American bankers were expected to resist AI regulation in banking, but the sharper signal is that many compliance leaders now want Washington to move first because regulatory silence feels less like freedom and more like exposure.

US Bankers Press Washington for AI Regulation in Banking
XOOMAR Intelligence
Analyst Take
That reversal comes from a survey cited by Iain Armstrong, executive director of FCC strategy at ComplyAdvantage, who wrote in American Banker that a recent survey of 600 senior compliance leaders across three regions found nearly a quarter wanted regulation to come before innovation, with AI developing inside preset guardrails. European respondents, despite living under the EU AI Act, were more inclined to let innovation lead.
That is the core tension. The U.S. produced Silicon Valley, yet its bankers are asking for clearer rules. Europe wrote the most prescriptive AI framework on the planet, yet its financial professionals appear more wary of overbuilding the rulebook.
US bankers don't fear AI rules, they fear being blamed after the fact
The phrase “US bankers” needs precision. Armstrong’s evidence comes from North American financial crime professionals and senior compliance leaders, not every bank executive in the country. Still, the pattern fits U.S. banking culture: firms are used to supervisory expectations that spell out what acceptable control looks like.
That habit matters for AI regulation in banking because banks do not deploy AI into a blank commercial field. The GAO notes that financial institutions use AI in areas including automated trading, credit decisions, and customer service, while regulators oversee AI largely through existing laws, regulations, guidance, and risk-based examinations, according to the U.S. GAO.
The risk is not just whether an AI tool works. It is whether a bank can later prove that its use of the tool was controlled, tested, documented, and aligned with existing obligations. GAO lists risks including biased lending decisions, data quality issues, privacy concerns, and new cybersecurity threats. Those are not abstract problems for compliance teams. They are exactly the kinds of issues that turn technical choices into supervisory findings.
Europe shows the other trap. It tried to write a broad AI rulebook, then ran into deadlines, standards work, and implementation delays. The lesson is uncomfortable: no rules leaves banks exposed, but over-specific rules can freeze before they function.
The numbers behind banks' AI anxiety are timelines, not fine tables
The strongest data in the source is not a penalty schedule. It is the calendar.
SR 11-7, issued by U.S. federal regulators in 2011, gave banks a durable framework for model risk management. Armstrong writes that it became a global reference point and went untouched for 15 years. That kind of stability trained banks to expect Washington to define the boundaries.
Then came the surprise. When regulators revised SR 11-7 in April 2026, they explicitly excluded generative and agentic AI from scope. At the same time, Armstrong cites Fortune’s reporting that there is still no comprehensive federal AI law on the books, and that the path to one remains uncertain.
Europe’s dates are no cleaner. Armstrong writes that the European Commission missed its own deadlines for guidance on high-risk AI systems, while standards bodies missed theirs too. Enforcement of the high-risk provisions has been pushed back 16 months to December 2027.
The practical comparison is stark:
- Before: U.S. banks could look to model risk guidance as a stable reference point for governance.
- After: generative and agentic AI sit outside the revised SR 11-7 scope.
- Before: Europe promised a prescriptive AI framework.
- After: guidance and technical standards lagged, while high-risk enforcement moved to December 2027.
This is why AI regulation in banking now feels less like a choice between strict and loose rules. It looks more like a choice between two kinds of uncertainty.
From model risk to the EU AI Act, two regulatory cultures collided
The U.S. banking system is rules-heavy by design. Armstrong contrasts that with Europe’s traditional principles- and risk-based approach, where oversight is scaled to the risk of the product or market.
The EU AI Act disrupted that pattern. Europe moved toward a more prescriptive framework for a technology that Armstrong argues moves faster than legislation can track. Executives from ASML, Airbus, Ericsson, Nokia, SAP, Siemens, and Mistral AI publicly warned that the EU was regulating itself out of the global AI race, according to the American Banker piece.
That warning matters because it came before the framework had fully settled into practice. A rulebook can be tough and still workable. The danger is a rulebook that is tough, late, and unclear at the same time.
For readers tracking European policy pressure beyond bank AI, XOOMAR has also covered adjacent debates where proof and safety obligations sit at the center, including EU Teen Social Media Limits May Force Apps to Prove Safety. In a very different regulated-sector context, Heatwave Forces Neso Power Warning as Grid Runs Tight shows how public-risk management can quickly become an operational issue, not just a policy one.
The banking AI lesson is narrower. Rules written too early may misclassify the technology. Rules written too late may leave firms guessing while adoption continues.
The FCA is saying the old cycle no longer fits AI
The most important quote in Armstrong’s piece comes from Nikhil Rathi, chief executive of the U.K.’s Financial Conduct Authority. In December, he declined to create new AI-specific rules because the technology was moving too quickly.
AI is a technology where “the frontier is moving every three to six months.”
Rathi also said at the 2025 Financial Times Global Banking Summit that “there needs to be a different relationship between regulator and regulated.”
That sentence is doing a lot of work. It implies that the classic pattern, write rules, comply, revise later, cannot match AI’s development cycle. Armstrong, who previously worked inside the FCA, reads Rathi’s remarks as a signal that the supervisory model itself does not fit the technology.
XOOMAR analysis: this is the most useful frame for banks. The choice is not “more regulation” versus “less regulation.” It is whether supervision becomes more continuous. Banks may need to show live governance: documented use cases, regular performance checks, control testing, escalation routes, and evidence that AI is being used where it makes operational sense.
Armstrong’s practical example is financial crime detection. He argues banks should use AI where it can augment detection and reduce high-volume noise that obscures meaningful signals. That is a narrower, more defensible use case than treating AI as a universal replacement for controls.
Bankers, supervisors, fintechs, and customers are not asking for the same guardrails
Different groups want different things from AI regulation in banking. The conflict is not ideological. It is structural.
| Stakeholder | What the source supports | XOOMAR analysis |
|---|---|---|
| Banks and compliance teams | Many North American compliance leaders want regulation first, according to Armstrong’s survey discussion | Clearer expectations reduce uncertainty around documentation, testing, and supervisory review |
| Regulators | GAO says regulators mainly use existing laws, guidance, and risk-based exams, while assessing emerging vulnerabilities | Agencies may avoid blessing specific AI practices before the technology stabilizes |
| Credit unions | GAO says NCUA lacks detailed model risk guidance covering broader models and lacks authority to examine technology service providers | Third-party AI risk is harder to supervise when oversight tools are incomplete |
| Customers | GAO cites risks such as biased lending decisions, privacy concerns, and cybersecurity threats | Better governance can make harmful outcomes easier to detect and challenge |
The Goodwin summary of U.S. AI regulation adds another layer: after federal momentum faded, state regulators stepped in with rules and guidance around bias, transparency, and compliance in AI-driven decision-making. It also notes that a proposed federal moratorium on state AI bills was removed from the “One Big Beautiful Bill” by a 99-1 Senate vote on July 1, 2025, according to Goodwin.
That reinforces the fragmentation problem. Even without a sweeping federal AI law, financial firms do not operate outside law. They operate inside overlapping consumer protection, fair lending, privacy, cybersecurity, vendor-risk, and model-governance expectations.
AI compliance is becoming part of the product
The firms best positioned for bank AI adoption will not be the ones with the flashiest demo. They will be the ones that can prove how the system behaves, how it is monitored, and who is accountable when it fails.
For banks, that means AI projects need governance from the start. Armstrong says regulators will want a strong documented rationale for AI use cases and proof that banks can regularly check whether systems perform as intended. That sounds basic, but it cuts against the fast-deploy culture around many AI tools.
For vendors, the message is just as direct. If a product touches financial crime controls, credit decisions, customer service, or compliance workflows, banks will need evidence. Not just marketing claims. Evidence that can survive internal review and supervisory questions.
For customers, stronger governance can help reduce opaque or harmful decisions. The tradeoff is speed. Some useful tools may move more slowly if banks cannot show the control framework around them.
The next phase is adaptive supervision, not a grand AI rulebook
Armstrong’s forward look is cautious. He does not say any major jurisdiction has solved this. He writes that the answer is neither an innovation-first approach nor a regulation-first model, but a different relationship between regulator and regulated: continuous, adaptive, and built for AI’s speed rather than the speed of legislation.
He also notes that Rathi has not indicated the FCA is moving fully in that direction yet, though Armstrong expects consultations in the second half of 2026 that could move the industry toward this model.
That is the watch item. Evidence supporting this thesis would include regulators asking for repeatable AI control processes, clearer documentation expectations, stronger vendor oversight, and more frequent supervisory engagement instead of one sweeping AI rule. Evidence weakening it would be a return to broad, static rulebooks that try to define AI obligations years before the technology and use cases settle.
US bankers want more AI regulation because they know the real risk is not only moving too slowly. It is deploying AI without a defensible record when the supervisor finally asks how the decision was made.
Disclaimer: This XOOMAR analysis is for informational and educational purposes only. It is not financial, investment, legal, tax, or professional advice. It does not provide buy, sell, hold, price-target, portfolio, or personalized recommendations. Verify information independently and consult qualified professionals before making decisions.
Impact Analysis
- U.S. bankers appear to see clear AI rules as protection against future blame, not just as compliance burden.
- The split with Europe shows that more regulation does not always mean more appetite for additional rulemaking.
- AI use in trading, credit decisions, and customer service raises accountability risks that existing banking oversight may not fully resolve.
AI Regulation Attitudes in Banking
| Group | Regulatory Context | Reported Attitude |
|---|---|---|
| North American compliance leaders | No comprehensive AI banking framework; oversight relies on existing laws, guidance, and exams | More likely to want regulation before innovation to reduce uncertainty and liability |
| European respondents | Operating under the EU AI Act, a prescriptive AI framework | More inclined to let innovation lead rather than expand rules further |
Sources
Disclaimer: Content on XOOMAR is produced using AI-assisted research, drafting, and verification workflows and is intended for informational and educational purposes only. It does not constitute financial, investment, legal, tax, medical, or professional advice of any kind. All analysis reflects available information at the time of publication and may not be current. Verify information independently and consult qualified professionals before making decisions. Editorial policy
Written by
XOOMAR Insights Team
Research and Editorial Desk
The XOOMAR Insights Team pairs automated research with human editorial judgment. We track hundreds of sources across technology, fintech, trading, SaaS, and cybersecurity, cross-check the facts, and explain what happened, why it matters, and what to watch next. We do not just rewrite headlines. Every article is fact-checked and scored for reliability before it goes live, and we link back to the original sources so you can verify anything yourself.
Explore More Topics
Related Articles
FintechAI Taking Jobs Panic Shields Fintech CEOs From Blame
AI is getting too much blame for fintech layoffs. Babina says broad data still doesn't show the machine is taking jobs.
FintechAI Banking Jobs Hit Standard Chartered's 7,800-Role Cut
Standard Chartered’s 7,800-role plan shows AI is already shrinking banking’s back office and threatening the analyst talent pipeline.
Fintech85% of Financial Firms Pour More Cash Into AI Budgets
Financial firms are turning AI from pilots into capital plans, with 85% set to raise budgets for productivity, risk, and competitive edge.
FintechMerger Clock Ticks as Regional Bank M&A Window Shrinks
Regional banks have a rare merger window, but market jitters and a 2029 political clock could punish boards that wait.
FintechMiCA 2.0 Threatens a Costlier Crypto Rulebook in Europe
MiCA 2.0 could make Europe’s crypto regime tougher as stablecoins and tokenized finance push regulators beyond spot markets.
Global TrendsEU Teen Social Media Limits May Force Apps to Prove Safety
Brussels may make social apps prove they're safe before teens can join, shifting the burden from parents to platforms.
CybersecurityEurope Turns Up Heat on Putin as Ukraine Talks Hit Paris
Macron is staging Paris Ukraine talks with Zelenskyy, Starmer and Merz as Europe looks to turn Kyiv's momentum into pressure on Putin.
TradingCrypto Week Ahead Traps Bitcoin Bulls in CPI Crossfire
Bitcoin's week may be decided by CPI, bank earnings and oil risk, not token catalysts, as traders test whether risk appetite can hold.
FintechSmall Bank Failure Exposes America's Deposit Divide
Kentland Federal failed, but top small banks are still thriving. The real story is a widening gap between weak franchises and disciplined operators.
Global TrendsWarm Rivers Force French Nuclear Power Plants to Flinch
Warm rivers are forcing EDF to curb French nuclear output, turning climate stress into a direct power-system risk.
Don't miss the signal
Get our weekly roundup of the stories that matter across tech, fintech, and trading. No noise, just signal.
Free forever. No spam. Unsubscribe anytime.