Prompt and Pray Will Not Survive the FSB

2026-01-11 · Source: Agus’s Substack · Field: Technology & Digital — Artificial Intelligence & Machine Learning, AI Governance & Risk Management · Depth: Advanced, long

Summary

The Financial Stability Board (FSB) released a consultation on June 10, 2026, titled "Sound Practices for Responsible Adoption of Artificial Intelligence (AI)," proposing 12 non-binding sound practices for financial institutions. This consultation, open for comment until July 22, 2026, and due for a final report in October, highlights critical gaps in current agentic AI "controls," particularly the "prompt and pray" approach. The article argues that this method, which relies on instructing agents and reviewing self-generated rationales, fails to meet the rigorous expectations of risk management frameworks like SR 11-7. It emphasizes that while AI mechanics evolve, core principles of control, independent challenge, and verifiable oversight remain essential, exposing the inadequacy of superficial controls for high-stakes financial applications.

Key takeaway

For Directors of AI/ML or risk officers deploying agentic AI in financial services, you must move beyond "prompt and pray" methods. Your firm's AI controls need to be engineered, focusing on verifiable system state, tool authorizations, and independent logging, not just agent instructions or self-generated rationales. Investigate human "rubber-stamping" and ensure oversight is meaningful, capable of challenging actual system behavior and omitted evidence, to avoid significant regulatory findings.

Key insights

Agentic AI "prompt and pray" controls are insufficient for financial risk management, failing FSB and SR 11-7 standards.

Principles

• Control must be proportionate to risk.
• Independent challenge is vital for complex systems.
• Oversight requires ability, authority, and incentive to intervene.

Method

The article critiques "prompt and pray" as instructing agents, storing rules, asking another model for behavior review, and routing summaries for human sign-off, often strengthening prompts as remediation.

In practice

• Prioritize explainable models where possible.
• Use compensating controls for constrained explainability.
• Monitor agent actions, not just outcomes.

Topics

• FSB Consultation
• AI Risk Management
• Agentic AI Controls
• Prompt Engineering
• Financial Regulation
• Explainable AI

Best for: CTO, VP of Engineering/Data, Executive, Director of AI/ML, Consultant, Legal Professional

Related on AIssential

• 😼 Robinhood gave AI agents wallets — AI agents are gaining financial transaction capabilities, necessitating robust control and risk management frameworks.
• These aren’t AI firms, they’re defense contractors. We can’t let them hide behind their models - The Guardian — AI systems in modern warfare automate "chosen blindness," eroding accountability and enabling rapid, opaque targeting decisions.
• MUFGとSakana AIの「AI融資エキスパート」、実案件での検証フェーズへ — AI agent systems can significantly enhance complex banking operations like corporate loan approvals.
• Veteran-Owned Simply IT Launches “AI for Business” to Help Florida Small Businesses Deploy AI Safely — Secure, governed AI adoption prevents "shadow AI" risks and enhances small business productivity.
• Invisible crisis: AI-powered cyber-attacks can endanger financial stability - Business Standard — AI-powered cyberattacks pose a significant, interconnected threat to global financial stability, demanding urgent, coordinated defense.
• Trump Administration Official Says Quiet Part Out Loud on AI-in-Government Plans — Over-reliance on LLMs for federal rulemaking introduces significant legal and policy risks due to inherent AI limitations.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Agus’s Substack.