Last week, I attended a dinner event hosted by LayerX and Spencer Fane. The room was filled with representatives from business services, healthcare, software, and a couple of us from banking. The agenda was AI governance and AI security in the enterprise. I expected to spend the evening translating other industries' problems into ours. Instead, every observation in the room mapped almost one-to-one onto what community and regional banks are facing right now. Shadow AI in the browser. Vendor-embedded models the legal team did not know existed. Acceptable-use policies written for tools the workforce had already moved past. The same AI governance questions on every board agenda, whether the company sells software, sells care, or takes deposits.

In last week's column, AI in Banking Just Got Real, I argued that the first week of May 2026 marked the moment agentic AI in banking moved from theoretical to operational with production agents, named institutions, and funded infrastructure. This article is a natural follow-on. When AI in banking gets real, governance has to get real with it.

The cross-industry conversation last night was identical across industries. The regulatory weight is not. The AI sitting inside your bank today is, for the most part, not AI you built. It is AI embedded in the platforms you buy, the SaaS tools our employees use, the contact center, the marketing engine, and most uncomfortably in the browsers every employee opens at the start of every shift. We are governing what we built. We are not yet governing what we use. And we are operating under a regulatory framework that has shifted decisively over the last year.

The Federal Regulatory Layer Has Consolidated

Banks operate under prudential supervision from the OCC, the Federal Reserve, and the FDIC and, for credit unions, the NCUA. We answer to the CFPB on consumer protection and FinCEN on BSA/AML. We are governed by ECOA, the BSA, GLBA, UDAAP, FCRA, and a supervisory framework that treats consumer impact as a board-level accountability rather than a customer experience metric. None of that is new. What is new is that the federal AI governance framework now sits on top of all of it.

On February 19, 2026, the U.S. Department of the Treasury released the Financial Services AI Risk Management Framework, the first federal, sector-specific AI risk resource for U.S. financial services. Developed through the FSSCC's AI Executive Oversight Group, the Cyber Risk Institute, and the FBIIC with input from more than 100 institutions, it translates the NIST AI Risk Management Framework into 230 control objectives across four adoption stages: Initial, Minimal, Evolving, and Embedded. The framework is voluntary. It is also the resource examiners reference when they want to know what "reasonable" looks like.

In October 2025, the OCC issued Bulletin 2025-26, "Model Risk Management: Clarification for Community Banks," confirming that model risk management activities should be commensurate with the bank's risk exposures, business activities, and the complexity of its model use. The Federal Reserve, OCC, and FDIC followed with interagency guidance making explicit what practitioners had argued for two years: traditional MRM, including SR 11-7, does not cleanly apply to generative or agentic AI. Banks cannot file GenAI under their existing MRM binder and consider it governed. The agencies expect broader risk management and governance practices, and the Treasury FS AI RMF is the most coherent expression of what those look like.

The State Layer Did Not Exist Twelve Months Ago

The federal framework is only half the story. One of the legal practitioners at the event last night cited a number that stopped the room: more than 1,600 AI-related bills are currently pending or introduced across U.S. state legislatures, on top of the laws already enacted. The NCSL AI Legislation Database confirms the trajectory — 1,208 AI bills introduced across all 50 states in 2025, 145 of those enacted, and the 2026 session well past that pace by the first quarter.

State banking regulators have moved in parallel. The New York Department of Financial Services, the California Department of Financial Protection and Innovation, the Texas Department of Banking, and their counterparts in every state where the bank operates have issued or are preparing AI-specific supervisory guidance. Colorado's AI Act, the New York DFS October 2024 AI guidance to its regulated entities, Utah's AI Policy Act, the Texas Responsible AI Governance Act, California's growing portfolio of AI statutes, and Illinois's longstanding BIPA framework for biometric AI are already in force. A bank operating in multiple states is no longer governed only by its federal supervisors. It is governed by a patchwork of state requirements that do not align state to state and that is changing on a quarterly basis.

Confidence Is Rising Faster Than Governance

The CSI 2026 Banking Priorities Survey captures the resulting tension. AI adoption confidence has risen sharply — 85 percent of respondents see AI as a competitive advantage, and concerns about AI's potential have dropped from 83 percent in 2024 to 50 percent in 2025. At the same time, nearly 60 percent are highly or very concerned about AI governance, 68 percent expect more AI-enabled fraud, and AI-enhanced social engineering is now the top cyber worry, up 15 points year over year. The Bank Director 2025 Technology Survey found 66 percent of banks have drafted acceptable-use AI policies but only 62 percent are experimenting with limited use cases — meaning many institutions have a policy for AI they are not yet using and no policy for the vendor AI they already depend on.

This is the confidence-defensibility gap. Adoption is outpacing governance, and the gap is widest in the places where AI is most embedded — vendor platforms and the browser layer. American Banker called it "sleepwalking into AI risk" in a March 2026 commentary that landed hard at most regional banks. The institutions reading their last examination letter in 2025 are reading it differently in 2026 because the supervisory expectation has changed underneath them.

Cybersecurity Is the Other Half of the Conversation

AI governance is not separable from AI security, and that is the practical bridge between the cross-industry conversation last night and the bank-specific obligation. AI is both a target and a weapon. As a target, it faces prompt injection, model extraction, data poisoning, and supply-chain attacks where a compromised vendor model propagates through an entire customer base. As a weapon, it lowers the cost of deepfake-enabled BEC, synthetic identity manufacturing, voice-cloned vishing, and the AI-enhanced social engineering the CSI survey identifies as the number one cyber concern.

The browser layer is where most bank cybersecurity programs have the largest unaddressed gap. Employees access public generative AI tools — ChatGPT, Claude.ai, Gemini, an expanding list of others — through their browsers, often without IT awareness. They paste customer information, lending decisions, internal memos, and draft contracts into chat windows. The bank's traditional data loss prevention infrastructure was built for email, USB drives, and file uploads, not for browser-based copy-paste into a SaaS endpoint. Without a browser-layer control, the bank's data leaves the perimeter through a channel that does not show up on the DLP dashboard. That is the part of the AI attack surface every bank has and most have not addressed.

The Bottom Line

The federal framework, the state legislative pipeline, the supervisory expectations, and the threat environment have all moved within the last twelve months. The Treasury FS AI RMF and the OCC's MRM clarification put a sector-specific federal floor under bank AI programs. The 1,600-plus state AI bills layer a second, faster-moving, less-aligned regulatory expectation on top of it. The CSI and Bank Director surveys document the confidence-defensibility gap inside community and regional institutions. And the cybersecurity dimension — particularly browser-layer shadow AI — turns this from an IT-only conversation into a board-level one.

The institutions that treated AI governance as a future concern in 2025 are discovering it is a present one — and the institutions that move now will turn the obligation into competitive advantage, while the ones that wait will find their governance gaps surfaced at exam time, in customer complaints, or after an incident.

Part 2 of this series, see it tomorrow, takes the next step: why one AI governance framework will not fit every bank, how community banks and regional banks should design their programs differently, and where ISO/IEC 42001 and the broader international standards stack fit alongside the federal framework.

CCG Catalyst advises community and regional banks, credit unions, and fintech companies on AI strategy, governance design, and regulatory readiness. If your institution is evaluating its AI governance framework, reach out to our team at www.ccgcatalyst.com.

See our latest announcement: CCG Catalyst's Paul Schaus Named a 2026 Top Consultant by Consulting Magazine

By: Paul Schaus | Founder & Managing Partner, CCG Catalyst Consulting

Disclaimer: The views expressed in this article represent the perspective of CCG Catalyst Consulting based on our direct experience advising financial institutions. This commentary is intended to stimulate industry discussion and does not constitute legal, accounting, or regulatory advice.