The Financial Stability Board (FSB) published a consultation report on 10 June 2026 setting out 12 sound practices for responsible AI adoption. As agentic AI systems multiply within financial institutions, the report accepts that continuous human monitoring of individual agent decisions becomes impractical, and recommends supplementing human oversight with AI that monitors other AI.

Ho Hern Shin, Deputy Managing Director of the Monetary Authority of Singapore (MAS), who led the FSB workstream on AI, said the sound practices are designed to help financial institutions navigate AI adoption responsibly in a fast-changing landscape, adding that recent developments in frontier AI models show how dynamic the technology has become.

The report defines agentic AI as systems designed to autonomously perform complex and extended tasks, often making decisions and taking actions with limited human oversight. It treats this category as distinct from generative AI and from traditional machine learning, and as requiring responses that existing frameworks were not built to provide.

Oversight at scale

A large internationally active bank built an agentic fraud detection system layered on infrastructure monitoring more than 80 million signals each day across transactions, card and online payments and digital banking channels. The agent proposes detection rules, and the bank's fraud analytics team reviews and approves every new rule before it goes live. The system has contributed to developing or updating three quarters of the bank's card fraud rules and helped cut fraud losses by over 20% in the first half of the 2026 financial year against the same period in 2025. It was built in-house in three months.

The case study embeds the most hands-on of the six oversight models the FSB identifies, human approval of every rule before deployment. That model has limits. The report states that the impracticality of real-time human monitoring grows as agent use spreads, and that an agent can take hundreds of intermediate steps towards a goal and err at any of them. In some cases, it says, monitoring those steps may itself need to be augmented by another AI agent.

The FSB's Sound Practice 10 identifies six oversight models. For agentic AI, it points to human-in-command, meaning high-level oversight of autonomy boundaries and guardrails rather than approval of individual decisions, on the grounds that decision-by-decision review does not scale. As agent numbers grow, the report expects AI-in-the-loop monitoring to become warranted, with AI systems alerting humans when performance metrics are breached or agent behaviour drifts from defined parameters. Even where monitoring is mostly machine-led, institutions and individuals retain ultimate accountability.

The approach is appearing beyond the FSB. The International Organization of Securities Commissions’ (IOSCO) Supervisory Toolkit for AI Use in Capital Markets, finalised on 25 May 2026, reported that some member authorities are experimenting with AI that assesses and oversees the performance of other AI systems, a practice it calls “AI as a judge.”

The report draws a harder line where agents touch money. It recommends explainability that traces intermediate steps and reasoning paths rather than final outputs alone, advises treating agents as synthetic employees under adapted human resources controls, and for agents executing financial transactions, especially with customer funds, sets a higher bar of human approval or dual authorisation above a threshold value, restricted agent access to payment systems, and audit trails of every agent transaction.

A live attack surface

Agentic systems introduce cyber and ICT risks that existing controls were not designed for. Memory poisoning, where malicious data is injected into an agent's retrieval-augmented generation process, can shape its behaviour over time. Prompt injection can redirect agent actions, and the report warns that agents may find novel ways to evade traditional cyber detection. A compromised agent can act. The report flags the risk of agents colluding with other agents to run distributed denial-of-service attacks or spread disinformation on their own.

The FSB recommends applying least privilege to agents and their sub-agents, and adopting dynamic identity and access management that grants, changes or revokes permissions in real time based on behaviour and context, rather than the static profiles used for human users. It notes that advanced models can find and exploit vulnerabilities, including zero-day vulnerabilities, at accelerating speed, which compresses the window between discovery and exploitation. It advises institutions to assess whether their patching can keep pace.

Agentic AI is moving into production

The FSB's guidance arrives as banks are already running agentic systems in live environments. DBS, for one, has begun building an agent control plane embedded in workflows such as credit memo preparation and customer servicing. JPMorgan's chief analytics officer, Derek Waldron, spoke publicly about the bank’s planned deployment of agents able to run autonomously for hours during 2026, while noting that longer-running agents are not yet ready for corporate use because of security concerns.

The report also warns that reliance on a few cloud, hardware and foundation-model providers, and on shared models and data, could push institutions towards correlated behaviour and amplify herding and procyclicality in a downturn.

The FSB assessed AI's financial-stability implications in 2017 and again in 2024, and this consultation is its first move to turn that into operational guidance. Comments close on 22 July, with the final report due to G20 finance ministers and central bank governors in October. The report is explicit that the 12 practices are not intended to set an international standard, though how regulators treat an October G20 deliverable may decide how that distinction holds.