The Financial Stability Board is urging financial firms to put stronger controls around agentic AI as systems capable of planning, reasoning and executing tasks move deeper into financial services.
The global financial stability watchdog published a consultation report on June 10 with 12 proposed sound practices for responsible AI adoption. The practices cover organization-wide governance, AI lifecycle management, cyber and information and communication technology risk, and third-party risk. Responses are due by July 22, with a final report expected in October 2026.
The report defines agentic AI as autonomous systems capable of planning, reasoning and executing complex high-level goals independently. In finance, the FSB says AI is already being used across anti-money-laundering and know-your-customer checks, credit risk, cybersecurity, customer engagement, fraud detection, collateral and portfolio management and regulatory compliance.
That use is expanding beyond traditional automation. The Cambridge Centre for Alternative Finance’s 2026 Global AI in Financial Services Report found that 52% of surveyed industry respondents were already actively adopting agentic AI. Of all surveyed industry respondents, 23% were at scaling or transforming stages and 29% were piloting agentic AI.
The risks of independent action and connected systems
The FSB’s concern is what changes when AI can act, not only advise. The report says the high autonomy of AI agents can create or amplify risks that “can materialise at great speed,” including unauthorized actions, erroneous decisions, data breaches and disruption to connected systems.
Those connected systems are central to the risk. To execute complex tasks, the FSB says AI agents may integrate with application programming interfaces, databases, ICT systems and other agents. If an agent is compromised or malfunctions, those links can turn an AI failure into a wider operational, cyber or conduct problem.
Human oversight also becomes harder as agentic systems scale. “AI agents pose a distinct challenge for human oversight,” the report says, citing the impracticality of monitoring agent decisions in real time as their use grows. The FSB says an agent can take hundreds of intermediate steps toward a goal, creating points where errors may occur before staff can intervene.
Managing AI agents as synthetic employees
The proposed controls focus on boundaries, identity and accountability. The FSB says financial institutions should define actions that are prohibited or require human approval, assign and document individual identifiers for AI agents, test agent behavior and limit access to external environments until firms are confident the agents can operate safely.
For financial transactions, the report goes further. It says firms should consider controls on AI agents executing transactions, including human approval or dual authorization above certain thresholds, restrictions on direct access to payment systems and audit trails of agent transactions.
The FSB also raises a workforce-control question. As AI agents spread across a financial institution, the report says firms may need to adapt human resources controls and processes in a way that treats agents as “synthetic employees.” That language places identity management, access rights and responsibility assignment at the center of agentic AI governance.
The proposed practices are not binding. In its press release, the FSB said the toolkit is not intended to establish an international standard, impose a prescriptive approach or influence business decisions on adopting a specific AI technology. It strongly encouraged boards and senior management to reference the practices when considering business strategy, technology adoption and risk management.
Alignment with broader cybersecurity guidance
The finance warning also echoes wider government guidance on agentic AI security. In May, the Australian Signals Directorate’s Australian Cyber Security Centre, CISA, the NSA and partner agencies warned that agentic AI systems can operate without continuous human intervention and recommended that organizations avoid granting broad or unrestricted access, especially to sensitive data or critical systems.
The same guidance called for organizations to maintain visibility over agentic AI behavior and establish assurance mechanisms before relying on such systems in operational settings. That broader cyber guidance overlaps with the FSB’s finance-specific focus on approval points, restricted access, monitoring and auditability.
Security vendors emphasize human validation
At least one security vendor is using similar language in product materials. Critical Start, for example, says its CORR platform gives customers visibility into “every alert, every investigation, every response action,” with AI-accelerated triage, human-validated investigation and a complete audit trail. The company also says AI agents analyze enriched case data, while every finding is validated by a certified SOC analyst.
Critical Start’s example sits outside the FSB’s financial-institution remit, but it shows how security operations vendors are beginning to package AI around human validation and retained records rather than automation alone.
For financial institutions, the immediate control question is now narrower than whether AI can improve efficiency. The FSB’s draft practices ask whether firms can show what an AI agent was allowed to do, what data and tools it accessed, where human approval was required, what action was taken and what record remains when the decision is reviewed.