Finance vertical · SR 26-2 · FINOS AIGF · OCSF v1.8.0

AI shared responsibility for financial services

SR 26-2 applies existing MRM principles to AI by materiality but leaves the mechanics to each institution. This schema fills that gap: 40 controls across five SRF layers, each with a named accountable party, a measurable threshold, and an OCSF telemetry pointer.

Experimental schema. This vertical is a proposed extension of the CoSAI Shared Responsibility Framework, developed independently to demonstrate the approach. It is not part of CoSAI SRF v1.0 and has not been endorsed by CoSAI or any regulator. Regulatory mappings marked TBD await verification against the source documents.
40
Controls
5
SRF layers
4
MRM lifecycle stages
5
Crosswalk targets

The SR 26-2 gap. The Federal Reserve, OCC, and FDIC issued SR 26-2 in April 2026, explicitly placing generative and agentic AI out of scope while directing institutions to apply existing MRM principles by materiality. That instruction is necessary but not sufficient: it tells institutions what standard applies, not how to operationalize it for systems that produce text, make autonomous decisions, or execute transactions. SR 26-2 supersedes SR 11-7 (2011) and SR 21-8 (2021) as the governing model risk management standard for Federal Reserve-supervised institutions. Read the letter ↗

What the schema provides. Each control in this schema maps an SRF layer to a specific MRM lifecycle stage (development, independent validation, ongoing monitoring, effective challenge), names the accountable persona, and specifies the OCSF telemetry stream that proves the control is functioning. The same schema applies to a community bank and a GSIB; only the tier parameter table differs.

Mapping status. The schema targets five crosswalks: SR 26-2, FINOS AIGF, CSA AICM, OWASP LLM Top 10, and the EU AI Act. OWASP mappings are populated where applicable; SR 26-2, FINOS AIGF, AICM, and most EU AI Act entries are marked TBD pending verification against the source documents. OCSF evidence pointers are verified for 13 of 40 controls; the rest are marked TBD. The controls browser shows only verified mappings.

Agent-PaaS coverage. All 40 controls apply to Agent-PaaS deployments, which carry the largest surface area under SR 26-2's by-analogy application of MRM principles. L3 and L4 controls address agent authorization gates, memory store integrity, guardrail bypass monitoring, and runtime verification: the controls SR 26-2 would require if agentic AI were explicitly in scope.

In this section

Schema design

Accountability plane
SRF layers and personas

Each control names one accountable persona. Five layers map to the MRM lifecycle: governance, data, application, platform, and model. One accountable party per control, regardless of operating model.

Control plane
Thresholds and parameters

Controls define the metric, operator, and parameter name. Institutions supply the values per tier. Zero-tolerance and verification controls carry fixed values by design.

Evidence plane
OCSF v1.8.0 telemetry pointers

Each threshold names the OCSF event class and attribute that proves the control is operating: verified for 13 of 40 controls so far, TBD for the rest. Continuous, machine-readable evidence; not annual attestations.

Coverage by layer

L1
Governance and processes
Risk appetite statement, model inventory policy, agent authorization governance, AUP enforcement, governance review cadence, effective challenge oversight. Accountable persona: ai-system-governance.
9 controls
L2
Data and training
Data provenance documentation, classification coverage, bias and quality validation, input drift monitoring (PSI), agent memory store integrity. Accountable persona: data-provider.
8 controls
L3
Application and agent
Input validation and prompt injection defense, output filtering, adversarial red-team validation, injection detection monitoring, agent authorization gates. Accountable personas: application-developer (6 controls) and agentic-platform-provider (2 controls).
8 controls
L4
Platform and infrastructure
Guardrail configuration baseline, gateway authentication and authorization, load-time artifact integrity, bypass rate monitoring, authz failure monitoring, runtime guardrail verification. Accountable persona: ai-platform-provider.
8 controls
L5
Model
Model card completeness, artifact signing and supply-chain provenance, pre-deployment safety evaluation, independent validation, load-time verification, CVE monitoring and disclosure SLA. Accountable persona: model-provider.
7 controls