Current as of June 2026. Financial-services AI rules span several regulators and move at different speeds; insurance guidance, payment standards, and consumer-protection enforcement each shifted in the last year. Every date below reflects the most recent confirmed status, and uncertainty is flagged where it exists.

Financial-services AI compliance is wider than banking. It reaches insurers, payment companies, fintechs, consumer lenders, and wealth platforms, and each answers to a different primary regulator. The stack is layered: a horizontal governance baseline, insurance-specific guidance from the NAIC and state departments, the payment-card security standard, consumer-protection and fair-lending law, and the EU overlays for any firm with European customers. As of January 2025, 54% of financial-services firms had deployed AI, up from 40% a year earlier and ahead of the cross-sector average (S&P Global, 2025). Underneath every layer sits the same gap: none were built for AI agents that act through tool calls. For the bank and broker-dealer model-risk view specifically, see the Banks and Investment Firms page.

NIST AI RMF and ISO/IEC 42001 Are the Horizontal Backbone

Every financial firm’s AI program should align to two horizontal instruments first: the NIST AI Risk Management Framework supplies the methodology, and ISO/IEC 42001 supplies the certifiable management system. NIST AI RMF organizes risk work into four functions, Govern, Map, Measure, and Manage (NIST, 2024). ISO/IEC 42001, published December 2023, is the first AI management system standard an external auditor can certify against (ISO, 2023).

These matter more in financial services than in most sectors, because a single firm often sits under several regulators at once. A 42001 certificate and a NIST-aligned program give one defensible structure that a state insurance examiner, a payment-card assessor, and a consumer-protection regulator can all recognize, rather than a separate governance story for each.

Insurers Answer to the NAIC Model Bulletin and State Regulators

Insurers using AI are expected to run a written, board-level AI governance program under the NAIC Model Bulletin, which more than 20 states have now adopted. The bulletin, finalized in December 2023, requires governance, risk management, internal audit, and documented controls across an AI system’s lifecycle, with a focus on fairness, accountability, transparency, and avoiding unfair discrimination (NAIC, 2023). It applies to AI that makes or supports decisions about regulated insurance practices: underwriting, pricing, claims, and fraud.

Adoption is ahead of practice. A NAIC working-group survey found that nearly one-third of health insurers still do not regularly test their AI models for bias or discrimination, despite the bulletin recommending exactly that (Fenwick, 2026). The bulletin also puts insurers on notice that regulators may request documentation of AI governance and controls during a market-conduct examination, which makes the written program an evidence requirement, not a formality.

NYDFS Sets the Bar for AI in Insurance Underwriting and Pricing

New York went further than the model bulletin with Circular Letter No. 7, which governs how insurers use AI systems and external consumer data in underwriting and pricing (NYDFS, 2024). Issued July 2024, it requires insurers to show that external data and AI do not act as a proxy for protected classes, and to document a fairness assessment before relying on them.

Two requirements stand out. An insurer must give a specific reason for an adverse underwriting decision, including the source of the data behind it. And an insurer cannot hide behind a third-party vendor’s proprietary algorithm to avoid that explanation. The accountability stays with the insurer regardless of who built the model, which is the same principle the banking regulators apply to outsourced models. For any insurer writing in New York, the circular is the operational standard.

PCI DSS Puts Any AI That Touches Card Data In Scope

Any AI system that stores, processes, or transmits cardholder data falls inside PCI DSS scope, the payment-card security standard that has been fully in force at version 4.0.1 since March 31, 2025 (PCI Security Standards Council, 2025). The standard’s 12 core requirements, covering access control, encryption, monitoring, and secure development, apply to the AI just as they apply to any other system in the cardholder data environment.

This catches a common mistake. A fraud model, a customer-service assistant, or a coding tool that can see primary account numbers pulls AI into PCI scope, and the firm has to keep that data inside the controlled environment. PCI DSS applies globally to any entity handling card data, so a payments fintech faces the same obligation as a large processor. The practical control is the same one the privacy rules demand: detect cardholder data before it reaches an AI tool, and keep it from leaving the boundary.

Consumer-Facing AI Still Has to Obey Consumer-Protection Law

A chatbot or AI assistant that interacts with customers is bound by the same consumer-protection rules as a human representative, and an AI that gives inaccurate information or obscures a consumer’s rights creates real liability. The CFPB warned in 2023 that poorly deployed chatbots in banking can harm consumers and undermine legal protections (CFPB, 2023). Federal and state unfair-and-deceptive-practices law reaches AI conduct regardless of the technology behind it.

The federal enforcement posture has narrowed. The CFPB scaled back guidance and enforcement through 2025 and 2026, but the underlying consumer-protection statutes did not change, and state attorneys general and state regulators continue to enforce unfair-and-deceptive-practices law against AI that misleads or harms consumers. For a fintech or consumer lender, the durable rule is simple: an AI agent speaking to a customer is still the firm speaking to the customer, with the same obligations attached.

GLBA and the FTC Safeguards Rule Reach Non-Bank Financial Institutions

Fintechs, payment companies, and data aggregators are bound by the Gramm-Leach-Bliley Act and the FTC Safeguards Rule, which require a written information security program for customer financial information, including when that information flows through AI (FTC, 2024). The Safeguards Rule reaches non-bank financial institutions that are often outside prudential banking supervision, which means a fintech without a bank charter still carries the obligation.

An aggregator feeding customer account data into a model, or a payments app routing transaction data through an AI assistant, has to respect the firm’s privacy notices, opt-outs, and security controls. The rule governs the data, not the tool, so AI use is simply a new path the same obligation follows. Detecting and controlling customer financial data as it moves toward an AI service is the concrete compliance step.

Credit and Underwriting AI: ECOA, Regulation B, and the EU AI Act

A consumer lender or fintech that denies credit must still give specific, accurate reasons, because the Equal Credit Opportunity Act (ECOA) and Regulation B require that statement regardless of how the decision was made (Regulation B, eCFR, 2025). Model opacity is not a defense. The same logic that binds banks binds any non-bank creditor using AI in underwriting or pricing.

For firms with European customers, the EU AI Act raises the bar. AI used to assess creditworthiness or to determine access to essential private services is high-risk under Annex III, carrying obligations on risk management, data quality, logging, transparency, and human oversight (EU AI Act Annex III, 2024). The Act is extraterritorial, so a US fintech serving EU consumers is in scope. The bank-specific model-risk treatment of these same obligations is covered on the Banks and Investment Firms page.

How the Financial-Services AI Compliance Stack Lines Up

Each layer of the financial-services stack governs a different slice of the business, and almost none of it reaches autonomous agents. The table below maps what each instrument governs, whether it is mandatory, and how far it extends into agentic AI. The pattern holds across insurance, payments, and lending: strong coverage of human-operated AI, little for agents.

Read down the last column. Each instrument governs a person operating the AI. The agent that acts on its own falls between them.

Every Framework Assumes a Human in the Loop, and Agents Broke That Assumption

The financial-services frameworks all assume a person operates and oversees the AI, and AI agents acting through Model Context Protocol (MCP) tool calls remove that person from the chain. MCP is the open standard that lets an agent connect to external tools, core systems, and data sources and act through them. An agent that adjudicates a claim, prices a policy, or moves customer data is taking actions no underwriter or representative reviewed in the moment.

This is the hinge. The NAIC bulletin assumes an insurer-run model with human governance. NYDFS assumes an underwriter who can explain a decision. PCI DSS assumes a defined environment a team controls. ECOA assumes a creditor who can state a reason. An agent chaining tool calls across a financial firm satisfies none of those assumptions cleanly, because the action surface moved from a screen a person reads to a tool call that fires in milliseconds. Singapore’s Infocomm Media Development Authority launched the first governance framework written specifically for autonomous AI agents in January 2026, the first official signal that the existing stack does not reach agents. The control for that gap has to come from architecture, not the frameworks.

You Cannot Comply With What You Cannot See

Aurascape catalogues more than 20,000 AI applications and ships production-ready connectors within 48 hours of a new tool appearing, which is the inventory layer the financial-services frameworks assume a firm already has (Aurascape Product Brief, 2026). A written AI governance program, an NAIC requirement and an ISO/IEC 42001 scope statement alike, is only as good as the inventory it is built on.

Discovery is where policy meets reality. An insurer or fintech can have an AI policy and still be blind to the personal ChatGPT accounts adjusters use, the AI features switched on inside an approved claims tool, and the copilots staff enabled without asking. Aurascape secures user activity across tens of thousands of AI apps with prompt and response decoding and automated remediation, the inventory-plus-enforcement combination the frameworks assume is in place. You cannot govern, or document for an examiner, the AI you have not found.

Sensitive Data Controls Operationalize GLBA, PCI DSS, and Privacy at the Prompt

Aurascape’s real-time, multimodal data classification catches regulated data at the prompt, before it reaches any external AI service, because GLBA, PCI DSS, and privacy rules attach the moment that data moves toward an AI tool. The financial sector had the second-highest average breach cost at 5.56 million dollars in 2025 (IBM Cost of a Data Breach Report, 2025). The AI Proxy inspects prompts, responses, file uploads, and multi-turn conversations, then enforces policy inline: allow, block, redact, or coach.

Sensitive Data Fingerprinting tags cardholder data, account numbers, and other regulated content so enforcement is context-aware rather than blunt, which is what keeps card data inside PCI scope and customer data inside GLBA’s boundary. In the Police Credit Union deployment, conversation-level guardrails operating in the live path cut AI risk by 83% and delivered NCUA compliance readiness, for an institution that had seriously considered banning generative AI entirely.

Audit Logging Is How You Prove It to a Regulator

Insurance market-conduct exams, PCI assessments, and the EU AI Act all treat traceable records as an evidence requirement, not a best practice. Aurascape generates audit-ready, conversation-level logs of every AI interaction: what was prompted, what was returned, what data was involved, and what policy decision fired. The Police Credit Union deployment produced exactly that, with examiner-ready interaction logs a regulator could review directly.

This is the difference between asserting governance and demonstrating it. An NAIC market-conduct examiner, a PCI assessor, a state insurance regulator reviewing a NYDFS fairness assessment, and an EU AI Act assessment all want the same thing: a traceable record that the stated controls actually ran. Decoded interaction histories and policy-decision logs are that record. The platform does not make a firm compliant and does not replace legal counsel. It produces the evidence compliance and legal teams use to demonstrate the controls were in place and enforced.

Copilot Readiness Helps Close the AI Privacy Gap

Microsoft 365 Copilot and similar Embedded AI tools surface everything a user can technically reach, which turns a tolerable permissions mess into a live GLBA or PCI exposure the moment someone runs a cross-department summary prompt. Aurascape’s Copilot Readiness module finds overshared permissions before a rollout, Copilot Oversight monitors live usage, and Copilot Unlearning removes sensitive data already ingested by the AI system.

In an insurer or payments firm, a permissions structure that staff navigated one record at a time becomes a privacy and card-data problem when a copilot can summarize across all of it in one prompt. Finding the oversharing before go-live is the readiness step. Monitoring usage and removing exposed data afterward is the ongoing control. All three map to the data-protection duties GLBA, PCI DSS, and the EU AI Act impose on the channel copilots opened.

The Zero-Bypass MCP Gateway Is the Control the Frameworks Are Missing

Only 31% of organizations say they are fully equipped to control and secure agentic AI systems, even as 83% plan to deploy them (Cisco AI Readiness Index, 2025), and the gap is structural: the financial-services frameworks assume a human oversees the action. Aurascape’s Zero-Bypass MCP Gateway inspects, verifies, signs, and controls every Model Context Protocol tool call, API invocation, and data retrieval before an agent reaches any external system. Secure Agentic AI wraps the rest of the lifecycle: pre-build adversarial testing, Code Path and CVE Detection, and Safe Output Governance at runtime.

Where the frameworks assume a human in the loop, the Gateway treats the agent as a privileged user and inspects both legs of its behavior: the agent-to-model leg and the agent-to-tool leg. The control fires at the tool call itself, where a claims or servicing agent reaches a core system or external service, not at a network destination the agent already moved past.

Auri Gives Compliance Teams the Evidence Without the Console

Auri, Aurascape’s natural-language agent, gives compliance, risk, and legal teams role-based access to AI activity records, summaries, and audit evidence through plain-language questions, with no dashboard login or query syntax required (Aurascape, 2026). The people who own the NAIC, NYDFS, or PCI obligation are rarely the people who run the security tooling.

A compliance officer preparing for a market-conduct exam, or a privacy lead readying a PCI assessment, needs to pull relevant interaction records and policy decisions on their own timeline. Self-service, role-bound access to that evidence lets compliance operate the program rather than filing a ticket and waiting on the security team for every request.

The Stack Holds, but Only If Something Watches the Agents

The financial-services frameworks cover the human-operated AI surface well when a firm builds to them together: NIST AI RMF as the methodology, ISO/IEC 42001 as the external proof, the NAIC and NYDFS rules for insurance, PCI DSS for payments, ECOA and GLBA for credit and data. The crosswalks are real, and a firm that builds to the strongest common denominator can satisfy several layers without duplicating the work.

The stack’s one structural gap is the agent. Only one in five companies has a mature model for governing autonomous AI agents, even as agentic AI use is set to rise sharply (Deloitte State of AI in the Enterprise, 2026). Agentic AI is already moving into claims, fraud, and underwriting faster than the sector frameworks can adapt. Gartner predicts guardian agents will capture 10 to 15% of the agentic AI market by 2030, establishing AI-on-AI governance as a defined category (Gartner, 2025). Until the frameworks catch up, the control for autonomous financial AI has to come from architecture that inspects the tool call directly.

Frequently Asked Questions

Does the NAIC Model Bulletin apply to my insurance company?

It applies if you write insurance in a state that has adopted it, which is now more than 20 states. The bulletin requires a written AI governance program covering the lifecycle of any AI that makes or supports decisions about underwriting, pricing, claims, or fraud. Regulators can request documentation of that program during a market-conduct examination, so it functions as an evidence requirement.

What does NYDFS Circular Letter No. 7 require?

It requires insurers writing in New York to show that AI systems and external consumer data used in underwriting or pricing do not act as a proxy for protected classes, and to document a fairness assessment. Insurers must give a specific reason for an adverse decision, including the data source behind it, and cannot use a vendor’s proprietary algorithm as an excuse for failing to explain it.

Does PCI DSS apply to AI tools?

Yes, if the AI stores, processes, or transmits cardholder data. Any system in the cardholder data environment, including a fraud model, an assistant, or a coding tool that can see account numbers, falls under PCI DSS v4.0.1 and its 12 core requirements. The practical control is to keep card data out of AI tools that are not inside the controlled environment.

Can a fintech use a customer chatbot without a banking license?

It can, but the chatbot is still bound by consumer-protection law. Federal and state unfair-and-deceptive-practices rules apply to AI conduct regardless of charter status, and a chatbot that gives inaccurate information or undermines a consumer’s rights creates liability. State attorneys general continue to enforce these rules even as federal enforcement has narrowed.

Do GLBA and the FTC Safeguards Rule apply to non-bank fintechs?

Yes. The Safeguards Rule reaches non-bank financial institutions, including many fintechs, payment companies, and data aggregators, requiring a written information security program for customer financial information. That obligation follows the data into AI systems, so a fintech without a bank charter still has to protect customer data used by its models.

How does this page differ from the Banks and Investment Firms page?

This page covers financial services broadly, with emphasis on insurance, payments, fintech, and consumer finance. The Banks and Investment Firms page goes deeper on bank and broker-dealer model risk, including SR 26-2, the FFIEC handbooks, FINRA, and the SEC. Firms that are both should read both, since the obligations stack.

Does an ISO/IEC 42001 certificate satisfy financial regulators?

No. ISO/IEC 42001 is a voluntary management-system certification. The NAIC and NYDFS rules, PCI DSS, ECOA, GLBA, and the EU AI Act each have their own requirements. A 42001 certificate strengthens governance evidence and can streamline parts of an exam or assessment, but it does not substitute for any of them.

Can a security platform make my firm compliant?

No. A platform like Aurascape operationalizes and evidences compliance: it discovers AI use, enforces data controls at the prompt, governs agent tool calls, and produces audit-ready records. Compliance itself is a legal and regulatory determination that requires counsel and formal assessment. Tooling supports and demonstrates it but does not replace either.

How Aurascape Operationalizes Financial-Services AI Compliance Across Every AI Interaction

Aurascape’s Zero-Bypass MCP Gateway inspects, verifies, and signs every agent tool call before it executes, closing the gap the financial-services frameworks leave open: autonomous agents acting through Model Context Protocol connections that existing SSE, SASE, and DLP controls never see. The platform discovers every AI app and agent including shadow and Embedded AI, classifies and controls regulated customer and cardholder data inline before it reaches an external tool, and produces the conversation-level audit records that NAIC governance, NYDFS fairness assessments, PCI assessments, and the EU AI Act require.

For the agentic surface specifically, Secure Agentic AI adds adversarial testing and runtime guardrails across the full agent lifecycle, from pre-build Code Path and CVE Detection through Safe Output Governance at runtime. The platform sits alongside an existing SSE, SASE, or DLP stack rather than replacing it, and Auri gives compliance teams self-service, natural-language access to the evidence. Aurascape does not make a firm compliant or replace legal counsel. It operationalizes the controls and produces the proof that compliance, risk, and legal teams use to demonstrate the program is real.

This page is one of a set. For the cross-industry version, see AI Compliance Frameworks, Standards, and Governance for Enterprise AI, and for the bank and broker-dealer view, see Banks and Investment Firms.

---

Aurascape is the AI-native control layer for the one place the financial-services compliance stack still goes blind: autonomous agents acting through tool calls your existing controls never see. Every deployment runs through a tailored demo with your security team.

See how Aurascape governs every AI interaction in the live path →