This paper outlines a six-step, evidence-driven framework for governing models and AI systems under SR 26-2, including Generative and Agentic AI that fall outside the regulation’s formal scope. It argues that financial institutions should shift away from checklist-heavy governance toward automated, risk-based governance that prioritizes observable evidence, materiality, and operational efficiency.
• AI Governance Framework
• Risk-Based Tiering
• Automated Oversight Workflows
• Evidence-Driven Validation
