AI Encore

Jason Loring, a partner in Jones Walker LLP's Atlanta office and co-leader of the firm's privacy, data strategy, and artificial intelligence team, previously provided an overview of artificial intelligence (AI) considerations in banking during the Bankers Compliance Task Force third quarterly meeting and was requested to return for a deeper dive into AI implications for banking during the fourth-quarter meetings this November. Jason gave an update on the current state of AI regulation, highlighting that state regulation is accelerating while federal priorities focus on reducing potential barriers to technological advancement. More than 1,000 AI-related bills have been introduced in 2025 to date, signaling that the compliance landscape has shifted from a “wait and see” to an “act now” approach. More than 30 states have AI committees or task forces actively developing legislation, which means that multistate banks likely face a complex compliance matrix with different requirements for disclosures, bias testing, and impact assessments.

Jason provided insight into the core legal challenges of AI implementation, highlighting the importance of AI governance addressing areas such as data privacy, intellectual property (IP), third-party risk management for AI vendors, product liability, anti-money laundering (AML) and fraud detection, transparency, and discrimination. Data privacy is fundamental for banking AI, and every AI system that processes customer data must comply with comprehensive privacy requirements. Banks must implement administrative, technical, and physical safeguards to protect customer information pursuant to the Gramm-Leach-Bliley Act (GLBA). While banks are not typically creating generative AI models, significant IP issues can arise in vendor relationships and with respect to output usage. Third-party vendor management is a very important part of every bank's compliance management system and must be handled with great care; banks should also remember that they are ultimately responsible for the actions of the third parties with which they engage.

Jason informed the group that what matters most for compliance is understanding that the AI models in banking — whether for credit decisions, fraud detection, or customer service — must meet the same regulatory standards as any other decisioning tool. Banks must balance innovation with the ability to explain decisions to customers and regulators.

As with many other regulatory and compliance topics, this is an ever-changing and evolving area; interested parties should stay closely informed.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.