still Matters
Data tiering does not go away just because vendor management already handles vendor risk. Banks still have to define which categories of data are appropriate for AI tasks, even with approved vendors. Client-identifying information, loan documents, anything where the combination of details is identifying, all sit in tiers that need clear policy. Internal training material, public regulatory documents, and de-identified educational content sit in different tiers. The hardest cases are the ones in between, and the policy has to take a position anyway.
This is not a new kind of work. It is the same data classification discipline that already governs other vendor relationships, applied to a new category of vendor.
The Pragmatic Path
The pragmatic move is to start where the vendor relationships already exist. The natural first step for most banks getting comfortable with AI is to lean on what is built into vendors they already have, because the contractual and review work is largely done. New enterprise relationships with AI-native vendors come later, once there is a clearer view of where the established options fall short.
That is not a lack of ambition. It is the right way to engage a new category of capability inside a regulated business. Engaging regulators early, sharing plans, and inviting their feedback is how this work gets done well. The frameworks will keep evolving alongside the technology, and that collaborative work is exactly the kind of relationship that makes the banking system trustworthy in the first place.