The Financial Stability Board has published a major consultation report that sets out 12 sound practices for responsible AI adoption across the financial sector. Released on 10 June 2026, the report represents one of the most comprehensive international efforts to date to translate high-level AI principles into practical guidance for financial institutions.
The FSB’s work comes at a critical moment. Financial institutions are rapidly scaling AI use cases across credit risk, fraud detection, customer service, trading, compliance, and operations. At the same time, newer forms of AI — particularly generative AI and agentic AI — are introducing risks that existing governance and risk management frameworks were not designed to address. These include greater autonomy, reduced explainability, faster decision-making, and new vectors for cyber and operational risk.
The report is structured around two main pillars. The first four sound practices focus on organization-wide AI governance, including the role of the board and senior management, clear accountability structures, risk appetite setting, and organizational adaptability. The remaining eight practices address the AI lifecycle, covering materiality and risk assessment, data governance, explainability, performance management, human oversight, cyber and ICT risk, and third-party risk management.
A notable feature of the report is its explicit attention to agentic AI. The FSB highlights risks that arise from high levels of autonomy, such as unauthorized actions, goal misalignment, and the difficulty of maintaining effective human oversight at scale. It also stresses the importance of proportionality, recognizing that smaller or less complex institutions and lower-risk use cases should not face the same requirements as large, systemically important firms deploying high-materiality AI systems.
The FSB is now seeking feedback on whether these practices are sufficiently comprehensive, clear, and flexible. The consultation closes on 22 July 2026. For governance, risk, and compliance leaders in financial institutions, this report provides one of the clearest roadmaps yet for building AI governance frameworks that can withstand both regulatory scrutiny and the operational realities of scaling agentic systems.
Key Findings
The Financial Stability Board has proposed a set of 12 sound practices designed to help all types of financial institutions adopt, govern, and manage AI in a responsible and proportionate manner, with a clear emphasis on both organization-wide governance and the full AI lifecycle.
The report places significant weight on proportionality, recognizing that large, complex, and highly interconnected institutions using AI in critical functions should implement more robust practices, while smaller or less complex institutions and lower-risk use cases may apply only the most relevant practices or modify them accordingly.
Board and senior management oversight is positioned as foundational, with the FSB stressing that they must align AI adoption with the institution’s business model, risk appetite, and strategy while ensuring clear accountability and adequate resourcing across the organization.
The report explicitly addresses the unique risks posed by newer forms of AI, particularly generative AI and agentic AI, including risks related to autonomy, goal misalignment, rapid execution of actions, and the difficulty of maintaining effective real-time human oversight at scale.
Data governance is identified as a core requirement, with the FSB highlighting that poor data quality and inadequate data governance can lead to biased outcomes, model performance issues, legal breaches, and amplified risks across the AI lifecycle.
Explainability and transparency challenges are given dedicated attention, with the report noting that complex, autonomous, or rapidly evolving AI models create additional difficulties in assessing conceptual soundness, detecting bias and drift, and meeting legal and regulatory requirements.
Human oversight is framed as essential but must be calibrated to the materiality, risk, autonomy, and complexity of each AI use case, with the FSB warning against over-reliance and automation bias that can weaken effective supervision.
Third-party dependencies and concentration risks are treated as major concerns, with the report underscoring risks around performance consistency, lack of transparency in proprietary models, data governance issues, and potential correlated behaviors across institutions due to shared providers.
Cyber and ICT risks are elevated as a critical area, with the FSB noting that AI can both enhance defensive capabilities and be weaponized by threat actors through techniques such as prompt injection, model poisoning, deepfakes, and accelerated vulnerability exploitation.
The report includes several practical case studies from banks and insurers demonstrating real-world application of responsible AI practices, particularly in areas such as credit risk management, fraud detection using agentic AI, and operational efficiency improvements.
The sound practices are explicitly not intended to create a new international standard or impose prescriptive requirements, but rather to serve as a flexible menu that institutions can adapt while still meeting their existing legal and regulatory obligations.
The FSB is seeking stakeholder feedback on whether the proposed practices strike the right balance between managing risks from all forms of AI and addressing the specific challenges of more complex and autonomous systems such as GenAI and agentic AI.
What the Report Covers
The FSB consultation report provides a comprehensive framework for responsible AI adoption across the financial sector. It is structured around an executive summary, an introduction, and three main substantive sections, supported by annexes and a glossary. The report is designed as a practical menu of guidance rather than a prescriptive standard, with a strong emphasis on proportionality.
Section 1 gives an overview of AI adoption in the financial system. It outlines current use cases across banking, insurance, capital markets, payments, and financial market infrastructures, covering areas such as credit risk assessment, fraud detection, AML/CFT, customer service, trading, portfolio optimization, and regulatory compliance. The section also details the benefits institutions are realizing, including improved efficiency, better risk management, and enhanced customer outcomes. Importantly, it highlights the risks and implementation challenges that come with AI adoption, with particular attention to newer technologies such as generative AI and agentic AI.
Section 2 focuses on organization-wide AI governance. It sets out four sound practices that establish the foundation for responsible AI adoption. These cover the role of the board and senior management in setting strategic direction and risk appetite, the need for clear governance frameworks and accountability structures, the integration of AI risks into existing risk management frameworks, and the importance of organizational adaptability, including building the necessary skills and culture as AI use evolves.
Section 3 addresses AI lifecycle management through eight sound practices. This section walks through the key stages and controls needed to manage AI use cases responsibly, including materiality and risk assessment, model and system selection, data governance, explainability and transparency, performance management and testing, human oversight, cyber and ICT risk management, and third-party risk management. The practices are designed to apply across the entire lifecycle of an AI use case, from initial development through ongoing monitoring and eventual decommissioning.
The report includes several real-world case studies from banks and insurers that illustrate how these sound practices can be applied in practice, particularly in areas such as credit risk, fraud detection using agentic AI, and operational efficiency. It also contains annexes with examples of explainability approaches and performance testing methods, along with a glossary of key terms.
Overall, the report balances guidance that applies to all forms of AI with specific considerations for more advanced and autonomous systems. It repeatedly stresses that financial institutions should apply the practices proportionately based on the size, complexity, and risk profile of both the institution and the specific AI use case. The FSB is now seeking public feedback on the proposed practices through a set of consultation questions, with responses due by 22 July 2026.
Our Take
AI Governance Take
The FSB’s consultation report is one of the clearest and most practical pieces of guidance released so far on how financial institutions should govern AI. It moves beyond high-level principles and gives institutions a concrete menu of practices they can actually implement. For governance, risk, and compliance leaders, the message is straightforward: the era of treating AI governance as a compliance checkbox or a monitoring exercise is over.
Boards and senior management must take direct ownership of AI strategy and risk appetite. This means explicitly defining which AI use cases are acceptable, which are prohibited, and how the institution’s risk tolerance applies to different levels of AI autonomy. Waiting for regulators to force this conversation is no longer a viable position. Institutions that have not yet mapped their current and planned AI use cases against clear risk categories are already behind.
Governance frameworks need to be updated to properly address the full AI lifecycle, not just model development. This includes stronger data governance, proportionate explainability requirements, performance monitoring that continues after deployment, and human oversight mechanisms that scale with the level of autonomy — especially for agentic AI systems. Many current frameworks were built for traditional models and will need material upgrades to handle the speed, complexity, and reduced human involvement that newer AI technologies introduce.
Third-party and concentration risks also require urgent attention. As institutions increasingly rely on a small number of cloud providers, foundation model vendors, and AI platforms, they must strengthen due diligence, contractual protections, and ongoing monitoring. Over-reliance on a handful of providers without adequate transparency or contingency planning creates systemic vulnerabilities that individual institutions cannot afford to ignore.
The most forward-looking institutions will treat this report as a benchmark and begin stress-testing their current AI governance practices against the 12 sound practices outlined by the FSB. Those that move early to strengthen board oversight, build cross-functional accountability, and embed lifecycle controls will be better positioned to scale AI responsibly while avoiding regulatory, operational, and reputational setbacks. The window to get ahead of these expectations is open now.
