US Bank Regulators Drill Lenders on AI Kill Switches in Every Exam

US bank regulators are asking every lender, in every routine audit, to explain how it uses artificial intelligence, where its data boundaries sit, and who can hit the kill switch. The OCC and the Federal Reserve have folded AI scrutiny into standard exams in higher-risk areas such as lending, know-your-customer checks, and sanctions screening, according to three people familiar with the matter. The shift turns a year of public warnings into a private, exam-room cross-examination that reaches every corner of a bank’s AI stack.

Regulators are not writing a new AI rulebook. Instead, they are running the same legacy risk-management and consumer-protection frameworks that policed earlier generations of bank technology, and they are using them to demand granular evidence of guardrails, human oversight, and third-party controls. That strategy is itself under internal review. “Today, banks are relying on existing risk-management frameworks to guide their use of AI,” Federal Reserve Vice Chair for Supervision Michelle Bowman said in remarks on May 1. “While these supervisory tools are intended to support banks in applying sound governance and risk management, we should assess whether our supervisory guidance is fit for the future.”

72% of US bankers cite model kill-switch protocols or regulatory reporting of AI failures as their least prepared area (Wolters Kluwer, H1 2026). 34% name kill switches; 38% name failure reporting in the same survey. 33% rank lending and underwriting as the workflow with the greatest agentic AI risk; 30% name collections and recovery. 20% gross sales lift from AI tools in JPMorgan Chase’s private bank, per its chief analytics officer. The OCC’s revised model risk guidance is “expected to be most relevant” to banks with over $30 billion in total assets.

What Examiners Now Ask About AI

The questions reach into the most sensitive parts of a bank’s technology stack. Three people with knowledge of the conversations said regulators are pushing lenders to map where AI is deployed, prove that it cannot reach data it should not see, and show who is authorized to intervene.

In writing and in person, examiners are asking how vendors and subcontractors are vetted, whether contracts let the bank exit if a vendor’s system proves unsafe, and how data flowing into third-party models is controlled. Supervisors are also pressing for “guardrails that limit how models behave and what data they can access,” the sources said, and for clarity on who in the bank has the authority to flip a system off. The probe goes beyond chat assistants and into credit decisions, sanctions screening, and the customer-onboarding checks that decide who gets a bank account.

The same set of sources said the conversation about AI is now part of every bank exam, not a special topic raised in some. That is the change: AI oversight has stopped being a one-off pilot and is now a standing line of questioning for community banks and the largest institutions alike. A central worry for supervisors is what the sources called a “data creep” risk, the chance that a model quietly pulls in or infers information beyond the boundaries of what it was approved to use. That risk grows when AI is designed to extract and connect information across systems, they said, and it is hardest to police when the model is owned by a vendor rather than the bank itself.

• A map of every higher-risk AI use, from credit decisions to sanctions screening.
• Data-access controls showing the model cannot reach unauthorized information.
• The design of any “kill switch” and the named individual empowered to use it.
• Vendor and subcontractor risk management, including exit clauses if a vendor’s system is breached.
• Governance and human-oversight frameworks with documented, tested responses.

Why Old Rules, Not New Ones

The OCC, the Federal Reserve, and the Federal Deposit Insurance Corporation have not written a dedicated AI rule. They are deliberately stretching the supervisory tools they already have, according to the sources. That choice is a bet that the banking system’s existing defenses can absorb a generation of software the agencies did not anticipate when those tools were drafted.

On April 17, 2026, the three agencies replaced the 2011 model risk management guidance with a revised version that explicitly carves generative and agentic AI out of its scope. Per the OCC’s revised model risk management bulletin, those systems “are novel and rapidly evolving” and “are not within the scope of this guidance.” The same document leaves the door open for the agencies to come back with a separate AI-specific request for information, which the OCC has already said it plans to issue alongside the Fed and the FDIC.

The Fed is also working to update and simplify its third-party risk-management guidance, Bowman said in the same May speech. The goal, she said, is to reflect “actual and future risk” rather than the more theoretical frameworks written before AI moved into production.

Inside the agencies, officials are aware that the policy they are not writing is itself a decision. The three sources said the technology is advancing at a pace “that far exceeds the traditional cycle of regulatory learning and rulemaking,” raising the prospect that formal AI guidance, once issued, could already be outdated. That calculus is what pushes the agencies toward broad, principles-based supervision rather than prescriptive rules, at least right now. In its May 7 Semiannual Risk Perspective, the OCC said banks need a “sound understanding of the potential benefits and possible risks associated with increasingly advanced AI tools coming onto the market” to manage cyber risk, and flagged fraud, sanctions, and private credit as parallel concerns.

How the Regulators Got Here

The current exam push is the visible end of a year of quieter groundwork. The OCC, the Fed, and the FDIC have moved in sequence, starting with guidance updates, moving to speeches that signal where supervision is heading, and ending with the cross-examination now happening in exam rooms. A formal request for information on bank AI use is the next step the agencies have already publicly committed to.

The sequence below is drawn from the agencies’ own announcements, public remarks, and a Reuters report that surfaced the exam changes this month. It explains why the agencies wrote a new rule for traditional models in April and a different, more open-ended approach for the AI systems in the exam room.

1. April 17, 2026: The OCC, the Federal Reserve, and the FDIC issue revised model risk management guidance that explicitly excludes generative and agentic AI from its scope.
2. May 1, 2026: Federal Reserve Vice Chair for Supervision Michelle Bowman delivers a speech on AI in the financial system, calling for an assessment of whether supervisory guidance is “fit for the future.”
3. May 7, 2026: The OCC’s Semiannual Risk Perspective warns that AI is reshaping bank cybersecurity threats and that the agencies will soon request formal input on AI use.
4. June 12, 2026: Reuters reports that AI questions are now part of every routine bank exam, with examiners pressing lenders on kill switches, data boundaries, and vendor risk.

The Long-Running Agents Putting the Kill Switch on the Table

Banks are not waiting for the new rules to deploy. JPMorgan Chase plans to put AI agents into production later this year that can “run for an hour or two” without a human in the loop, the bank’s chief analytics officer, Derek Waldron, told CNBC.

The longer the runway, the more value, and the harder the kill switch. Wolters Kluwer’s US Banking AI Risk and Governance Index for the first half of 2026, which surveyed 230 banking professionals across community, midsize, and large institutions, found that 72% of bankers say their institution is least prepared in either model kill-switch protocols or regulatory reporting of AI failures. Asked specifically, 34% pointed to kill switches and 38% to failure reporting as the area of greatest weakness. The report described both as “the minimum viable requirements for managing an AI incident in a regulated environment.” JPMorgan’s experience hints at the upside: Waldron said the bank has seen a 20% increase in gross sales from AI in its private bank and believes the tools could eventually let individual bankers expand client coverage by as much as 50%.

The risk is not hypothetical. Sultan Meghji, a former chief innovation officer at the FDIC and now CEO of Frontier Foundry, told American Banker that the canonical case study is Knight Capital, the high-frequency trading firm whose 2012 software deployment reactivated a dormant test program lacking safety throttles. “A traditional model may make a bad prediction,” Meghji said. “An agent may take a bad action and then take a thousand more in 20 seconds before anyone notices.” Within 45 minutes, Knight lost $440 million in that episode.

The same Wolters Kluwer survey asked where agentic AI introduces the greatest automation risk without sufficient human-in-the-loop controls. Bankers ranked lending and underwriting first, with collections and recovery second, the two areas where consumer harm scales fastest when a model drifts. Meghji’s test, which he offered in the same interview, is blunt: “If a bank is debating whether it can turn a model off, it has already lost control of that model.”

The same survey noted that banks are scaling AI faster than they are building the governance, incident response, and consumer protections to defend it, per Wolters Kluwer senior consultant Elaine Duffus. That gap is the one the new exam questions are designed to close.

Top agentic AI risks named by bankers

Source: Wolters Kluwer US Banking AI Risk and Governance Index, H1 2026, survey of 230 US banking professionals.

The Mythos Cybersecurity Question

A second test for the legacy framework is Anthropic’s frontier AI model, Mythos, which regulators name explicitly for the first time in public remarks this spring. The model, Bowman told the Financial Stability Oversight Council, is a tool built to find cyber vulnerabilities in banking systems. She also warned it could be turned against those same banks by attackers. The agencies have already pulled the largest US banks into a single room to talk about it.

Bowman said the agencies are also working to update and simplify their third-party risk-management guidance. They have signaled that AI oversight will continue to come through the exam process rather than through new prescriptive rules. The pattern mirrors the one in lending: legacy tools, sharper questions, no new rulebook yet.

Anthropic’s Mythos, an AI model that identifies cyber vulnerabilities, highlights the dynamic nature of this technology and the rapid pace that its capability can evolve. The improved ability to identify cyber vulnerabilities comes with the potential to address these weaknesses to enhance cybersecurity. And of course, we have already seen that AI has the potential to improve efficiency and effectiveness, particularly within the financial system.

Michelle W. Bowman, Vice Chair for Supervision of the Federal Reserve, in remarks at the Financial Stability Oversight Council on May 1, 2026.

A formal AI cybersecurity standard would have to specify the controls a bank must deploy against a model whose own capabilities are still shifting. “We know that this model accelerates the process of detecting cyber vulnerabilities,” Bowman said in the same remarks. “On one hand, this capability enables firms to address self-identified vulnerabilities thereby enhancing cyber security. But on the other hand, if used maliciously it could be deployed to identify and exploit weaknesses.” The model is now a standard question in a routine AI audit.

Why the Agencies Are Not Writing New AI Rules

Right now, the agencies are not restricting specific uses of AI, and the sources said the goal is to deepen the agencies’ understanding rather than to police specific deployments. “Regulators are not yet being prescriptive but are seeking to better understand how banks are using the technology,” the sources said. That posture is contingent, and it depends on what the agencies learn in the round of exam interviews and the forthcoming request for information.

The agencies have not said what would push them from principles to rules. The April 17 guidance carve-out and the upcoming request for information together leave the door open for a dedicated AI framework, especially if a high-profile failure in lending or collections forces the issue. Meghji’s “quiet disaster” scenario, a model making “thousands of slightly-wrong, discriminatory or non-compliant decisions per day for months, invisible because nobody instrumented it,” is the kind of failure the current exam push is designed to catch before it makes headlines. Whether the legacy tools are enough will be tested in the next set of supervisory letters.