AI Regulatory Intelligence โ€” by YRproject

factual analysis · traceable to primary sources

Compliance platform Work with us LinkedIn NLยทENยทDE
Analysis

FSB sound practices for responsible AI adoption: a voluntary menu for the global financial sector

Adopted 2026-06-18 ยท ≈ 4 min read ยท Dirk Baaijen

On 10 June 2026 the Financial Stability Board issued a consultation report proposing 12 voluntary sound practices for the responsible adoption of AI by financial institutions worldwide. Comments close 22 July 2026. It is a menu, not a standard, and does not target frontier-AI-model risks.

On 10 June 2026 the Financial Stability Board (FSB) โ€” the G20 body that coordinates financial regulation across jurisdictions โ€” published a consultation report titled Sound Practices for Responsible Adoption of Artificial Intelligence (AI). It proposes 12 sound practices that financial institutions can apply to their AI governance and to the way they manage AI across its lifecycle. The consultation is open until 22 July 2026.

This is not law and it is not a standard. The FSB is explicit that the report is "not intended to establish an international standard" and does not impose a prescriptive approach; it is a menu from which institutions of all types โ€” banks and nonbanks alike โ€” can draw, proportionate to how, and at what scale, they use AI. That framing matters: the FSB has no binding rule-making power, and its instruments work by becoming the common reference that national supervisors and firms converge on.

Why a financial-stability body is writing about AI

The report is the deployment-facing companion to the FSB's earlier work. In October 2025 the FSB published Monitoring Adoption of Artificial Intelligence and Related Vulnerabilities in the Financial Sector, which set out direct and proxy indicators authorities can use to track AI uptake and the vulnerabilities it creates โ€” third-party concentration, model correlation, data-quality dependence, and operational fragility. The 2026 sound practices turn that supervisory lens around and ask what individual institutions should be doing. The animating concern is systemic: when many firms lean on the same small set of model providers and cloud platforms, an individual governance failure can become a sector-wide one.

The 12 practices, in three layers

The press release groups the practices into three areas:

  • Organisation-wide governance (practices 1-4). The board and senior

management set the overall approach and provide oversight, so that AI adoption is aligned with the institution's business model, risk appetite and strategy โ€” before, not after, a use case is built or bought.

  • Managing AI risk across development and deployment (practices 5-10).

Performance assessment, testing and ongoing monitoring proportionate to a use case's materiality and risk; and human oversight calibrated to the materiality, risk, autonomy, complexity and explainability of each use case โ€” language that quietly concedes that uniform "human in the loop" rhetoric does not survive contact with high-volume automated systems.

  • Cyber, ICT and third-party risk (practices 11-12). Building AI cyber and

ICT risk scenarios into tests and exercises, sharing information with key stakeholders, and โ€” where appropriate โ€” using AI tools in cyber and ICT risk management itself.

What it deliberately leaves out

Two boundaries are worth noting, because both push back on secondary coverage that has over-read the report. First, the FSB states the practices were not developed to address the risks of frontier AI models, even if some may help. Second, the consultation does not assume it has solved emerging AI: one of its questions asks respondents whether the practices adequately cover newer and more complex forms of AI, such as generative AI and agentic AI. The report opens the question rather than answering it.

Where it sits for European institutions

For a bank or insurer in the EU, the FSB practices arrive on top of a binding stack rather than instead of it. DORA already governs ICT and third-party risk for the same institutions, and the AI Act designates AI for creditworthiness assessment and for life- and health-insurance pricing as high-risk. The FSB's practices 11-12 map almost one-to-one onto DORA's ICT-third-party regime, and its governance layer rhymes with the AI Act's quality-management and human-oversight duties. The value of the FSB text is not a new obligation but a shared vocabulary in which a globally active institution can describe one AI governance system to supervisors in many jurisdictions at once.

It also slots into the soft-law layer alongside two instruments already in this knowledge base: the United States' NIST-derived approach (see the NIST AI Risk Management Framework, the basis for the US Treasury's financial-services adaptation) and the G7's Hiroshima AI Process Reporting Framework. Read together, they show a financial sector being governed twice over โ€” once by binding regional law, and once by a thickening web of voluntary international practice that increasingly speaks the same language. The FSB consultation is the moment that web reaches the prudential core of the system. The broader picture of international AI governance explains why bodies without rule-making power keep setting the terms anyway.

Sources

  1. https://www.fsb.org/2026/06/sound-practices-for-responsible-adoption-of-artificial-intelligence-ai-consultation-report/
    FSB consultation report landing page; published 10 June 2026, comments due 22 July 2026; a menu of 12 sound practices for financial institutions.
  2. https://www.fsb.org/uploads/P100626.pdf
    Full FSB consultation report "Sound Practices for Responsible Adoption of Artificial Intelligence (AI)" (10 June 2026).
  3. https://www.fsb.org/2026/06/fsb-consults-on-sound-practices-for-the-responsible-adoption-of-artificial-intelligence-ai/
    FSB press release setting out the three groupings (practices 1-4, 5-10, 11-12) and stating the report is not an international standard and not prescriptive.

Share on LinkedIn

Read next

A

IOSCO's AI supervisory toolkit for capital markets: a shared instrument for the world's securities regulators

On 25 May 2026 IOSCO published its final report "Supervisory Toolkit for AI Use in Capital Markets" (FR/02/2026): non-binding tools for securities supervisors across governance, third-party risk, disclosure and recordkeeping, covering the full AI lifecycle including GenAI and agentic AI.

A

How the ECB supervises AI in eurozone banks: technology-neutral, existing frameworks, a generative-AI focus

For the 2026-2028 cycle the ECB places AI under its operational-resilience priority, and in February 2026 two Supervisory Board members set out the stance: with 85%+ of supervised banks using AI, govern it within existing frameworks rather than new rules, with a sharper focus on generative AI.

A

Singapore's MAS publishes an AI risk toolkit for finance โ€” before its guidelines bind

On 20 March 2026 Singapore's MAS concluded phase two of Project MindForge with an AI Risk Management Toolkit for the financial sector, co-created with a 35-member industry consortium. Its Operationalisation Handbook precedes binding guidelines and spans generative and agentic AI.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject โ€” programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method โ†’

A project or programme? Work with YRproject โ†’

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.