X

Bank Policy Institute Says AI Oversight Requires "Calibrated Regulatory Approach"

"[T]his submission aims to advocate for a constructive, calibrated path forward: one that urges regulators to shift from cautious passivity to active encouragement through the modernization of legacy model risk frameworks, harmonization of federal regulations and standards applicable to banks’ use of AI, and comparative parity for banks and nonbank innovators."
BPI Letter to Office of Science and Technology Policy
"[T]his submission aims to advocate for a constructive, calibrated path forward: one that urges regulators to shift from cautious passivity to active encouragement through the modernization of legacy model risk frameworks, harmonization of federal regulations and standards applicable to banks’ use of AI, and comparative parity for banks and nonbank innovators."
BPI Letter to Office of Science and Technology Policy

The Bank Policy Institute ("BPI") warned that outdated supervisory frameworks are discouraging responsible innovation and delaying the deployment of AI tools essential for fraud detection, cybersecurity, and risk management.

In a comment letter responding to the White House Office of Science and Technology Policy ("OSTP") Request for Information on AI regulatory reform, the BPI advocated for advancing a "calibrated" regulatory approach that modernizes oversight of artificial intelligence in banking. BPI emphasized that outdated supervisory frameworks — particularly the 2011 Model Risk Management ("MRM") — are ill-suited to modern AI systems. The association also warned against rigid compliance expectations and fragmented state-level initiatives. BPI stated that regulators should adopt a coordinated, risk-based approach that recognizes the benefits of innovation and addresses the risks of inaction.

The BPI recommended an approach centered around four principles:

  1. Encourage AI innovation. The BPI urged regulators to move beyond a risk-averse posture and actively support safe, sound AI adoption. The BPI emphasized that oversight should be risk-based and account for both operational threats and the risks of not adopting AI in areas such as fraud prevention, illicit finance, and cybersecurity. The association called for stronger examiner training, deeper public-private collaboration, and frameworks that distinguish between AI developers and deployers.
  2. Modernize MRM guidance. The BPI asked federal banking agencies to update and narrow the 2011 Model Risk Management framework. The association recommended excluding low-risk or advisory AI tools from automatic coverage, adopting adaptive controls for generative and agentic AI, and focusing supervision on real-world outcomes rather than procedural checklists.
  3. Coordinate at the federal level and avoid fragmentation. The BPI urged OSTP to establish a unified federal framework for bank AI oversight to prevent conflicting state and local regimes. The association supported entity-level exemptions or federal preemption for federally supervised institutions to reduce duplication and improve consistency.
  4. Ensure parity with third parties and nonbanks. The BPI asked regulators to clarify that banks’ oversight responsibilities apply only to their direct vendors, not their subcontractors. The association also called for proportionate standards to ensure that banks, nonbanks, and technology firms face comparable regulatory expectations when deploying AI.

Primary Sources

  1. Bank Policy Institute: Comment Letter: Request for Information Regarding Regulatory Reform on Artificial Intelligence

Tags

Regulated Activities
Fintech
Sub-Activity
AI / Machine Learning
Regulated Entities
Banking Entities
Body of Law
Banking Law
Jurisdiction
US - Federal
Organization
Trade / Industry Associations
Sub-Author
Bank Policy Institute