AI Compliance & Regulatory Risk for US Lenders

US federal banking regulators have not issued a single consolidated rule on AI in lending, but the expectations are clearly articulated across several frameworks. The most important is SR 26-2 (issued April 17, 2026 by the Federal Reserve, FDIC, and OCC), which supersedes SR 11-7 and OCC Bulletin 2011-12, modernizing model risk management with a more explicitly risk-based, principles-driven framework. Notably, SR 26-2 explicitly excludes generative and agentic AI from its scope - meaning banks deploying agentic AI must self-govern using SR 26-2's principles applied by analogy, pending forthcoming agency guidance.

The CFPB's enforcement of ECOA / Regulation B is the other primary lever - Circular 2022-03 and Circular 2023-03 established that AI and ML credit models do not create an exception to adverse action notice requirements. 'Our algorithm said no' is not a reason; the lender must provide specific, accurate principal reasons for denial, regardless of model complexity. Disparate impact under ECOA applies even without discriminatory intent.

The broader US compliance stack also includes HMDA reporting, the Fair Housing Act, the FFIEC IT Examination Handbook for third-party risk management, and, for non-bank lenders, state-level UDAP statutes and licensing requirements. A production AI agent must therefore produce explainable credit rationales, preserve data lineage, support fair lending testing, and generate evidence that internal audit, compliance, and exam teams can review.

US privacy compliance for lending AI agents is a patchwork. GLBA (Gramm-Leach-Bliley) governs financial privacy and the Safeguards Rule, requiring institutions to protect customer information through administrative, technical, and physical controls. FCRA governs credit data accuracy, dispute handling, permissible purpose, and adverse action requirements; FCRA adverse action overlaps with ECOA but remains legally distinct.

State privacy laws add another layer: CCPA/CPRA in California, CDPA in Virginia, CPA in Colorado, the Texas Data Privacy Act, and newer Connecticut, Utah, Delaware, and other state frameworks. The agent's consent, retention, access, deletion, and opt-out handling must be configured to satisfy the most restrictive applicable state rule for the borrower and data flow.

CFPB Section 1033 open banking rules add a portability layer, giving consumers rights to access and share financial data. For AI agents, this affects how bank statement aggregation, cash-flow underwriting, and third-party data access are permissioned, logged, revoked, and explained to customers.

SR 26-2 is principles-based, not prescriptive. Model risk management sophistication should align with the bank's size, complexity, and risk profile. The guidance is most relevant to banks over $30 billion in assets, but its principles apply broadly because examiners increasingly expect smaller institutions and non-bank partners to show comparable discipline for material credit decisioning models.

The three core safeguards carried over from SR 11-7 remain central: independent validation, ongoing monitoring against actual outcomes, and documentation detailed enough for unfamiliar reviewers to understand the model, its limitations, and its controls. For agentic AI, documentation must also cover prompts, tools, retrieval sources, escalation logic, and where human review enters the workflow.

OCC's 2024 examination findings flagged inadequate fair lending testing and explainability gaps in adverse action processes as common weaknesses. That makes adverse action traceability and fair lending validation first-class MRM requirements, not optional analytics.

Yes, AI agents can exhibit bias - both the LLM they are built on and the data they are trained or evaluated on can encode historical patterns of discrimination. In US lending, this is a fair lending risk under ECOA, the Fair Housing Act, and state UDAP statutes. Disparate impact can matter even when there is no discriminatory intent.

The most common forms of bias in lending AI are: demographic bias (the agent approves loans at a systematically different rate for protected classes when controlling for creditworthiness), proxy bias (using a variable like ZIP code or employer industry that is correlated with a protected characteristic), and feedback loop bias (the agent is evaluated on historical approval/rejection data that itself reflected biased human decisions).

Testing for bias requires a structured audit: run a sample of applications through the agent after anonymizing personally identifying information, then analyze approval rates, credit limits, and interest rate recommendations across demographic segments. OCC 2024 examination findings flagged that many banks provide limited documentation of AI bias evaluation, particularly for models acquired from third parties.

AI agents in banking introduce three categories of security risk that do not exist with traditional software: prompt injection attacks (malicious inputs designed to override the agent's instructions), data leakage through the LLM layer (the model inadvertently revealing information from one customer's data in another's session), and supply chain risk from the LLM provider (the model vendor's systems being breached or the model being updated in ways that change agent behavior).

Prompt injection is the most immediately exploitable risk. An attacker could submit a loan application containing hidden instructions - in white text, in metadata, or embedded in a PDF - that try to override the agent's behavior. Well-designed agents have injection-resistant prompt structures that separate data inputs from instruction inputs architecturally, and validate that inputs are in expected formats before processing.

Data leakage is mitigated through session isolation - each agent interaction should operate in a clean context with no memory of previous sessions. Each borrower's data should be scoped to their own session and never included in another session's context. Vendor governance should follow the FFIEC IT Examination Handbook's third-party risk management expectations, with NIST AI Risk Management Framework (AI RMF 1.0) used as a voluntary best-practice overlay that examiners increasingly cite.