The release of SR 26-2 marks a significant modernization of U.S. model risk management by replacing SR 11-7 with a more risk-based and materiality-sensitive supervisory framework. However, generative and agentic AI are excluded, creating an important governance challenge for banking organizations and other financial institutions. Although generative AI may not directly estimate credit risk or make underwriting decisions, its outputs can materially affect the surrounding control environment through monitoring interpretation, policy analysis, or adverse-action language drafting. These uses may influence how regulated financial decisions are explained, challenged, documented, and governed. This paper proposes the Generative AI Control Framework (GAICF), an SR 26-2-compatible governance framework for generative AI-enabled financial workflows. The framework translates core model risk management principles into a layered control structure for generative AI applications that operate outside the formal model boundary but remain embedded within regulated banking processes. GAICF provides a practical approach for financial institutions seeking to align emerging generative AI governance practices with the risk-based supervisory expectations reflected in SR 26-2.
Governing Generative AI Across Financial Institutions: An SR 26-2-Compatible Framework for Generative AI Risk Control
The release of SR 26-2 marks a significant modernization of U.S. model risk management by replacing SR 11-7 with a more risk-based and materiality-sensitive supervisory framework.
- Preview

- Year
- 2026
- Hosting
- Full text hostedCC-BY-4.0
Cite
Notes
Only stored in your browser.
Attribution
- Abstract & full text
- arxiv.org/abs/2607.04103CC-BY-4.0
- TL;DR
- Semantic Scholar