Does SR 11-7 apply to AI agents in banking?

Yes. The Federal Reserve and OCC apply SR 11-7 model risk management guidance to AI, ML and generative AI systems. However, agentic AI systems that make autonomous decisions strain the framework's foundational assumptions about model stability and periodic validation. Financial institutions must supplement SR 11-7 compliance with continuous monitoring and use-based controls specific to agent behavior.

Are AI trading agents classified as high-risk under the EU AI Act?

AI systems used for creditworthiness assessment and credit scoring are explicitly classified as high-risk under EU AI Act Annex III. Trading agents that execute autonomously fall under the broader regulatory framework through MiFID II algorithmic trading requirements and DORA operational resilience obligations. The combined regulatory effect requires governance that satisfies multiple frameworks simultaneously.

What audit trails do KYC/AML agents need?

KYC/AML agents must maintain complete audit trails for every verification: data sources accessed, documents verified, sanctions lists checked, risk scores assigned, decisions made and the rationale for each decision. Regulators expect to reconstruct the full decision path for any individual customer verification. The audit trail must satisfy AML regulations, data protection requirements (GDPR) and the AI Act's transparency obligations.

What does DORA require for AI agents in financial services?

The Digital Operational Resilience Act requires financial entities to maintain comprehensive ICT risk management, including for AI systems. Key requirements: ICT risk management frameworks covering AI agents, incident reporting for AI-related disruptions, digital operational resilience testing of AI systems, management of ICT third-party risk (including AI vendors) and information sharing on AI-related cyber threats. DORA applies from January 2025.

AI agent governance in financial services: trading, KYC and the regulatory stack that already applies

Q: Do fiduciary duties apply to AI investment agents?

Yes. Under the Investment Advisers Act of 1940, registered investment advisers owe clients fiduciary duties of loyalty and care regardless of whether recommendations are made by humans or AI. The SEC has enforced against robo-advisors for undisclosed conflicts of interest, with settlements reaching hundreds of millions of dollars. AI agents making investment recommendations must meet the same suitability, disclosure and best-interest standards as human advisors.

A proprietary trading desk at a European bank deployed an AI agent to execute a momentum strategy across Nordic equity markets. The agent operated within predefined risk limits: maximum position size, daily loss threshold, sector concentration caps. For six weeks, every trade fell within parameters.

In week seven, the agent identified a pattern across three correlated positions that its risk limits evaluated individually but not collectively. It built a concentrated position across the three names that, taken together, exceeded the desk’s aggregate risk appetite by 40%. Each individual trade was compliant. The portfolio effect was not. The risk management system, designed to validate individual model outputs, had no mechanism to evaluate an agent’s emergent portfolio construction behavior.

The compliance team discovered the position during a routine end-of-day review. By then, the agent had been building the position for three days. The loss on unwinding was manageable. The governance gap was not.

The regulatory stack#

Financial services AI agents operate under more concurrent regulatory obligations than agents in any other sector. Six frameworks apply simultaneously, and each adds requirements that the others do not cover.

SR 11-7: model risk management#

The Federal Reserve’s SR 11-7, jointly issued with the OCC in 2011, remains the foundational framework for model governance in US banking. It requires three safeguards for every model: independent validation by objective parties, ongoing monitoring comparing outputs to actual outcomes and documentation detailed enough that unfamiliar parties can understand the model’s operation.

Regulators now explicitly apply SR 11-7 to AI, ML and generative AI systems. But agentic AI strains the framework’s core assumptions.

SR 11-7 remains one of the few stable reference points for model governance, making clarity around its scope and limitations even more critical.

Three specific tensions arise with AI agents:

Validation assumes stability. SR 11-7’s validation approach presumes models behave consistently between review cycles. Agents that recalibrate autonomously, change tool usage patterns or construct novel decision chains invalidate this assumption. Continuous monitoring must complement periodic validation.

Documentation assumes reproducibility. The requirement that “unfamiliar parties can understand the model’s operation” becomes difficult when agent behavior emerges from the interaction of prompts, tools, context and real-time data. Agent documentation must capture not just the model, but the full decision environment.

Effective challenge assumes human comprehension. SR 11-7 requires “effective challenge” of model outputs. For agents making thousands of decisions per hour across multiple tool chains, the concept of human challenge must evolve from reviewing individual outputs to monitoring behavioral patterns and statistical distributions.

The Treasury’s Financial Services AI Risk Management Framework, released in February 2026, introduces 230 control objectives across seven domains. While not legally binding, it establishes market expectations that examiners will reference.

MiFID II: investment services#

MiFID II applies to AI agents that provide investment advice, execute orders or manage portfolios within the EU. Key obligations:

Suitability assessment. Agents recommending investments must assess client knowledge, experience, financial situation and risk tolerance. The suitability assessment cannot be a one-time event; agents must reassess when client circumstances change.
Best execution. Trading agents must achieve the best possible result for clients, considering price, costs, speed, likelihood of execution and settlement. The agent must demonstrate that its execution decisions optimize for client outcomes, not firm profitability.
Algorithmic trading requirements. MiFID II imposes specific obligations on algorithmic trading: effective systems and controls, pre-trade and post-trade monitoring, kill switches and annual self-assessments. AI trading agents that operate autonomously meet the definition of algorithmic trading systems.

MiFID II, DORA and the EU AI Act all assign non-delegable accountability to the management body. The firm’s board and senior management remain responsible for agent behavior regardless of the agent’s autonomy level.

DORA: operational resilience#

The Digital Operational Resilience Act, applicable from January 2025, requires financial entities to maintain comprehensive ICT risk management. For AI agents:

ICT risk management frameworks must cover AI agent infrastructure, including the models, tools, data sources and APIs agents access
Incident reporting requirements apply to AI-related operational disruptions, with major incidents requiring notification within 4 hours
Resilience testing must include AI systems, verifying that agents can operate correctly under stress conditions and that failures degrade gracefully
Third-party risk management must address AI vendors, including model providers, tool providers and data source providers that agents depend on

PSD2: payment services#

AI agents processing payments under PSD2 must:

Apply strong customer authentication (SCA) requirements
Maintain transaction monitoring for fraud detection
Ensure data protection for payment data
Provide real-time transaction status to payment service users

Payment agents that bypass or weaken authentication to improve user experience create direct regulatory exposure.

Basel III: operational risk#

Basel III’s operational risk framework applies to losses from AI agent failures. Financial institutions must:

Include AI agent operational risk in their capital calculations
Maintain loss data for AI-related operational incidents
Conduct scenario analysis for potential AI agent failures
Report material AI-related operational losses to supervisors

The SEC identified AI governance as an examination priority for 2025 and has enforced against robo-advisors for undisclosed conflicts of interest, with settlements involving Schwab, Betterment, Wahed Invest and SoFi spanning hundreds of millions of dollars in penalties.

Agent governance by type#

Trading execution agents#

Trading agents present the highest-stakes governance challenge in financial services. An agent with direct market access can generate significant losses in minutes.

Transaction authority limits. Define precisely what the agent can trade: which instruments, which markets, what position sizes, what daily loss limits. Critically, define aggregate limits that evaluate the agent’s total portfolio construction, not just individual trades. The opening scenario illustrates what happens when individual-trade limits are satisfied but portfolio-level risk is not governed.

Pre-trade and post-trade controls. Pre-trade controls must evaluate each order against risk limits before execution. Post-trade controls must reconcile executed trades against intended strategy. Both must operate in real time, not end-of-day.

Kill switch requirements. MiFID II requires kill switches for algorithmic trading systems. For AI agents, the kill switch must be immediate, tested regularly and accessible to multiple authorized personnel. The agent must respond to kill signals within a defined latency threshold.

Market abuse monitoring. Trading agents must be monitored for patterns that could constitute market manipulation, including layering, spoofing or wash trading. The agent’s trading patterns must be analyzed against market abuse typologies on an ongoing basis.

KYC/AML agents#

KYC/AML agents handle customer due diligence, transaction monitoring and suspicious activity reporting. They process high volumes of sensitive data and make decisions with direct compliance consequences.

Audit trail completeness. Every verification decision must produce a complete audit trail: data sources accessed, documents verified, sanctions lists checked, beneficial ownership records reviewed, risk scores assigned and the rationale for the final decision. Regulators must be able to reconstruct the full decision path for any customer.

False positive management. AI-powered transaction monitoring reduces false positive rates compared to rule-based systems. But false negatives, suspicious activity that the agent misses, carry severe regulatory consequences. Governance must track both rates and ensure that false negative rates remain within acceptable thresholds.

Sanctions screening currency. Sanctions lists update frequently. KYC agents must screen against current lists, not cached versions. Governance must verify that the agent’s sanctions data is current within hours, not days.

Cross-border data residency. KYC agents operating across jurisdictions must comply with data residency requirements in each jurisdiction. Customer data from EU residents must be handled under GDPR. Data from other jurisdictions carries its own requirements. The agent’s data governance must enforce residency rules at the data access level.

Investment advisory agents#

Agents that recommend investments or construct portfolios trigger fiduciary obligations.

Suitability documentation. Every recommendation must be documented with the client’s profile, the recommendation rationale, the risk assessment and the expected outcome. The documentation must demonstrate that the recommendation was suitable for that specific client.

Conflict of interest disclosure. AI agents may have embedded biases toward certain products (through training data, prompt design or available tool access). Governance must identify potential conflicts and ensure they are disclosed to clients.

Fee transparency. If the agent recommends products with different fee structures, the governance framework must ensure that fee implications are disclosed and that recommendations are not biased toward higher-fee products.

Nordea’s AI deployment has scaled from pilots to 10,000 users, with 12 virtual agents deployed across four Nordic markets. Over 50% of online customer queries are first handled by AI chatbots. Nordic banks, including Nordea, DNB, SEB, Handelsbanken, Danske Bank and Swedbank, are investing strategically in AI to maintain competitive advantage as traditional automation approaches reach diminishing returns.

Payment processing agents#

Payment agents operate under PSD2 and must maintain security without compromising speed.

Authentication enforcement. The agent must enforce strong customer authentication for all transactions that require it. Governance must verify that the agent does not create authentication bypass paths for convenience.

Real-time fraud detection. Payment agents must monitor transactions for fraud indicators in real time. Governance must track detection rates, false positive rates and response times.

Settlement finality. Payment agents must understand settlement finality rules for each payment system they access. A payment initiated by an agent that cannot be reversed requires governance controls proportional to that finality.

Credit decisioning agents#

Agents that make or influence credit decisions face specific fair lending and consumer protection obligations.

Fair lending compliance. Credit agents must be tested for disparate impact across protected classes. Governance must include regular bias testing and documentation of testing methodology and results.

Adverse action notices. When an agent denies credit or offers less favorable terms, the applicant must receive an adverse action notice with specific reasons. The agent must produce reasons that are accurate, specific and compliant with Regulation B and the Equal Credit Opportunity Act.

Explainability for examiners. Regulators expect to understand why an agent made a specific credit decision. “The model said so” is not sufficient. The agent must produce decision explanations that satisfy both the consumer and the examiner.

Building the governance framework#

Step 1: map the regulatory stack#

For each agent, identify every applicable regulation. A single KYC agent operating across EU jurisdictions may face: SR 11-7 (if the institution is US-supervised), EU AI Act, GDPR, AML directives, DORA and local financial supervisory requirements. Document the full regulatory stack per agent and maintain the mapping as a living document in your agent registry.

Step 2: classify by risk and regulatory impact#

Not all financial services agents carry equal risk. Risk classification must account for:

Financial impact potential (maximum loss from agent failure)
Regulatory classification (high-risk under EU AI Act, model under SR 11-7)
Client impact (direct client-facing vs. internal operations)
Decision autonomy (fully autonomous vs. human-in-the-loop)
Data sensitivity (PII, financial data, payment data)

Step 3: implement continuous monitoring#

Financial regulators expect continuous governance, not point-in-time reviews. Deploy observability infrastructure that provides:

Real-time decision monitoring for all production agents
Behavioral drift detection against validated baselines
Regulatory threshold alerting (position limits, loss limits, concentration limits)
Audit trail generation as a byproduct of normal operations
Cost attribution per agent and per transaction

Step 4: establish human oversight proportional to risk#

High-risk agents (trading, credit decisioning) require pre-execution human review or real-time monitoring by qualified personnel. Medium-risk agents (KYC, payment processing) can operate autonomously with statistical monitoring and exception-based human review. Low-risk agents (internal reporting, data aggregation) require periodic review on a scheduled basis.

Step 5: prepare for examiner scrutiny#

Financial regulators will examine AI agent governance. Prepare by maintaining:

Complete agent inventories with risk classifications and regulatory mappings
Validation documentation that addresses SR 11-7 requirements adapted for agent behavior
Monitoring evidence demonstrating continuous governance between examinations
Incident records showing how agent failures were detected, investigated and remediated
Fair lending and consumer protection testing results for client-facing agents

For building the governance business case, the ROI framework for agent governance maps the financial impact of regulatory compliance and operational risk reduction.

The convergence point#

The regulatory frameworks governing financial services AI agents were written at different times, by different authorities, for different purposes. SR 11-7 addresses model risk. MiFID II addresses investor protection. DORA addresses operational resilience. The EU AI Act addresses AI-specific risks. Basel III addresses capital adequacy.

But they converge on the same requirement: the institution must understand, monitor and control its AI systems. The management body must be accountable. The governance must be proportional to the risk. And the evidence must be producible on demand.

For financial institutions operating AI agents, the question is not which regulation to comply with. It is how to build a governance framework that satisfies all of them simultaneously without creating duplicate processes for each. The 8 pillars of AI agent governance provide a unified structure that maps to each regulatory requirement while maintaining a single operational framework.