Bank Trades Comment on NIST’s Security Considerations for AI Agent Systems

Ladies and Gentlemen:

BITS, the technology policy division of the Bank Policy Institute ("BPI/BITS"), together with the American Bankers Association ("ABA"), submit these comments in response to CAISI's Request for Information regarding security considerations for AI agent systems. BPI/BITS and ABA member banks are actively evaluating and deploying generative AI, including the use of AI agents across cybersecurity, fraud prevention, operations, and customer support.^[1]

As agent systems become more widely used and paired with tools that take actions affecting real-world systems and environments, it's important to carefully evaluate risks and ensure effective guardrails are in place. Financial institutions already govern these risks through established risk management, compliance, and oversight processes, with implementation tailored to the nature, scale, and risk of the use case. Banks have long used AI in their businesses and operations, including for risk management, and are committed to deploying these capabilities responsibly. However, as agent systems increasingly interact with enterprise services and external platforms, additional industry coordination can help ensure that these interactions remain secure, traceable, and interoperable.

The following comments address two areas where standardization can both accelerate adoption and enhance supply chain risk management: (1) documentation and controlled sharing for agent deployments, and (2) secure interactions and automated integrations with counterparties. NIST's CAISI can play an important role in convening industry, researchers and government to develop voluntary, consensus-based guidance. These recommendations are intended to support CAISI's role in defining common terminology, baseline information elements, and reference examples. They are not intended to prescribe implementation choices, require public disclosure, or establish an examination checklist. Similar to other areas such as cybersecurity and privacy, CAISI guidance can serve as a common framework to adapt existing risk, governance, and supervisory processes for AI agents and can give organizations a common language and practical tools, while allowing firms to tailor implementation to their own risks, systems, and obligations.

In 2024, U.S. Treasury, the Financial Services Sector Coordinating Council ("FSSCC")^[2], and the Financial and Banking Information Infrastructure Committee ("FBIIC")^[3] launched a public-private effort through the AI Executive Oversight Group ("AIEOG") to develop practical, non-prescriptive AI risk-management resources for financial institutions, including workstreams on transparency and data practices.^[4] Expanding and broadening this work through CAISI will help align these financial-sector outputs with cross-sector voluntary guidance and reference examples, so banks and their vendors can rely on common templates and terminology that reduce duplicative due diligence and support interoperable, risk-based deployment.

Executive Summary

BPI/BITS and ABA recommend that CAISI convene stakeholders to develop a concise set of voluntary, consensus-based outputs, including a short controlled-sharing profile and supporting illustrative templates that specify baseline information elements and shared terminology, reference architectures and NCCoE-style practice guides that demonstrate secure implementations for agent deployments and for secure counterparty interactions and automated integrations. In particular, CAISI should:

1. Develop a Controlled-Sharing Profile and Baseline Information Elements for Agent Deployments. Develop a risk-scaled controlled-sharing profile, supported by Foundational and Enhanced illustrative templates that specify baseline information elements describing an agent's purpose, access, data dependencies, and safeguards, and that define appropriate sharing levels and confidentiality protections in lieu of public disclosure by default, including for controlled counterparty exchange where relevant.

• Publish Reference Architectures and Practice Guides for Secure Counterparty Interactions and Automated Integrations. Publish nonbinding reference architectures and practice guides that demonstrate secure implementations for counterparty interactions and automated integrations. Guidance could address secure machine-to-machine access and authentication, investigation-ready records and traceability, safeguards for higher-risk actions, shutdown and revocation support, and a brief set of operational validation considerations aligned to these examples.

These actions would keep guidance voluntary and technology-agnostic while providing practical examples and illustrative validation approaches that can be tailored by risk and operational context.

The risk-scaled template follows a "nutrition label" approach to transparency in financial services: a standard baseline set of information for due diligence, with an added layer when risk or complexity is higher. The proposed Data Dependency Label applies that approach to data dependencies of an AI agent, helps determine when the Enhanced tier is appropriate, and aligns with broader Treasury-financial-sector work on practical transparency and data-dependency tools for AI risk management.

CAISI can make these voluntary outputs easier to adopt by pairing them with nonbinding implementation examples, such as NCCoE-style practice guides that demonstrate reference architectures implementing these approaches in representative scenarios, and optional mappings to existing NIST frameworks (including NIST SP 800-53 and the NIST AI RMF), without creating new requirements.

These outputs, including the controlled-sharing profile, illustrative templates, reference architectures, and practice guides, are intended to be illustrative and nonbinding.

To read the full comment letter, please click here, or click on the download button below.

[1] The Bank Policy Institute is a nonpartisan public policy, research and advocacy group that represents universal banks, regional banks, and the major foreign banks doing business in the United States. BPI produces academic research and analysis on regulatory and monetary policy topics, analyzes and comments on proposed regulations, and represents the financial services industry with respect to cybersecurity, fraud, and other information security issues. Business, Innovation, Technology and Security ("BITS"), BPI's technology policy division, provides an executive-level forum to discuss and promote current and emerging technology, foster innovation, reduce fraud, and improve cybersecurity and risk management practices for the financial sector.

The American Bankers Association is the voice of the nation's $25.3 trillion banking industry, which is composed of small, regional and large banks that together employ over 2 million people, safeguard $20.1 trillion in deposits and extend $13.5 trillion in loans.

[2] See https://www.fsscc.gov

[3] See https://www.fbiic.gov

[4] U.S. Department of the Treasury, "Treasury, FBIIC, and FSSCC Conclude Public-Private Effort on Artificial Intelligence in the Financial Sector," https://home.treasury.gov/news/press-releases/sb0395.