There is no separate BaaS AI rule. When a fintech partner runs AI for underwriting, fraud, KYC, or marketing, the sponsor bank stays responsible for it under the June 2023 interagency guidance on third-party relationships and under its own model-risk practice. A bank can outsource the work, but it cannot outsource the responsibility for compliance.
DSE is a senior-led firm that brings partner AI into the same third-party risk and model-risk framework an examiner already expects: a defensible inventory, risk-tiering, validation with real testing access, the contract rights that make validation possible, and a documented exit plan.
There is no codified BaaS AI rule and no AI statute aimed at sponsor banks. The expectations are an application of frameworks the bank already answers to, read through the supervisory trend the agencies have set since 2023.
Sponsor-bank AI expectations rest on three things, none of which is a new BaaS AI law. The first is the June 2023 Interagency Guidance on Third-Party Relationships: Risk Management, issued jointly by the OCC, the FDIC, and the Federal Reserve, which superseded the OCC's 2013 and 2020 third-party bulletins and consolidated the agencies onto one framework. The second is model-risk guidance, now SR 26-2, the April 2026 revision that replaced SR 11-7, which remains non-binding supervisory guidance rather than a rule. The third is the enforcement and supervisory trend the agencies have applied to bank-fintech programs over the last three years. Each of these is an extension of the safety-and-soundness, consumer-compliance, and third-party-risk obligations your bank already carries, not a separate AI regime.
The 2023 interagency guidance is principles-based and technology-neutral. It never uses the words "artificial intelligence," yet it reaches fintech partnerships and the AI and automated-decisioning vendors embedded inside them, because it governs the relationship rather than the technology. Its central principle is the one sponsor banks most often get wrong: a bank cannot outsource its responsibility for compliance and safe-and-sound operation. The bank manages third-party risk across the full lifecycle the guidance describes: planning, due diligence and selection, contract negotiation, ongoing monitoring, and termination with a contingency plan. A fintech can do the work at every stage, but the duty to manage the risk stays with the bank.
Model-risk guidance is the second lens. SR 26-2 keeps traditional machine-learning and AI/ML models that inform a decision inside model-risk scope, while it places generative and agentic AI outside that scope, to be governed under the bank's own risk-management practices. SR 26-2 is non-binding guidance, not a statute. For a sponsor bank that distinction is practical: the AI a partner uses to score a borrower or flag a transaction belongs in your model inventory and validation program even though the partner built it, and the generative tools the partner bolts on still have to be governed somewhere, which in practice means by you. The discipline for both is set out in the banking AI governance program built around SR 26-2 model risk and in the broader AI governance for financial services pillar hub.
The direction of travel matters as much as the text. These are supervisory trends and enforcement themes, not a binding AI rulebook, but they are the lens an examiner now brings to a partnership program.
From 2023 through 2026 the OCC, the FDIC, and the Federal Reserve escalated their oversight of Banking-as-a-Service, and a series of public enforcement actions against sponsor banks made the same point in different words: the bank is ultimately responsible. The findings clustered around financial-crime and BSA/AML program failures, third-party risk-management weaknesses, consumer-protection problems, and governance and board-oversight gaps. None of these actions announced an AI rule; they are the enforcement pattern an examiner applies when AI appears anywhere in the partner stack.
Two adjacent developments fill out the picture. In September 2024 the FDIC proposed recordkeeping requirements aimed at custodial "for-benefit-of" (FBO) deposit accounts that pool fintech end-user funds, a response to reconciliation failures across the sector, and in 2026 a bipartisan Senate bill directed the Government Accountability Office to study how regulators oversee bank-fintech partnerships. Neither is an AI mandate, but both signal that recordkeeping, reconciliation, and oversight expectations around BaaS are tightening, and any AI a partner introduces inherits that scrutiny. These are federal prudential expectations, and they are distinct from NYDFS Part 500, which supervises AI through a cybersecurity lens for New York licensees, and from SEC Regulation S-P, which governs customer-data protection at broker-dealers and investment advisers; a sponsor bank that also holds New York licenses or has securities affiliates answers to those regimes on top of, not instead of, the federal third-party and model-risk expectations here.
Identify what the partner's AI does, find the framework that reaches it, then secure the control and the evidence or contract right you need. A system can appear in more than one row.
| BaaS / fintech AI risk | What governs it | Control + evidence / contract right you need |
|---|---|---|
| Partner AI underwriting or pricing a loan the bank originates | SR 26-2 model risk (in scope) plus fair lending (ECOA, Regulation B, Fair Housing Act) | Bring the model into your inventory and validation; data and model testing access written into the contract; bias and disparate-impact testing; documented, specific adverse-action reason codes. |
| Partner AI for fraud, KYC, or transaction monitoring | 2023 interagency third-party guidance plus BSA/AML and OFAC, which stay with the bank | Independent validation of the monitoring model with above-the-line and below-the-line tuning evidence; audit rights; the bank keeps SAR, CTR, and OFAC accountability; do not rely on the partner's attestation alone. |
| Generative or agentic AI in the partner's app (chat, servicing, marketing copy) | Outside SR 26-2 scope; third-party guidance, UDAP, and your own risk-management practices | Acceptable-use limits, human review, and logging written into the agreement; UDAP review of AI-generated marketing. The carve-out moves the duty to you, it does not remove it. |
| A vendor or sub-processor model the fintech itself embeds (a model behind the model) | 2023 interagency third-party guidance (subcontractor / fourth-party risk) | Map the chain; a right to information on material subcontractors; flow-down of testing, breach-notice, and audit obligations to the sub-processor. |
| Silent model change by the partner after you validated it | Ongoing-monitoring stage of the third-party lifecycle | Contractual change-notification and re-validation triggers; drift monitoring. The version you validated in due diligence is not the version in production six months later. |
| Partner failure, wind-down, or program exit | Termination and contingency stage of the third-party lifecycle | A documented exit and contingency plan: data return and deletion, FBO and ledger reconciliation, model decommission, and continuity of consumer obligations. |
The table makes one point a CRO or Head of Third-Party Risk recognizes at once: the generative-AI carve-out does not delete obligations, it relocates them. A partner's generative tools fall outside SR 26-2, yet they remain subject to the 2023 third-party guidance, UDAP, fair lending where they touch a consumer decision, and your own practices. The vendor side of this is structured in the third-party AI vendor risk assessment checklist for banks and fintechs, and the monitoring-model side in AML transaction-monitoring model validation.
These are the recurring failure modes a sponsor-bank risk leader recognizes immediately. Each shows up in an exam request, a consent order against a peer, or a partner negotiation that stalled.
Testing access to a model you do not own. The fintech owns the underwriting or fraud model and treats it as proprietary, so the bank ends up validating on the partner's word. Algorithmic opacity is not a defense to a regulator. Your contract has to give the bank, or an agreed independent party, enough transparency and testing access to validate the model and monitor it over time, not just a summary deck.
Adverse-action notices and fair lending. When partner AI declines or prices a borrower, ECOA and Regulation B require specific, accurate principal reasons for the action. A model that cannot produce defensible reason codes, or a partner that will not surface them, is a fair-lending exposure the bank owns rather than the fintech. This is a frequent gap when a partner ships a black-box score and assumes the reason codes are someone else's problem.
BSA/AML and OFAC stay with the bank. Outsourcing transaction monitoring or sanctions screening to a partner's AI does not move the SAR, CTR, and OFAC responsibility off the bank. If the model under-alerts or its tuning drifts, the bank answers for it. The bank needs independent validation of the monitoring model and audit rights over how it performs in production.
Not a second AI program bolted beside the third-party file, and not a binder of templates. A defensible program that folds partner AI into the framework an examiner already expects.
We bring the partner's AI into your existing third-party risk and model-risk process rather than standing up a parallel one. We inventory every AI and generative system across the partnership book, including the models inside the vendor platforms the partner uses; we risk-tier each one by impact and regulatory exposure; we map each system to its governing lens, the 2023 third-party lifecycle stage, SR 26-2 model risk, fair lending, or BSA/AML; and we name the control and the evidence or contract right each one needs. The output is the kind of defensible inventory, risk classification, and remediation roadmap a board, a risk committee, and an examiner can all follow.
The contract is where most of this is won or lost, so that is where we concentrate: data and model testing access, audit rights, material-subcontractor disclosure, change-notification and re-validation triggers, breach-notice timelines, and a documented exit and contingency plan. We map this governance onto the bank's existing third-party program and its SOC 2 or model-risk control set with a crosswalk, so one control set answers several expectations: document once, tag twice. DSE prepares the program for audit and assembles the evidence; we do not certify it, and we do not promise that you pass an exam or avoid an enforcement action, because no honest advisor can. If the more urgent question is whether a deployed model or a partner's LLM feature can be broken, that is a separate engagement: AI red teaming and LLM security testing finds prompt injection, data leakage, and agent abuse before an attacker or an examiner does, and the cross-sector version of this readiness program is the AI governance readiness engagement.
Most sponsor banks start with a fixed-fee diagnostic of the partnership book, then decide whether to run the roadmap themselves or keep a senior owner on the program. You choose the depth.
A fixed-fee diagnostic across the partnership book: an inventory of partner AI, risk-tiering, a map to the governing lens, a contract-rights gap review against the third-party lifecycle, and a prioritized remediation roadmap. You leave with a defensible picture of where the partner AI risk sits and which gap an examiner would find first.
A retainer that runs the program with you as partners and their models change: re-validation triggers, drift and change monitoring, contract-right enforcement, and registry upkeep. The oversight stays current instead of going stale in the third-party file after the report ships.
A fractional AI governance officer who owns accountability over time, keeps policy current as the supervisory expectations move, reports to the board and the risk committee, and is the senior name on partner-AI governance when an examiner asks how it is managed.
A small firm of senior practitioners, established 2026, that builds the controls it governs with.
Engagements run on a senior-only bench. There is no junior hand-off and no rented dashboard: the person who scopes the work is the person reviewing your partner contracts and the one in the room with your risk committee when the question is how a fintech's model is validated. In a regulated partnership program, the answer to a hard examiner question depends entirely on who is answering it.
The firm also ships authored open-source IP. mcp-warden is DSE's public supply-chain integrity gate for AI tooling: it pins a tool surface, fails on drift, and inspects what a third-party tool actually returns at runtime. That is exactly the discipline a sponsor bank needs over a partner's AI, where a silent vendor model change can quietly undermine a control you validated. We govern AI by building the controls that govern AI, not by reselling someone else's framework. Established 2026, operator-led, and accountable under a signed SOW or MSA.
Regulatory content last reviewed: June 2026 · Maintained by DSE · Next review on material change to the interagency third-party guidance or model-risk guidance.
DSE provides AI governance and compliance readiness consulting and AI security testing for sponsor banks and their fintech partnerships. We are not an accredited certification body and do not issue ISO/IEC 42001 certificates or certify compliance with the interagency third-party guidance, SR 26-2, BSA/AML, fair lending, or NIST AI RMF. Only the relevant regulator or an accredited certification body can attest to that.
We cannot guarantee passing an examination or avoiding enforcement, and we do not provide legal advice. We work alongside your counsel. Where we describe mapping to the 2023 interagency third-party guidance, SR 26-2 model risk, BSA/AML and OFAC, fair lending under ECOA and Regulation B, UDAP, or the NIST AI RMF, that means advisory alignment, not certification. SR 26-2 is non-binding supervisory guidance, and there is no separate codified BaaS AI rule.
All engagements are governed by a signed SOW / MSA that includes a limitation of liability. DSE prepares organizations for audit and does not certify. Established 2026.