In April, the framework that has governed bank model risk for fifteen years was rewritten, and the fastest-moving AI in the institution was deliberately left outside it.
SR 26-2 rewrote bank model-risk guidance in April and deliberately placed generative and agentic AI outside its scope.
Outside the framework is not outside the risk perimeter: the bank still owns the governance, now with no template to follow.
The Guidance Changed Shape
On April 17, 2026, the Federal Reserve, OCC, and FDIC jointly issued SR 26-2, the first overhaul of model-risk guidance in fifteen years, replacing SR 11-7. It is shorter, more principles-based, and it narrows what counts as a model. The decisive move is in a footnote: generative and agentic AI are placed outside the guidance entirely, called novel and rapidly evolving. That is not an exemption. The same guidance is explicit that banks must still govern out-of-scope systems under their general risk-management practices, and regulators have signaled they will use existing supervisory powers rather than write AI-specific rules.
The Chief Risk Officer's Answer No Longer Fits
The Chief Risk Officer is the person who answers, to examiners and to the board, that the bank's systems are controlled. For fifteen years, part of that answer was structural: the model sat inside the framework, and the framework specified how to validate, monitor, and document it. SR 26-2 removes that answer for the systems where it would be most reassuring. An agent making lending decisions or screening transactions now sits outside the model-risk guidance by the regulators' own wording, so "it wasn't a model under SR 26-2" is not a defense. The control standard is the bank's to define, and the bank's to justify when an examiner asks why it was enough.
The Seam Between Functions
That is harder because agentic AI falls into the gap between three functions that each partly own it. Model risk excludes it. Third-party risk reaches the vendor but not the behavior. Cybersecurity covers the perimeter but not the decision. Failure settles where each function assumes another is holding the control, and arbitrating who owns what is the risk officer's seat.
A vendor contract does not close that seam. Procuring the model from a third party does not move the liability; the examiner holds the institution, not the supplier. The absence of a prescriptive rule can read as relief. For the person accountable for the risk, it removes the thing there was to stand behind.
"We followed the guidance" no longer defends an agent that makes lending or screening decisions.
The exposure concentrates in the seam between model risk, third-party risk, and cyber.