OSFI sets sound practices to curb generative and agentic AI risks

The regulator's six-part AI checklist reaches straight into the tools advisors lean on

OSFI sets sound practices to curb generative and agentic AI risks

Canada's financial regulator has set out sound practices for managing generative and agentic AI risks at the institutions that house the nation's largest wealth arms. 

The Office of the Superintendent of Financial Institutions released the bulletin in July 2026, aiming it at the federally regulated banks and insurers whose groups include much of the country's wealth and asset-management business. It builds on earlier work this year, when the regulator flagged the risks tied to the most advanced AI models. 

The message is not that firms should avoid the technology. It is that governance can fall behind it. AI systems, the regulator said, can act with limited human oversight and lean heavily on third-party models, data, and software connections - and senior managers who do not understand those systems can end up trusting vendor assessments they cannot properly scrutinize. 

For anyone whose day involves advice, planning tools, or portfolio decisions, the substance sits close to home. Generative AI can produce what the regulator called hallucinated outputs - results that are inaccurate or misleading, especially when the underlying data is patchy. Agentic AI raises the stakes by acting on those outputs on its own, which can trigger downstream steps no one checked and leak sensitive data along the way. The regulator's advice is blunt: treat AI-generated output as an input to a decision, not the decision itself, and keep a human accountable for anything material. 

The bulletin runs through six areas. On software, it warns that AI can write insecure code and that agentic tools can push flawed code into production without a person in the loop; it says institutions should validate AI-generated code before it goes live. On access, it flags over-privileged accounts, shared credentials, and tool chaining, where one automated step feeds the next, as routes to data being pulled out through ordinary tools and interfaces. It urges unique identities for AI agents, least-privilege access, and short-lived credentials. 

Cyber risk cuts both ways. The regulator noted that AI widens the threat surface - automated phishing, malicious prompts, AI-written malicious code - while also giving defenders faster ways to detect and contain attacks. It suggests building AI misuse scenarios such as prompt injection into threat testing. 

Resilience gets the final word. Because so many institutions rely on the same handful of AI vendors, the regulator warned of concentration risk and correlated failures across firms, and said institutions should map their AI dependencies, test outage scenarios, keep manual fallbacks, and require third parties to disclose when they use AI to deliver a service. 

The practices complement existing expectations under Guidelines B-13, E-21, and B-10, and point institutions to Guideline E-23 for model risk. None of it lands as a new rule; the regulator frames the measures as steps institutions can consider. Still, the direction is clear enough. As the bulletin put it, advances in AI mark a material evolution in technology and cyber risk - one that expands attack surfaces and tests whether existing controls still hold. 

The full text of Generative and Agentic Artificial Intelligence: Implications for Technology, Cyber Security, and Operational Resilience is available at https://www.osfi-bsif.gc.ca/en/risks/technology-cyber-risk-management/technology-risk-bulletin/generative-agentic-artificial-intelligence-implications-technology-cyber-security-operational

LATEST NEWS