I spent eight years as a security leader in Financial Services organizations, which means I spent eight years having a very specific kind of nightmare: an examiner sitting across the table asking a question I could not answer with a straight face. Not because I didn't know the answer. Because the honest answer was "we think so, probably, let me check with three different teams and get back to you in six weeks." Examiners do not love that answer. They have never loved that answer. And in 2026, they are about to love it even less.
Here is the thing nobody told me when I got into the Financial Services industry: the regulators are not slow-moving bureaucrats who ignore technology. They are patient. There's a difference. They watch a new capability get deployed across the industry, they let it run for a year or two, and then they show up with a framework that assumes you've already solved problems you haven't even started thinking about. That is exactly what is happening with AI right now, and financial services is first in line.
The guidance that just got rewritten out from under everyone
On April 17, 2026, the Federal Reserve, the OCC, and the FDIC jointly issued revised guidance on model risk management, known as SR 26-2, replacing the framework that had governed model risk since 2011. If you worked in a bank during that era, SR 11-7 is probably tattooed somewhere on your brain whether you wanted it there or not. It's the reason every credit model, every fraud model, every stress-testing model got the same three-part treatment: development and testing, independent validation, and governance with clear ownership.
The revised guidance keeps that spine intact but makes it explicitly risk-based, meaning smaller or lower-risk models get lighter-touch treatment while material models still get the full workup. Reasonable, honestly. Regulators taking a proportional approach is not something I get to say very often, so let me enjoy it for a second.
Here's the part that should get your attention, though. The guidance explicitly states that generative AI and agentic AI are outside its scope, describing them as "novel and rapidly evolving." That sounds like relief. It is not relief. Read the next sentence, because the agencies were careful to add that banks still have to apply their broader risk management principles to those systems anyway. In plain English: the specific rulebook doesn't cover your AI agents yet, but you are still on the hook for governing them, and nobody has written down exactly what "governing them" looks like. That gap is not an oversight. It's regulators buying themselves time while the technology settles, and it is exactly the kind of gap that turns into a very uncomfortable exam finding eighteen months from now when the follow-up guidance lands.
Somebody already tried to fill the gap for you
You are not the only one who noticed this. In February 2026, the Cyber Risk Institute, working with the Financial Services Sector Coordinating Council and more than a hundred financial institutions, published the Financial Services AI Risk Management Framework, announced by Treasury as part of its coordinated AI oversight deliverables. It runs to roughly 230 control objectives spanning governance, data management, model development and validation, monitoring, third-party risk, and consumer protection, and it's deliberately built to align with the NIST AI Risk Management Framework so you are not maintaining two incompatible rulebooks.
I want to be fair to this framework: it is a genuinely useful piece of work, put together by people who understand banking, not just AI theory. But notice what it asks for. Not a policy document. Not a signed attestation. Evidence artifacts. Documentation that survives an examiner actually poking at it, not just reading the cover page. That distinction is the whole ballgame, and it's the same distinction the OCC leaned on hard in its May 2026 Semiannual Risk Perspective, which flagged AI as "significantly transforming" the cybersecurity threat landscape facing banks, on both the attack side and the operational side.
Put those two documents next to each other and the message is unmistakable. Demonstrable, continuous data governance, not a point-in-time attestation that gets dusted off once a year before the exam.
Trading data, customer data, and model-training data are not the same risk
Here's where I think a lot of security teams get tripped up, and I say this as someone who tripped over it myself more than once. It's tempting to treat "sensitive data" as one big undifferentiated blob that needs the same controls everywhere. In a bank, that's a mistake, because the regulatory exposure is genuinely different depending on what kind of data an AI system can touch.
Trading data carries market conduct risk. If an AI copilot summarizing trade activity can also surface information that shouldn't cross a Chinese wall between desks, that's not a data leak, that's a potential market abuse finding, and those conversations happen with lawyers in the room.
Customer data carries privacy and fair-lending risk. An AI system with access to account histories and demographic proxies isn't just a breach waiting to happen; it's a disparate-impact question waiting to be asked, and that question gets asked in a very different tone than a garden-variety security incident.
Model-training and model-input data carries a third kind of risk entirely, because it's not just about who can see the data today. It's about whether the lineage of that data can be reconstructed a year from now when an examiner asks "show me exactly what fed this underwriting model in Q2." If you can't answer that with actual evidence, "we're pretty sure" is not going to land any better than it did when I was the one saying it.
Three different risk profiles, three different sets of controls, and if your data security program treats them as interchangeable, you're going to find the gaps at the worst possible moment. Some of that groundwork is the same conversation the industry has been having about what AI data readiness actually means at a category level, before you even get to the FinServ-specific overlay.
Why the annual scan is basically a photograph of a moving car
I'll date myself here: I remember when an annual data classification exercise felt thorough. You'd spend a quarter mapping where sensitive data lived, produce a nice report, present it to the board, and feel good about yourself until the next fiscal year rolled around. That cadence made sense when the data estate changed slowly. A new database showed up every few months. A new application got provisioned after a change-control meeting that took six weeks to schedule.
Agentic AI does not operate on that timeline. A new agent can get spun up, connected to a data source, and start acting on that access within a single sprint. If your discovery and classification process runs once a year, you are not looking at your current risk. You're looking at a photograph of a moving car and hoping nothing important happened since the shutter clicked. In a hundred-petabyte financial services environment, that gap between "what we scanned" and "what actually exists right now" is exactly where the next exam finding is hiding. It's also, not coincidentally, why continuous scanning at that scale keeps coming up in every serious conversation about AI data governance in this sector: point-in-time assessments were built for a world that doesn't move at agent speed anymore.
What "demonstrable" actually means when someone asks
If there's one word to underline in everything the regulators have published this year, it's "demonstrable." Not "we have a policy." Not "we believe we're compliant." Demonstrable means you can produce, on short notice, a current answer to three questions: what sensitive data exists across your environment, who and what can currently reach it, and what changed since the last time someone looked. If you can answer those three questions with actual evidence rather than a confident shrug, you are in a fundamentally different conversation with your examiner than the one I used to have.
I'll leave you with the thing I wish someone had told me a decade ago: the exam is never really about the finding. It's about whether you can show your work. AI hasn't changed that. It's just raised the bar on what "showing your work" requires, and raised it fast enough that a lot of good security teams are going to get caught flat-footed simply because the technology moved quicker than their evidence-gathering did.
If you want to see what continuous, evidence-ready data governance looks like at the scale a large financial institution actually operates at, Sentra's industry team has been working through exactly this problem with regulated customers, and it's worth a conversation before your next exam cycle starts, not during it.
