Blog

NYDFS AI Guidance for Banks: A CCO and CISO Compliance Reference

NYDFS AI guidance for banks explained: governance requirements, model risk, vendor oversight, and audit trail obligations for NY-regulated financial institutions.

16 min read

New York’s Department of Financial Services has made its expectations clear: if your institution uses artificial intelligence, you are responsible for governing it. That responsibility does not sit with your data science team or your model developers. It sits with you — the Chief Compliance Officer, the Chief Information Security Officer, and the board that signs off on your risk posture.

This pillar page consolidates what NY-regulated financial institutions need to understand about NYDFS AI guidance: the scope of the requirements, the specific obligations for CCOs and CISOs, the governance structures that satisfy regulators, and the implementation path from current state to defensible attestation. Every section links to deeper cluster resources for teams that need to go further on a specific topic.


What is the NYDFS AI guidance and why it matters now

The regulatory moment NY-regulated banks are in

NYDFS has not issued a single, standalone AI regulation — yet. What exists is a layered set of obligations drawn from the NYDFS Cybersecurity Regulation (23 NYCRR Part 500), supervisory guidance letters, examination findings, and the department’s publicly stated AI priorities. Taken together, these form a de facto AI governance framework that examiners are already applying.

The pressure is not theoretical. Examiners are asking about AI use in routine safety-and-soundness reviews. Boards are receiving questions about AI risk in audit committee sessions. Cyber insurance carriers are adding AI Security Riders to renewal packages. And the SEC’s 2026 AI examination priorities are creating cross-regulator exposure for institutions that operate under both frameworks.

For CCOs and CISOs at NY-regulated banks, credit unions, and licensed financial institutions, the question is no longer whether to build an AI governance posture. It is whether the posture you have today would survive an examiner’s inquiry tomorrow.

Who the guidance applies to

NYDFS jurisdiction covers banks chartered under New York Banking Law, foreign bank branches licensed in New York, mortgage servicers, money transmitters, insurance companies, and other DFS-licensed entities. If your institution holds a DFS license and deploys AI in any function — credit decisioning, fraud detection, customer service, cybersecurity monitoring, or internal operations — the governance expectations apply.

Size is not a safe harbor. Community banks, regional institutions, and credit unions with as few as one or two deployed AI use cases are within scope. The maturity of your AI program does not reduce your obligation; it shapes how examiners calibrate their expectations.

RelatedNYDFS AI Cybersecurity Guidance: What Banks and Financial Institutions Must Know


Core compliance obligations under NYDFS AI guidance

AI cybersecurity requirements

23 NYCRR Part 500 establishes the baseline cybersecurity framework for DFS-regulated entities. As AI systems become part of the technology stack, they fall within the scope of that framework. This means AI models, training pipelines, inference endpoints, and the data they consume are subject to the same risk assessment, access control, encryption, and incident response requirements as any other covered system.

Specifically, examiners are looking at:

  • Risk assessment coverage: Does your annual cybersecurity risk assessment include AI systems as distinct assets?
  • Access controls: Are model endpoints, training data stores, and AI vendor APIs governed by least-privilege access policies?
  • Audit logging: Are AI system interactions — inputs, outputs, model versions, and configuration changes — captured in tamper-evident logs?
  • Incident response: Does your IR plan address AI-specific failure modes, including model poisoning, adversarial inputs, and vendor-side AI incidents?

The cybersecurity angle is where CISOs carry the most direct accountability.

RelatedNYDFS AI Cybersecurity Guidance: What Banks and Financial Institutions Must Know

Model risk management and validation

NYDFS expectations for model risk management draw heavily from the federal SR 11-7guidance issued by the Federal Reserve and OCC. For AI models — particularly those using machine learning — the validation requirements are more demanding than for traditional statistical models because the decision logic is less transparent and the failure modes are less predictable.

Key obligations include:

  • Model inventory: A complete, current registry of all AI models in production, including purpose, data inputs, output type, and business owner.
  • Pre-deployment validation: Independent review of model design, assumptions, data quality, and performance metrics before any model goes live.
  • Ongoing monitoring: Periodic performance testing, drift detection, and backtesting against current data.
  • Documentation standards: Model development documentation sufficient for an independent reviewer to reconstruct the model’s logic and validate its outputs.

For institutions using third-party or vendor-supplied models — including models embedded in core banking platforms — the validation obligation does not transfer to the vendor. The institution remains responsible for understanding and validating what the model does.

RelatedAI Model Risk Management and Validation Requirements Under NYDFS

AI governance and board accountability

NYDFS expects AI governance to be a board-level concern, not a technical function delegated entirely to model risk or IT. This means:

  • The board or a designated committee receives regular reporting on AI risk.
  • There is a named senior officer accountable for AI governance — typically the CCO, CRO, or a designated Chief AI Officer.
  • Policies governing AI development, deployment, monitoring, and retirement are approved at the appropriate governance level.
  • There is a documented process for escalating AI-related incidents or performance concerns to senior leadership.

For regional banks and credit unions that lack dedicated AI risk functions, governance accountability typically falls to existing compliance and risk leadership. The governance framework does not need to be elaborate — it needs to be documented, consistently applied, and defensible under examination.

RelatedAI Governance Framework for Regional Banks and Credit Unions

Third-party and vendor AI risk

Most NY-regulated banks are not building AI from scratch. They are deploying AI through core banking vendors, fintech partnerships, fraud detection platforms, and increasingly, generative AI tools embedded in productivity software. Each of these relationships creates third-party AI risk that the institution is responsible for managing.

NYDFS third-party risk management requirements — reinforced by the 2023 amendments to Part 500 — require covered entities to assess the cybersecurity practices of third-party service providers. For AI vendors, this assessment must extend to:

  • How the vendor’s AI models are trained and validated.
  • What data the vendor’s models consume, including whether institution data is used to train shared models.
  • How the vendor handles AI-related incidents and notifies the institution.
  • What audit and transparency rights the institution retains under the contract.

Generative AI vendors present a distinct set of risks, including data leakage through prompt inputs, hallucination in customer-facing outputs, and opaque model updates that change behavior without notice.

RelatedThird-Party and Generative AI Vendor Risk Management for Banks


What CCOs and CISOs are accountable for

The CCO’s governance mandate

The Chief Compliance Officer’s accountability under NYDFS AI guidance centers on three areas: policy ownership, regulatory interface, and attestation.

Policy ownership means the CCO is responsible for ensuring that AI governance policies exist, are current, and are enforced. This includes acceptable use policies for AI tools, model risk management policies, and third-party AI vendor policies.

Regulatory interface means the CCO is the primary point of contact for examiner inquiries about AI governance. When an examiner asks how the institution governs its AI systems, the CCO needs to be able to answer — not refer the question to a model developer.

Attestation is the highest-stakes accountability. NYDFS requires the CISO (and in some cases the CEO or board) to certify compliance with Part 500. As AI systems become part of the covered technology environment, the CCO’s sign-off on AI governance posture feeds directly into that certification.

RelatedCCO and CISO Guide to AI Governance Responsibilities Under NYDFS

The CISO’s cybersecurity mandate

The CISO’s accountability is more technical but equally high-stakes. Under Part 500, the CISO is responsible for implementing and maintaining the cybersecurity program — and AI systems are now part of that program.

Practically, this means the CISO must:

  • Ensure AI systems are included in the annual risk assessment.
  • Oversee access controls and audit logging for AI infrastructure.
  • Manage AI-related vendor cybersecurity assessments.
  • Lead incident response for AI-related security events.
  • Report to the board on AI cybersecurity risk at least annually.

The CISO also carries personal accountability for the Part 500 certification. An AI-related security failure that was not identified in the risk assessment — or that was identified but not remediated — creates direct regulatory and career exposure.

Where the two roles intersect

The CCO and CISO share accountability at the intersection of governance and security: the AI audit trail. NYDFS expects that AI system activity is logged, that those logs are tamper-evident, and that they are available for examination. Building and maintaining that audit trail requires coordination between compliance (which defines what must be logged and retained) and security (which implements the technical controls).

The audit trail is also the artifact that makes every other governance claim defensible. Without it, policy documents and governance frameworks are assertions. With it, they are evidence.


Building a defensible AI governance posture

Audit trails and documentation standards

A defensible AI governance posture is built on documentation that an independent reviewer — an examiner, an auditor, or a board member — can follow without assistance from the people who built the system.

For each AI model in production, that documentation should include:

  • Model purpose, intended use, and known limitations.
  • Training data provenance and quality assessment.
  • Validation results, including performance metrics and independent reviewer sign-off.
  • Deployment approval record, including who approved and on what basis.
  • Ongoing monitoring results, including any performance degradation findings and remediation actions.
  • Change log, including model version history and the governance process for each change.

For AI systems that make or influence decisions affecting customers — credit, fraud, pricing, servicing — the documentation standard is higher. Regulators expect the institution to be able to explain any individual decision in plain terms.

Bias, fairness, and explainability requirements

NYDFS has signaled, consistent with federal fair lending and consumer protection frameworks, that AI models used in credit decisioning, pricing, or customer treatment must be assessed for discriminatory impact. This is not a future requirement — it is an existing obligation applied to a new technology.

For CCOs, this means:

  • Fair lending analysis must extend to AI-driven decisions, not just traditional underwriting.
  • Adverse action notices must be accurate and meaningful even when the underlying decision was made by a model.
  • Explainability is not optional for customer-facing AI decisions — the institution must be able to articulate why a decision was made.

RelatedAI Bias, Fairness, and Explainability Compliance for Financial Services

Incident response and ongoing monitoring

AI systems fail in ways that traditional software does not. Model drift — where a model’s performance degrades as the real-world data it encounters diverges from its training data — can produce systematically wrong outputs for months before anyone notices. Adversarial inputs can manipulate model behavior in ways that are difficult to detect. Vendor model updates can change behavior without the institution’s knowledge.

A defensible AI governance posture includes:

  • Monitoring cadence: Defined frequency for performance review, drift detection, and data quality assessment for each model.
  • Thresholds and escalation: Defined performance thresholds that trigger review, and a clear escalation path when thresholds are breached.
  • AI incident classification: A definition of what constitutes an AI-related incident and how it maps to existing incident response procedures.
  • Vendor notification requirements: Contractual obligations for vendors to notify the institution of model changes, incidents, or performance issues.

Multi-regulator considerations: NYDFS and beyond

NYDFS vs. SEC AI governance requirements

For NY-regulated banks that also operate registered investment advisers, broker-dealers, or other SEC-regulated entities, AI governance obligations come from two directions simultaneously. The frameworks overlap in some areas and diverge in others.

NYDFS focuses primarily on cybersecurity, model risk, and consumer protection. The SEC’s AI governance expectations — articulated through examination priorities and enforcement actions — focus on conflicts of interest in AI-driven investment recommendations, disclosure obligations, and the accuracy of AI-related representations to clients and regulators.

For institutions subject to both frameworks, the governance posture must satisfy both sets of expectations. A model risk management program built for NYDFS will not automatically satisfy SEC expectations around conflicts of interest disclosure. A compliance program built for SEC examination will not automatically satisfy NYDFS cybersecurity requirements.

RelatedNYDFS vs. SEC AI Governance Requirements: A Multi-Regulator Compliance Guide

Preparing for SEC 2026 AI examination priorities

The SEC has signaled that AI governance will be a central focus of its 2026 examination cycle. For institutions with dual regulatory exposure, this creates a near-term forcing function that runs parallel to NYDFS obligations.

SEC examiners are expected to focus on:

  • Whether AI-driven investment recommendations are disclosed to clients.
  • Whether conflicts of interest created by AI systems are identified and managed.
  • Whether representations about AI capabilities in marketing materials and regulatory filings are accurate.
  • Whether firms have adequate oversight of AI systems used in compliance functions.

RelatedSEC AI Examination Priorities 2026: What Every CCO and CRO Needs to Prepare Now


Implementation roadmap: from awareness to attestation

Phase 1: Inventory and risk classification

The first step in building a defensible AI governance posture is knowing what you have. Most institutions that have deployed AI in the last three years have done so without a centralized inventory. Models are deployed by individual business lines, vendor AI is embedded in platforms without formal tracking, and generative AI tools are adopted by employees without IT or compliance awareness.

Phase 1 deliverables:

  • Complete AI model inventory, including vendor-supplied and embedded models.
  • Risk classification for each model based on use case, data sensitivity, and decision impact.
  • Gap assessment against NYDFS governance requirements.
  • Prioritized remediation list based on risk classification.

Phase 2: Policy, controls, and governance structure

With an inventory in hand, Phase 2 establishes the governance infrastructure: the policies, roles, and controls that turn the inventory into a managed program.

Phase 2 deliverables:

  • AI governance policy, including acceptable use, model risk management, and third-party AI vendor requirements.
  • Defined governance roles and accountability assignments (CCO, CISO, model risk, business line owners).
  • Board reporting template for AI risk.
  • Third-party AI vendor assessment process and contract requirements.
  • Audit logging and documentation standards for each risk tier.

Phase 3: Validation, testing, and audit readiness

Phase 3 closes the loop between policy and evidence. This is where governance becomes defensible — where the documentation, testing results, and monitoring records exist in a form that survives examination.

Phase 3 deliverables:

  • Independent validation completed for all high-risk models.
  • Ongoing monitoring cadence established and documented.
  • Bias and fairness testing completed for customer-facing models.
  • Incident response procedures updated to include AI-specific scenarios.
  • Audit trail review confirming completeness and tamper-evidence.
  • Board attestation package prepared.

RelatedNYDFS AI Compliance Checklist and Implementation Roadmap for Banks


Tools and platforms that support NYDFS AI compliance

Building an AI governance program manually — through spreadsheets, shared drives, and manual review processes — is possible for institutions with one or two models. It does not scale, and it does not produce the kind of audit trail that satisfies examiners.

AI governance platforms address this by providing:

  • Centralized model inventory with risk classification and status tracking.
  • Automated documentation workflows that capture model development and validation records.
  • Continuous monitoring with configurable thresholds and automated alerts.
  • Audit trail generation that is tamper-evident and examination-ready.
  • Vendor risk assessment workflows integrated with the model inventory.

RelatedAI Governance Tools and Platforms for NYDFS-Regulated Banks

When evaluating platforms, CCOs and CISOs should prioritize:

  • Audit trail integrity: Can the platform produce a signed, tamper-evident record of every governance action?
  • Examiner-ready reporting: Can the platform generate documentation in a format that maps directly to NYDFS examination requests?
  • Vendor coverage: Does the platform support governance of third-party and vendor-supplied models, not just internally developed ones?
  • Role-based access: Does the platform enforce separation of duties between model developers, validators, and governance reviewers?

Frequently asked questions

Does NYDFS AI guidance apply to community banks and credit unions?

Yes. NYDFS jurisdiction applies to all DFS-licensed entities regardless of size. The examination approach may be calibrated to institution size and complexity, but the governance obligations are not waived for smaller institutions.

What is the difference between model risk management and AI governance?

Model risk management is a component of AI governance. It covers the technical validation and monitoring of individual models. AI governance is broader — it includes the policies, roles, board accountability, vendor oversight, and audit trail requirements that surround the model risk function.

Are vendor-supplied AI models subject to NYDFS validation requirements?

Yes. The institution cannot delegate its validation obligation to the vendor. You are responsible for understanding what the vendor’s model does, validating that it performs as intended in your environment, and monitoring its ongoing performance.

What does a NYDFS examiner actually ask about AI?

Based on examination findings and supervisory guidance, examiners are asking: What AI systems do you use? How are they governed? Who is accountable? What does your model inventory look like? How do you validate third-party models? What is your audit trail? How do you handle AI-related incidents?

How does NYDFS AI governance relate to the Part 500 cybersecurity certification?

AI systems that are part of your covered technology environment are subject to Part 500 controls. The CISO’s annual certification covers those systems. Gaps in AI cybersecurity controls — missing risk assessments, inadequate access controls, absent audit logging — create certification exposure.


Next steps for NY-regulated financial institutions

If your institution has deployed AI and has not yet built a formal governance program, the gap between your current posture and examiner expectations is measurable — and closeable.

The path forward is sequential: inventory what you have, classify it by risk, build the governance infrastructure, validate the high-risk models, and establish the audit trail that makes every governance claim defensible.

Related reading

Frequently asked questions

Does NYDFS AI guidance apply to community banks and credit unions?

Yes. NYDFS jurisdiction applies to all DFS-licensed entities regardless of size. The examination approach may be calibrated to institution size and complexity, but the governance obligations are not waived for smaller institutions.

What are the key AI cybersecurity requirements under NYDFS?

NYDFS requires AI systems to be included in annual risk assessments, governed by least-privilege access controls, subject to audit logging of inputs and outputs, and addressed in incident response plans. AI models, training pipelines, inference endpoints, and their data must comply with Part 500 cybersecurity controls.

Are vendor-supplied AI models subject to NYDFS validation requirements?

Yes. The institution cannot delegate its validation obligation to the vendor. You are responsible for understanding what the vendor's model does, validating that it performs as intended in your environment, and monitoring its ongoing performance.

What accountability do CISOs have for AI governance under NYDFS?

CISOs must ensure AI systems are included in the annual risk assessment, oversee access controls and audit logging for AI infrastructure, manage vendor cybersecurity assessments, lead incident response for AI security events, and report to the board on AI cybersecurity risk at least annually.

How does AI governance relate to the Part 500 cybersecurity certification?

AI systems that are part of your covered technology environment are subject to Part 500 controls. The CISO's annual certification covers those systems. Gaps in AI cybersecurity controls create direct certification exposure and personal regulatory accountability for the CISO.

Brine

Build, hire, and govern every AI system in your environment.

Describe a workflow in plain English and Brine builds it, runs it on your data, and governs every step — costing and attributing each action to its agent and model, with a pre-dispatch cap that holds a step before it overspends and a signed audit trail as standard.

Scope a pilot More resources