On 10 June 2026, the Financial Stability Board (FSB) published a consultation report on sound practices for responsible adoption of artificial intelligence (AI).
In the consultation report the FSB identifies certain sound practices to help all types of financial institutions navigate the benefits and risks as they adopt AI. The 12 sound practices cover organisation-wide governance as well as management of different stages of AI development and deployment (or AI lifecycle).
Sound practices 1 to 4 emphasise the importance of organisation-wide AI governance, in informing the financial institution in its decision on whether and how to adopt an AI technology and at what scale. These sound practices highlight:
- The pivotal role the board and senior management play in setting the overall approach and providing oversight so that AI adoption is aligned with the financial institution’s business model, risk appetite, and strategy.
- The importance of establishing clear governance frameworks, policies, procedures, and processes to identify, assess, monitor, and manage AI-related risks.
- The importance of defining clear responsibilities and accountabilities throughout the organisation.
- How financial institutions benefit from continuous learning and adaptation, enabling them to develop the resources, skills, knowledge, and capabilities required to sustain value creation and effective risk management over time.
Sound practices 5 to 10 focus on managing specific AI use cases at or throughout different stages of an AI lifecycle so that use case deployments are supported by proportionate guardrails. This involves:
- Effectively and systematically assessing the materiality and risks of AI use cases at inception and thereafter.
- Selecting appropriate AI models or systems by considering objectives, operational, and technical needs, as well as materiality and risk of AI use cases.
- Maintaining appropriate data governance so that the data for training, testing, and using AI is accurate, complete, reliable, and secure.
- Understanding differences in the explainability of various types of AI and, if appropriate and feasible, adopt more explainable AI or consider compensating controls.
- Evaluating the performance of AI use cases proportionately to their materiality and risk, including through performance assessment, testing, and ongoing monitoring.
- Implementing appropriate and effective human oversight that is relevant to the materiality, risk, autonomy, complexity, and explainability of different AI use cases.
Sound practices 11 and 12 highlight the importance of managing:
- AI-related cyber and information and communication technology (ICT) risks including by incorporating AI cyber and ICT risk scenarios into tests and exercises, sharing relevant information with key stakeholders, and where appropriate, using AI tools in cyber and ICT risk management.
- Risks from AI third-party use with a focus on performance, transparency, data quality, supply chain and concentration risks, and business continuity.
Next steps
The deadline for comments on the consultation report is 22 July 2026.