U.S. Bank Regulators Ramp Up Scrutiny of AI Use in Lending and Underwriting

U.S. banking regulators are significantly increasing their scrutiny of how financial institutions use artificial intelligence, particularly in lending, underwriting, and risk management processes. According to multiple reports, examiners from the Office of the Comptroller of the Currency (OCC) and the Federal Reserve have started incorporating more detailed questions about AI models into routine bank examinations.

Reuters reported that regulators are “ramping up scrutiny of AI use at financial companies,” with banks now facing more rigorous reviews of how they govern, test, and monitor AI systems used in credit decisions. This shift comes as more banks adopt AI tools to automate underwriting and assess credit risk, often without corresponding improvements in oversight frameworks.

One report highlighted that regulators are particularly focused on whether banks can explain how their AI models reach decisions and whether they have proper controls in place to manage bias, model drift, and operational risk.

“Current oversight relies on banks self-reporting issues, but examiners are now digging deeper into AI governance during exams”

Reuters noted in its coverage of the development.

The increased attention from regulators reflects broader concerns that many financial institutions are moving quickly to adopt AI without fully addressing the governance, compliance, and risk management requirements that come with these technologies. This is especially relevant in high-stakes areas like lending and underwriting, where flawed AI decisions can lead to regulatory violations, reputational damage, and consumer harm.

As scrutiny intensifies, banks are being pushed to strengthen their AI governance programs or risk facing more aggressive examination findings and potential enforcement actions.

Conditions Driving the Change

• U.S. banks have rapidly increased their use of artificial intelligence in lending and underwriting decisions over the past two years, often deploying models faster than their internal governance and risk management frameworks could support.

• Regulators have observed that many financial institutions lack sufficient explainability, documentation, and ongoing monitoring for the AI models they now rely on for credit decisions, creating potential consumer harm and compliance risks.

• Current examination processes have historically relied heavily on banks self-reporting issues with their AI systems, which has proven inadequate as AI adoption has accelerated across the industry.

• The Office of the Comptroller of the Currency and the Federal Reserve are seeing growing evidence that weak AI governance can lead to biased lending outcomes, model drift, and operational failures that traditional risk frameworks were not designed to catch.

• High-stakes use cases such as automated underwriting and credit risk scoring have raised the regulatory stakes, as flawed AI decisions in these areas can directly impact consumers’ access to credit and expose banks to fair lending violations.

• Banks have faced increasing pressure to improve efficiency and compete with fintechs, leading many to adopt AI tools without first building the necessary controls, testing protocols, and accountability structures around them.

• Recent enforcement actions and public scrutiny around algorithmic decision-making in finance have made regulators more aware of the potential systemic and consumer protection risks posed by poorly governed AI systems.

• The complexity and opacity of many modern AI models have made it harder for examiners to assess risk using traditional methods, prompting regulators to ask more granular and technical questions during routine exams.

• A growing number of banks are using third-party AI tools and vendor models in critical processes without having robust oversight or validation programs in place, increasing concentration and operational risk across the sector.

• Regulators are responding to both internal findings from examinations and external pressure to ensure that the financial system remains safe and fair as artificial intelligence becomes more deeply embedded in core banking functions.

What AI Governance Looked Like Before

Until recently, AI governance in most U.S. banks was treated as an emerging issue rather than a core regulatory priority. During examinations, regulators typically asked high-level questions about whether institutions had AI policies or risk assessments in place. These inquiries were often general and did not dig deeply into how specific models were developed, validated, monitored, or governed over time.

Many banks operated with relatively light oversight when deploying AI systems in lending and underwriting. Governance efforts were frequently limited to initial model validation and basic documentation, with limited ongoing monitoring or independent challenge processes. In many cases, responsibility for AI was fragmented across data science, risk, compliance, and technology teams, with no single function holding clear accountability for outcomes.

Regulators largely relied on banks to self-identify and report issues with their AI models. Examination teams did not routinely request detailed information about model performance, bias testing, explainability, or drift detection unless a specific concern had already surfaced. As a result, institutions could move relatively quickly to adopt AI tools without facing intense regulatory scrutiny of their governance frameworks.

This environment allowed many banks to experiment with and deploy AI systems at scale while maintaining only basic oversight structures. Governance was often viewed more as a compliance checkbox than as a critical control layer for managing real business and regulatory risk.

What AI Governance Looks Like Now

U.S. banking regulators have shifted to a more detailed and technical approach when examining AI use, particularly in high-impact areas such as lending and underwriting. Examiners are now asking more specific questions about model development, validation, ongoing monitoring, bias testing, and explainability during routine examinations.

Banks are increasingly expected to demonstrate not just that they have AI policies on paper, but that they have effective governance processes in place to oversee models throughout their lifecycle. This includes clearer accountability structures, independent model risk management reviews, and documented processes for identifying and addressing performance issues or unintended consequences.

Regulators are also placing greater emphasis on how institutions govern third-party AI tools and vendor models, which many banks rely on for critical functions. There is now more focus on whether banks have adequate visibility into how these models work and whether they can effectively challenge or override decisions when necessary.

Overall, AI governance has moved from a peripheral compliance topic to a more central part of regulatory examinations. Institutions are now under greater pressure to show that they have robust, operational governance frameworks capable of managing the risks associated with AI used in credit decisions and other high-stakes processes.