Operationalizing the Treasury FS AI RMF: what your bank does next

By Barry Middlebrook · Middlebrook Data & AI Governance

On February 19, 2026, the U.S. Treasury released the Financial Services AI Risk Management Framework (FS AI RMF) — the sector's first finance-specific, operational playbook for AI risk. It was developed through the AI Executive Oversight Group (a public-private partnership of Treasury's FBIIC and the Financial Services Sector Coordinating Council) and executed by the Cyber Risk Institute, with input from more than a hundred financial institutions. It takes the NIST AI RMF and translates it into something an examiner can actually review: 230 control objectives, each tied to a risk statement and a trustworthy-AI principle.

It's voluntary today. But frameworks built this way — sector-specific, examination-shaped, backed by Treasury — don't stay voluntary in practice for long. They become the spreadsheet your examiner brings to the next review. The institutions that win are the ones already aligned when that happens.

What's actually in it

The FS AI RMF has four parts that work together:

• An AI Adoption Stage Questionnaire — pinpoints where you are on the AI-maturity curve, so the rest of the framework scales to your reality instead of dumping 230 controls on a bank running two pilots.
• A Risk & Control Matrix — the 230 control objectives themselves, each mapped to a risk and a principle.
• A Guidebook — the background, glossary, and sources.
• A Control Objective Reference Guide — illustrative controls and, crucially, the audit evidence an examiner expects to see.

The FS AI RMF isn't another policy PDF to file. Its controls are meant to live in your data layer, your model lifecycle, your access controls, and your vendor stack — not a binder.

The seven domains

The 230 control objectives are organized into seven risk domains. Read them as the table of contents for your AI governance program:

• 1. Governance & Accountability — who owns AI risk, the committee that decides, the policies that bound it.
• 2. Data Integrity & Management — the quality, lineage, and controls on the data the AI runs on. This is the foundation everything else stands on.
• 3. Model Development & Validation — how models are built, documented, and independently validated (where your SR 11-7 discipline extends).
• 4. Monitoring & Performance — drift, degradation, and ongoing performance once the model is live.
• 5. Third-Party & Vendor Risk Management — the model providers, platforms, and APIs you depend on, treated as the critical third parties they are.
• 6. Fairness, Bias & Consumer Protection — disparate-impact, fair-treatment, and the consumer-facing controls examiners care about most.
• 7. Explainability & Transparency — whether you can explain what the AI did, to a customer and to a regulator.

What you actually do with it

A framework is only as good as the program you build from it. The path is the same one disciplined institutions already know — applied to AI:

• Start with the questionnaire, not the controls. Establish your adoption stage first. It tells you which controls are load-bearing now and which are aspirational — and keeps the effort proportionate.
• Inventory the AI, risk-tier it to the seven domains. You can't govern what you haven't found. The gap between the AI your teams told you about and the AI in your model inventory is usually the headline.
• Run a gap assessment against the 230 objectives. Score each domain, find where you'd fail an exam today, and rank the gaps by exposure — not by how easy they are to fix.
• Operationalize the gaps into real controls. Turn "we have no use-case intake" into an intake process; "no decision rights" into a matrix; "no vendor standard" into procurement criteria. Each control tagged to its domain so the evidence trail is examiner-ready.
• Keep it current. The framework will evolve, and so will your AI footprint. Governance is a cadence, not a project.

Where most institutions are exposed

If you run a mature model-risk program, you already have real coverage in domains 3 and 4 — model development, validation, monitoring. The exposure tends to concentrate in three places: Governance & Accountability (no named owner for AI specifically), Third-Party Risk (GenAI bought, not built, and never run through vendor diligence), and Explainability (a generative model touching a customer decision that no one can explain after the fact). That's also the gap your SR 11-7 program was never designed to reach — the OCC's revised guidance explicitly excludes generative and agentic AI. The FS AI RMF is the instrument that closes it.