The Call for AI Security in Banking
The Bank Policy Institute’s BITS unit and the American Bankers Association filed a joint submission to NIST’s AI Safety Institute (CAISI) arguing that AI agent systems require formal security guidance before widespread financial deployment. Banks point to real-world use cases in cybersecurity, fraud prevention and automated operations where agent behavior can affect customers and markets. Their comments build on prior sector work from the U.S. Treasury, the Financial Services Sector Coordinating Council and the FBIIC, positioning the industry as a proactive contributor to federal AI safety efforts.
Core Recommendations for NIST
The submission centers on two voluntary, consensus-based recommendations. First, the associations ask NIST to develop a controlled-sharing profile that defines baseline information elements for agent deployments. The profile is framed as a “nutrition label” for AI agents, providing standardized metadata about capabilities, access permissions, tested limits and known failure modes to counterparty organizations and regulators.
Second, banks urge NIST to publish reference architectures and practice guides for secure counterparty interactions and automated integrations. These materials would cover machine-to-machine access controls, traceability, audit logging, and mechanisms for orderly shutdown or isolation of misbehaving agents. The guidance is described as non-prescriptive, intended to support flexible, risk-based implementation across diverse vendor and bank environments.
Fostering Responsible AI Adoption
Adopting these standards would help accelerate safe AI use across finance by reducing duplicated due diligence, improving supply chain risk management, and promoting interoperable implementations between vendors and counterparties. Voluntary, consensus-based tools can lower friction for smaller institutions while preserving options for more conservative risk postures at systemically important firms. For policymakers, the industry submission signals a pathway for aligning technical interoperability with operational risk controls, with implications for broader AI governance in the financial sector.
Banks framing practical, shareable measures for AI agent systems creates a foundation for safer, more efficient adoption that balances innovation with sector-wide resilience.
