AI in Finance: Legal Resources and Regulatory Insights

Event Photos

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

When discussing AI use in the financial industry we must look at AI governance, risk management, and data privacy. At the 100 Women in Finance event cohosted by Basswood Counsel and Morgan, Lewis & Bockius LLP, the panel highlighted the crucial role of responsible AI adoption in financial services. Given that there is no AI legal regime that has yet been adopted, key to navigating the risk is to have ongoing collaboration between the public and private sectors to navigate this rapidly evolving landscape. 

Former Senior Advisor of the U.S. Treasury, Chastity Murphy, shared with the attendees the below existing legislative frameworks and resources across the industry that could be considered by financial institutions in managing their own risks and developing their own AI policies and procedures. 

Resources:

Federal Regulations & Agency Actions

SEC: AI-Related Disclosures (2025)

  • The SEC requires companies to disclose AI usage in 10-K filings, detailing:

    • AI’s impact on strategy, operations, and risks.AI-driven competitive positioning and regulatory compliance.

    • Cybersecurity and governance measures tied to AI.

Department of the Treasury: AI in Financial Services Report (2024)

    • Financial institutions must review and reassess AI models for compliance with fair lending and consumer protection laws.

    • Institutions should align AI governance with the NIST AI Risk Management Framework and international standards.

    • The report suggests “nutritional labels” for AI transparency and clearer supervisory expectations for AI use in financial products.

OCC: AI & Banking Oversight

  • Acting Comptroller Michael J. Hsu emphasized that AI adoption in banks should be jointly explored with regulators to ensure risks are well understood before granting flexibility for AI integration.

Consumer Financial Protection Bureau (CFPB) Actions on AI

1. AI in Credit & Lending

  • Adverse Action Notices (September 2023)

    • AI-based lending decisions must provide clear, accurate reasons for denials. Generic reasons are not compliant with the Equal Credit Opportunity Act (ECOA).

  • Algorithmic Home Valuations Rule (June 2024)

    • AI-driven property appraisals must have bias safeguards, conflict-of-interest prevention, and transparency to comply with fair lending laws.

  • Open Banking Rule (October 2024)

    • Financial institutions must create secure data-sharing systems for AI-driven services while ensuring consumer control over personal financial data.

2. Third-Party AI Risk Management

  • Institutions remain liable for AI services used from third-party vendors.

  • Interagency Guidance (2023) established a risk management framework for financial institutions using AI vendors.

  • Firms must:

    • Perform ongoing due diligence & monitoring of AI-based services.

    • Ensure third-party AI tools comply with fair lending laws to prevent discrimination risks.

3. AI & Fair Credit Reporting Act (FCRA)

  • FCRA applies to AI-powered decision-making in credit scoring, employment, and data brokerage.

  • Employers using AI-driven hiring tools must obtain explicit consumer consent and disclose AI-driven decision outcomes.

  • CFPB’s Data Broker Proposal (December 2024)

    • Limits the sale of consumer data (e.g., Social Security numbers, credit history) without consent.

    • Certain data brokers will now be classified as Consumer Reporting Agencies (CRAs) under FCRA.

State-Level AI Regulations in Financial Services

New York: AI & Cybersecurity (2025)

  • NYDFS issued guidance requiring financial firms to:

    • Assess AI-driven cyber risks, including social engineering and fraud.

    • Implement layered security controls & vendor risk assessments for AI-powered financial applications.

California: AI & Discrimination Laws (2024)

  • New laws regulate AI-driven hiring, financial services, and consumer credit risk assessments to prevent bias and discrimination.

  • AI-based financial services must be transparent, auditable, and explainable to consumers.

Current Federal Policy Stance on AI (2025)

  • Tech Deregulation Under Trump Administration

    • The administration has rolled back regulations on AI and cryptocurrency sectors.

    • Major lawsuits against tech firms have been dropped, emphasizing market-driven AI innovation.

    • AI-related federal spending cuts have shifted oversight priorities.

Key Takeaways

 

  • Federal agencies require AI transparency & consumer protection.

    • Financial institutions must explain AI-driven credit decisions, prevent bias, and ensure fair lending practices.

  • Third-party AI risk is a major concern.

    • Banks & financial firms remain responsible for AI vendors’ compliance with fair lending and data privacy laws.

  • AI-related consumer data use is increasingly regulated.

    • CFPB’s push against data brokers aims to curb unauthorized sales of consumer financial information.

  • State-level AI regulations are expanding.

    • New York & California have introduced laws targeting AI-driven lending, employment, and financial cybersecurity risks.

Sources & Further Reading

Alternatively, you may visit this link to secure a PDF copy of the above resources.

If you found this helpful and would like to receive similar insights and updates directly in your inbox, we invite you to subscribe to our newsletters.

Sign up here to be notified.

 © 2025 Basswood Counsel PLLC. All rights reserved. 

Attorney Advertising
This newsletter is not intended to provide legal or other advice and you should not take, or refrain from taking, action based on its content. Prior results do not guarantee a similar outcome. 

Scroll to Top