Why AI Pilots Keep Dying in Financial-Services Compliance Review
TL;DR — About 30% of financial-services leaders ban generative AI outright or in part, and it maps to specific rules cloud AI often can't satisfy: the GLBA Safeguards Rule's service-provider oversight requirement, SR 26-2 model risk governance (the April 2026 replacement for SR 11-7), and Regulation S-P's 72-hour vendor / 30-day customer breach-notification clock.
This is a technical and general-compliance explainer, not legal or regulatory advice. Confirm applicability to your institution with your compliance and legal teams.
The pattern is familiar to anyone who's worked inside a bank, broker-dealer, or insurer: a team finds an AI tool, runs a small pilot, gets good results, and takes it to security and legal review — where it stalls for months or dies outright. It's tempting to read that as institutional risk-aversion. It's more accurate, and more useful, to read it as a specific list of regulatory requirements that most cloud AI tools genuinely don't satisfy.
The actual scale of the restriction
According to an Arizent/American Banker survey of financial-services leaders (updated April 2025), roughly 30% ban generative AI tools outright or in part — about 15% have banned it completely for all employees, and another 20% restrict it to specific employees or narrowly scoped uses. A further 26% haven't banned it yet but are actively considering a policy (American Banker, "A third of banks ban employees from using gen AI"). That's not a fringe position — it's close to a third of the industry taking a hard line, in an environment where the efficiency case for AI is not in dispute.
The regulations actually doing the work
None of the rules below were written with AI in mind — most predate the current wave of generative AI entirely. That's precisely why they're worth naming specifically: they apply regardless of whether the underlying tool is a spreadsheet macro or a large language model, and cloud AI vendors don't get a pass just because the technology is new.
- The GLBA Safeguards Rule (16 CFR § 314.4(f)) requires a financial institution to treat any vendor that "receives, maintains, processes, or otherwise is permitted access to customer information" as a service provider — meaning the institution must select providers capable of maintaining appropriate safeguards, bind them to those safeguards by contract, and periodically reassess them. A cloud AI vendor processing customer-related queries is a service provider under this rule like any other, whether or not its marketing uses that word.
- SEC Rule 17a-4 requires broker-dealers to retain business-related electronic communications and records in a tamper-evident format — either WORM storage or an audit-trail system that logs every modification, with records producible to regulators on request. AI-assisted work product and AI-mediated client communications fall under the same retention and audit-trail obligations as any other business record; most cloud AI interfaces aren't built to produce that kind of record on demand.
- Model risk governance — for decades this meant SR 11-7, the Federal Reserve's 2011 guidance on validating and governing internal models. On April 17, 2026, the Fed, FDIC, and OCC jointly rescinded SR 11-7 (along with OCC 2011-12 and FIL-22-2017) and replaced it with SR 26-2, a more explicitly risk-based framework that tailors oversight to a model's materiality rather than applying one standard uniformly. The core disciplines carry over unchanged: independent review, validation, and documentation of any model material to a business decision — which an AI system used in underwriting, risk scoring, or advisory workflows clearly is.
- Regulation S-P, as amended by the SEC in May 2024, requires covered institutions to notify affected customers of a breach "as soon as practicable" and no later than 30 days after becoming aware of it — and requires any service provider (a cloud AI vendor included) to notify the institution within 72 hours of discovering unauthorized access to a system holding customer information. Large firms had to comply by December 2025; smaller ones follow by June 2026. Practically, this means a breach at your AI vendor becomes your regulatory notification obligation, on a clock that starts running the moment the vendor — not you — discovers it.
- ECOA and Regulation B require specific, substantive reasons in adverse-action notices whenever a credit decision is denied — including when a model contributed to that decision. A model whose reasoning can't be inspected is a genuine problem here, independent of how it's hosted.
What this actually means for the deployment decision
None of these rules say "no cloud." What they say, collectively, is that whoever deploys the model needs to control the audit trail, the retention format, the vendor's access to customer data, and the notification clock — and a lot of that gets structurally harder the moment a vendor's servers are in the loop, because you're now depending on that vendor's cooperation, contracts, and breach-detection speed for obligations that are legally yours.
That's the case for on-premise deployment being a compliance answer, not just a technology preference: a model that runs on the institution's own hardware — reasoning, document retrieval, and generation all local, the way AssistantGeneral is built for finance use — never puts a vendor's infrastructure between a customer query and the institution's own control boundary in the first place. It doesn't make GLBA, SR 26-2, or Regulation S-P go away; those obligations exist regardless of deployment model. It does mean the institution isn't depending on a third party's contract terms and breach-notification speed to meet them.
The honest caveat: on-premise doesn't automatically satisfy any of this either. A firm still needs its own written information security program, access logging, model documentation, and validation process — the infrastructure choice removes one dependency (the vendor), not the obligation itself. For a lot of workflows that don't touch regulated customer data — internal benchmarking, public-data analysis, prototyping — cloud tools remain the faster, cheaper, entirely reasonable choice. The regulatory weight above applies specifically where customer or regulated data is actually in the loop, which is exactly the set of use cases financial-services security teams keep saying no to.
Sources: American Banker — A third of banks ban employees from using gen AI · Federal Reserve SR 26-2 (PDF) · 16 CFR § 314.4 — GLBA Safeguards Rule · SEC — Regulation S-P Amendments
Frequently asked questions
What percentage of financial institutions restrict or ban generative AI?
Around 30%, per an Arizent/American Banker survey of financial-services leaders (updated April 2025) — about 15% ban it completely for all employees, and another 20% restrict it to specific employees or narrowly scoped uses.
Does the GLBA Safeguards Rule apply to cloud AI vendors?
Yes. Under 16 CFR § 314.4(f), any vendor that receives, maintains, processes, or is permitted access to customer information is a service provider, requiring the institution to select capable providers, bind them to safeguards by contract, and periodically reassess them — a cloud AI vendor processing customer-related queries qualifies like any other service provider.
What is SR 26-2 and how is it different from SR 11-7?
SR 26-2 is the Federal Reserve, FDIC, and OCC's joint replacement for SR 11-7 (the 2011 model risk management guidance), issued April 17, 2026. It keeps the core disciplines — independent review, validation, documentation — but tailors oversight to a model's materiality instead of applying one standard uniformly, which still covers AI systems material to a business decision.
What does Regulation S-P require after an AI vendor breach?
Under the SEC's May 2024 amendments, a service provider (including a cloud AI vendor) must notify the covered institution within 72 hours of discovering unauthorized access to customer information, and the institution must then notify affected customers within 30 days of becoming aware — a clock the institution doesn't control if the vendor is slow to detect the breach.
Related posts
See what we're building
Private, on-premise AI and software that runs entirely on your own infrastructure — no cloud, no subscriptions, no data leaving your hardware.