Table of Contents
Summarize and analyze this article with
What the SR 26-2 carve-out actually says (and doesn't)
Control library — GenAI
1. Use-case intake & approval gates
Every proposed GenAI use case enters a standing intake process before any production deployment. The intake captures purpose, customers affected, data accessed, vendor or in-house model used, regulatory exposure, decision autonomy (advisory vs. material vs. customer-impacting), and proposed human-review points. Intake approval gates the next step; no gate, no deployment.
2. Prompt usage & sensitive-data controls
3. Hallucination detection & confidence thresholds
4. Mandatory human review of material outputs
5. Output logging & retention
6. Vendor-dependency review
Control library — agentic AI
1. Permitted actions defined narrowly
2. Mandatory human-approval points
3. Activity logging & replay
4. Exception escalation paths
5. Periodic recertification
Partner-screening lens specific to GenAI / agentic controls
- Concrete control library. Does the partner have a documented, banking-specific GenAI and agentic control library or only references to NIST/ISO frameworks?
- Operating-model integration. Do the controls integrate into the bank’s existing model-risk operating model, intake processes, and validation cadence?
- Examiner-ready evidence. Can the partner show evidence packaging from a peer-bank engagement where GenAI or agentic AI was in production?
- Senior staffing. Named senior practitioners in the working sessions, not juniors with an escalation path?
- Data-layer competence. Does the partner understand that GenAI and agentic controls only work on governed data?
Anti-patterns that stall GenAI governance programs
- Policy without controls. Documenting that GenAI must be governed without specifying how. Examiners now ask for the controls themselves.
- Vendor sign-off as governance. Treating a GenAI vendor’s security questionnaire as the bank’s control. The vendor’s controls protect the vendor; the bank’s controls protect customers and regulators.
- Use-case intake without teeth. An intake form that does not gate deployment is a paperwork exercise.
- Human review on paper only. Without logged reviewer identity, decision, and rationale, human review is not evidence.
- No exit path. GenAI vendor models change; without an exit path the bank is exposed to vendor decisions outside its control.
How PiTech builds GenAI and agentic controls
Frequently Asked Questions (FAQs)
What is the SR 26-2 GenAI and agentic AI carve-out?
What GenAI controls should a bank build?
What agentic AI controls should a bank build?
Five controls: permitted actions defined narrowly with an enumerated action set, mandatory human-approval points before material or customer-impacting actions, activity logging and replay of every agent decision and action, exception escalation paths with named reviewers and SLAs, and periodic recertification of permitted-action sets as agent capabilities evolve. Without these controls, agentic AI is operationally exposed even if individual decisions look safe.
Do traditional model-risk controls cover GenAI?
No, not fully. Traditional MRM was designed for statistical and ML models with stable inputs, defined outputs, and validation methodologies. It does not reach prompt usage, sensitive-data exposure, hallucination, human review of material outputs, output logging, or vendor-model dependencies. The carve-out under SR 26-2 acknowledges this gap; the bank builds controls into the operating model rather than waiting for further guidance.
How do I evaluate a GenAI governance advisor?
What does 'material output' mean for GenAI review?
Is vendor sign-off enough for GenAI controls?
No. A GenAI vendor’s security questionnaire or SOC 2 report describes the vendor’s controls, not the bank’s. The bank still owns the use case, the prompt design, the human-review process, the output logging, and the customer impact. Vendor sign-off is a necessary input to vendor-dependency review, not a substitute for the bank’s own control library.
How is GenAI use-case intake structured?
The intake captures purpose, customers affected, data accessed, vendor or in-house model used, regulatory exposure, decision autonomy (advisory vs. material vs. customer-impacting), and proposed human-review points. Intake approval gates the next step; no gate, no deployment. The intake is owned by a named function (typically MRM or compliance) and decisions are logged for examiner review.
How often should GenAI controls be reviewed?
Periodic review on a documented cadence typically quarterly for high-risk use cases, semi-annually for medium-risk, annually for low-risk and on-event for material vendor model changes, customer complaints related to the use case, or detected control failures. The review covers control effectiveness, exception patterns, vendor stability, and emerging supervisory guidance.
How long does GenAI control build-out take?
For a focused scope one to three production GenAI use cases the control library and operating-model integration can be built and packaged for examiner evidence in roughly 60–90 days. Broader scopes scale linearly with use-case count. Banks with live GenAI or agentic systems should prioritize this work; banks planning future deployment can build the control library first and apply it to new use cases as they enter intake.


