In a keynote speech, ECB Banking Supervision outlined how it is monitoring banks’ increasing use of artificial intelligence and set expectations for governance and risk management as AI becomes embedded in core banking activities. It flagged generative AI as a particular supervisory focus because of the new dependencies it creates on a small number of third-party providers and cloud infrastructure. ECB Banking Supervision’s annual data collection on innovative technologies across large banks under European supervision indicates that more than 85% already use AI, with adoption accelerating with generative and agentic AI. Use is expanding from established areas such as credit risk assessment and fraud detection into IT operations, legal and document analysis, and front-line applications, broadening the risk perimeter from model risk to operational, conduct, compliance and strategic risks. The speech highlighted uneven governance practices and recurring issues such as fragmented ownership and unclear accountability, and pointed to the need for senior management oversight, effective challenge by risk management, compliance and internal audit, and alignment with European Banking Authority internal governance principles. Risk management priorities include decision-useful explainability, stronger lifecycle monitoring and change management to address model drift, and improved data governance, including representativeness, lineage and bias controls where bias could translate into prudential risk. Looking ahead, ECB Banking Supervision plans to continue monitoring AI across banks, while taking a more targeted and in-depth approach to generative AI applications under its 2026-28 supervisory priorities on operational resilience and ICT capabilities, with the stated aim of assessing prudential materiality and inherent risks and paving the way for further supervisory action if needed. It also referenced the ECB’s Guide on outsourcing cloud services to cloud service providers as the supervisory baseline for DORA-related expectations on third-party and concentration risks, including vendor lock-in mitigation, tested contingency options and a holistic view of subcontracting risks.
European Central Bank 2026-02-24
European Central Bank sets supervisory expectations for banks’ AI governance and signals more targeted scrutiny of generative AI
In a keynote speech, ECB Banking Supervision emphasized its focus on banks' increasing use of artificial intelligence, particularly generative AI, due to dependencies on third-party providers and cloud infrastructure. The ECB highlighted uneven governance practices and stressed the need for senior management oversight and alignment with European Banking Authority principles. Looking ahead, the ECB plans to intensify monitoring of AI, focusing on generative AI applications, under its 2026-28 supervisory priorities on operational resilience and ICT capabilities.