Get readiness score
Security & Governance · Free guide

Set the AI boundary before staff use it.

A practical guide to approved tools, restricted data, human review, and evidence your compliance, risk, and IT teams can inspect.
§01 · What is inside

Preview the guide before you request it.

Safe AI Use Guide

Six one-page decisions, not a governance textbook.

Each chapter gives a boundary, a banking example, and the artifact that proves the work.

01

The never-paste list

  • The non-negotiable data types that must never touch a public LLM: PII, member records, non-public examination data, and the compliance reasoning behind each exclusion.
02

Private cloud vs. public model

  • When private inference is required, when a public model is acceptable, and the decision tree every staff member should run before pasting anything into a tool.
03

Mapping to SR 11-7

  • How model risk management guidance applies to generative AI, with specific language you can drop into your AI governance framework.
04

Vendor evaluation scoring

  • The five-question framework for evaluating AI vendors against your risk posture, including concentration risk thresholds.
05

Shadow AI discovery

  • A structured method for identifying the AI tools your staff are already using without your knowledge, and bringing them inside a governance perimeter without killing adoption.
06

Review packet readiness

  • What to keep in the packet before an audit, risk review, or exam conversation. Based on the AIEOG AI Lexicon vocabulary (US Treasury, FBIIC, FSSCC, February 2026).
§02 · Regulatory alignment

The guide maps staff practice to public source vocabulary.

SR 11-7 — Model Risk
Interagency TPRM Guidance
ECOA / Reg B
AIEOG AI Lexicon
§03 · Data handling

Practice with synthetic data. Keep customer data out of prompts.

Practice scenarios use synthetic or sanitized banking examples. They are designed to teach the workflow without requiring customer records.
Learners are told not to paste customer PII, account numbers, confidential member data, or non-public examination material into prompts.
AI output is a draft. A banker owns fact-checking, policy fit, escalation, and any customer-facing or regulated decision.
§04 · Not just a PDF

The guide is the starting point. The engagement is how it gets operationalized.

A governance guide is not the same as a governance framework. An engagement with the Institute installs the framework inside your institution — with named owners, a review cadence, and documented mapping to applicable regulatory references. No software seats. No vendor lock-in.
Security & Governance

Teach the boundary. Document the verdict. Ship safely.

The institutions that win with AI are the ones whose IT teams set clear verdicts and whose business teams follow them.

See how we workContact us
Security & Governance — AI built for regulated institutions — The AI Banking Institute