What due diligence is required before signing with an AI model provider?

OCC 2023-17 requires due diligence proportional to risk and criticality. For critical AI activities: financial condition and business viability of the provider; information security program and SOC 2 Type II reports; data handling policies for bank customer data in API inputs; subcontractor relationships (cloud infrastructure, data pipelines); business continuity plans with tested RTOs; and regulatory compliance posture. Due diligence must be refreshed periodically, not just at initial engagement.

What contract terms does OCC 2023-17 require for AI providers?

OCC 2023-17 requires: specific measurable performance standards; audit rights or independent assessments; incident notification timelines; bank data ownership, return, and certified deletion on termination; subcontractor change notification rights; business continuity provisions with tested RTOs; and termination-for-regulatory-requirement clauses. Standard AI provider API terms do not include audit rights, bank-specific incident timelines, or the BCP and exit provisions required by OCC 2023-17. Banks must negotiate addenda for critical relationships.

How should banks classify AI model providers as critical or non-critical?

An AI provider supports a critical activity when failure would cause significant customer harm, prevent delivery of a bank product or service, or compromise a regulatory compliance function. Credit decisioning AI, fraud detection, AML monitoring, and customer-facing AI generally qualify as critical. Internal productivity tools with no customer or regulatory impact may be non-critical. Classification must be documented with rationale, and must be reviewed when the AI system's scope or use expands.

What exit strategy is required for AI model provider relationships?

OCC 2023-17 requires documented exit strategies for critical third-party relationships — plans for transitioning activities if the relationship ends. For AI providers: documented alternative providers that could be activated; tested procedures for switching model APIs; assessment of operational impact during transition; and data portability provisions in the contract. Banks dependent on a single AI provider for critical functions without a tested exit strategy have an OCC 2023-17 gap that examiners will cite.

How does OCC 2023-17 TPRM interact with SR 11-7 model risk for AI?

OCC 2023-17 and SR 11-7 govern the same AI system from different angles. SR 11-7 governs the model — development documentation, validation, behavioral monitoring, change management. OCC 2023-17 governs the vendor relationship — due diligence, contracts, ongoing performance monitoring, exit. The third-party register and model inventory should cross-reference each other. Behavioral anomalies from model monitoring should feed back to TPRM. Provider model updates detected by MRM monitoring should trigger TPRM change review. The programs need operational linkage, not just parallel documentation.

What audit trail does a bank need to demonstrate OCC 2023-17 compliance for AI providers?

OCC examiners will request: third-party register entries for AI providers with criticality classification and rationale; due diligence documentation and refresh dates; contract files with required provisions; ongoing monitoring records including behavioral performance data (not just uptime); exit strategy documentation; and records of how AI provider changes were reviewed and managed. Examiners expect evidence that behavioral performance is actively tracked — not just SLA uptime compliance — creating a need for AI-specific monitoring records in the TPRM evidence file.

Third-Party Risk Management for AI Model Providers: OCC 2023-17 and SR 13-19 Compliance

Q: Are AI model API providers covered third parties under OCC and Fed guidance?

Yes. OCC Bulletin 2023-17 and SR 13-19 define third parties broadly as any entity a bank has a business arrangement with. AI model API providers — OpenAI, Anthropic, AWS Bedrock, Google Vertex — are third parties when their services support bank operations. The criticality classification (critical vs. non-critical) determines the rigor of required controls based on the impact a failure would have on customers, operations, or regulatory compliance.

Q: What ongoing monitoring does OCC 2023-17 require for AI model providers?

OCC 2023-17 requires ongoing monitoring throughout the third-party relationship lifecycle. For AI providers, this includes: periodic SOC 2 and security report review; financial condition assessment; behavioral performance monitoring (decision distribution, output quality against baselines — not just API uptime); model version change detection to trigger SR 11-7 change management; and concentration risk tracking. Standard third-party performance tracking does not include AI behavioral monitoring — banks need AI-specific monitoring capabilities integrated into their TPRM programs.

OCC Bulletin 2023-17 (October 2023) and Federal Reserve SR 13-19 require banks to manage AI model API providers — OpenAI, Anthropic, AWS Bedrock, Google Vertex — as covered third parties subject to formal due diligence, written contracts with specific provisions, ongoing monitoring, and documented exit strategies. Standard API terms of service do not satisfy these requirements. Most banks have not applied full TPRM rigor to AI model providers at the depth regulators expect, creating examination exposure.

Why AI Model Providers Are Covered Third Parties

OCC Bulletin 2023-17 defines third-party relationships as any business arrangement between a bank and another entity, regardless of whether a formal contract exists. AI model API providers are third parties when their services support bank operations. The criticality classification — critical versus non-critical activity — determines the rigor of required controls. Credit decisioning AI, fraud detection, AML monitoring, and customer-facing AI assistants generally qualify as critical activities. Internal productivity tools may qualify as non-critical. The classification must be documented and justified.

Due Diligence Requirements for AI Providers

OCC 2023-17 requires due diligence before engaging a third party and on a periodic basis thereafter. For AI model providers, required areas include: financial condition and business viability of the provider and the specific API product line; information security program covering SOC 2 Type II scope for the services used; data handling policies for bank customer data submitted in API requests — training exclusions, retention, access controls; subcontractor relationships (cloud infrastructure, data pipeline vendors, content moderation providers); business continuity plans with tested RTOs; and regulatory and legal compliance posture including exposure to evolving AI regulation. Due diligence must be refreshed on a cycle proportional to criticality.

Contract Requirements AI Providers Typically Do Not Meet

OCC 2023-17 specifies required contract provisions. Standard AI provider API terms are designed for developer adoption, not regulated financial institutions. Key gaps: performance standards limited to uptime SLAs without behavioral performance obligations; no audit rights (standard terms offer SOC 2 reports whose scope may not cover the bank's specific use); incident notification timelines that do not meet bank requirements; no subcontractor change notification provisions; no data portability or certified deletion obligations on termination; no tested BCP provisions for critical customers; and no termination-for-regulatory-requirement clause. Banks must negotiate bank-specific addenda for critical AI provider relationships.

Ongoing Monitoring for AI Model Provider Behavioral Performance

Standard TPRM ongoing monitoring — annual SOC 2 review, financial assessment, periodic relationship review — does not capture AI-specific risks. Three monitoring capabilities are required for critical AI provider relationships: behavioral performance monitoring (tracking AI decision distributions and output quality against baselines, not just API uptime); model version change detection (mechanism to detect when the provider has updated the underlying model and trigger SR 11-7 change management); and concentration risk tracking (measuring proportion of critical AI functions dependent on each provider, with documented exit strategy for each concentration). Standard third-party performance management systems are not designed for these AI-specific monitoring requirements.

Intersection of TPRM and SR 11-7 for AI

Third-party risk management and model risk management address the same AI system from different governance angles and must be coordinated. SR 11-7 governs the model itself — development documentation, validation, behavioral monitoring, change management. OCC 2023-17 governs the vendor relationship — due diligence, contracts, performance monitoring, exit. When the AI model is a third-party-provided foundation model, the SR 11-7 model inventory entry should cross-reference the TPRM third-party register entry. Behavioral anomalies detected in AI model monitoring should feed back to the TPRM relationship owner. Model provider updates detected by the SR 11-7 monitoring program should trigger TPRM change notification review. The two governance programs need operational linkage, not just parallel documentation.