AI Regulation Tracker / Guidance and sound practices
OSFI Sets Sound Practices for Generative and Agentic AI Risk
Canada's banking and insurance regulator, OSFI, posted a technology-risk bulletin in mid-July 2026 on the cyber and operational risks of generative and agentic AI. It is non-binding guidance, a set of sound practices grounded in existing Guidelines, not a new rule, standard, or enforcement action.
OSFI, the federal regulator for Canadian banks, insurers, and pension plans, posted a technology-risk bulletin in mid-July 2026 on how generative and agentic AI change the cyber-security and operational-resilience picture for the institutions it supervises. The document is titled "Generative and Agentic Artificial Intelligence: Implications for Technology, Cyber Security, and Operational Resilience." According to reporting from Reuters, US News, Insurance Journal, and The Star between July 13 and 14, OSFI put the bulletin on its public site after Reuters asked about a private email the regulator had sent to bank and insurer technology-risk executives in April 2026. In other words, the substance had been circulating with supervised institutions for months, and it is now public.
The reason this one is worth a careful read is what it is not. It is not legislation. It is not a new guideline. It is a bulletin of sound practices, and OSFI ties it directly back to guidance that already exists.
What the bulletin actually is
Start with the class of document, because that is where most coverage gets loose. This is guidance. OSFI describes sound practices, and it expressly grounds them in three existing Guidelines: B-13 on Technology and Cyber Risk, E-21 on Operational Risk and Resilience, and B-10 on Third-Party Risk. It is not creating a new obligation on top of those. It is showing how the principles already in those Guidelines apply when an institution starts using generative models and, increasingly, agentic AI that can take actions on its own.
It is also worth being clear about what the bulletin is centered on. It is model-neutral. It does not single out any one frontier model or vendor. A specific model name did surface in secondary coverage, but that traced back to an earlier private email, not to the bulletin itself, which speaks in terms of capabilities and risks rather than products. The distinction between generative AI and agentic AI matters here too. This bulletin is not the same as OSFI's E-23 work on model risk. It is a separate, first-of-its-kind bulletin looking at generative and agentic AI specifically through a cyber and operational-resilience lens.
So nothing in a Canadian institution's legal duties changed the day this went public. What changed is that supervised institutions, and now everyone else, can see how OSFI thinks the existing rules map onto this technology.
The four areas of sound practice
The bulletin organizes its practices around four themes. None of them are exotic. They read like what a seasoned risk officer would write down, which is rather the point.
Governance. OSFI wants senior management to actually understand these tools, calling on institutions to strengthen senior management literacy rather than leave AI as something the technology team quietly runs. It asks institutions to align AI strategy with risk appetite, with clear escalation triggers, so that when a model or an agent starts operating outside expected bounds, there is a defined path for raising it.
Accuracy. This is the line finance people will recognize immediately. OSFI says to treat AI outputs as inputs to a decision rather than the decision itself, and to keep a human accountable for material calls. That is not a slogan. It is the difference between a model that drafts and a model that decides, and it puts the accountability back on a named person for anything that matters.
Software security. Agentic and generative tools increasingly write code. OSFI's practice is to validate AI-generated code before it goes into production, and to put approval checkpoints in front of high-risk actions rather than letting an agent execute them unsupervised.
Access control. This is the part that will travel furthest, because it is where agentic AI genuinely differs from a chatbot. OSFI points to giving AI agents unique, non-human identities, applying least-privilege and scoped permissions so an agent can only touch what it needs, and using short-lived, just-in-time credentials rather than standing access. The concern underneath all of it is the over-privileged agent: an autonomous system that has been handed broad, durable access and can then do far more damage, by mistake or by compromise, than anyone intended.
What this is, and what it is not
I want to be precise, because it is easy to over-read a regulator's name on a document.
These are sound practices. OSFI is describing good hygiene it expects supervised institutions to weigh against their own risk profile, and it is anchoring that description to Guidelines B-13, E-21, and B-10 that are already in force. The bulletin does not impose a new rule. It does not set a new standard. It does not announce enforcement, and it does not create a fresh legal obligation that did not exist the week before. Anyone reading this as OSFI "cracking down" or "banning" something has misread it.
What the bulletin does is set expectations and show its thinking. When a prudential regulator writes down how it reads the existing rules against agentic AI, that tells supervised institutions where examiner attention is likely to go and gives everyone else a clear window into how a serious authority frames the problem. It is a weathervane, useful for calibration. It is not a wind you are legally required to turn into.
What this means for auditors and finance teams
For OSFI-supervised institutions, the bulletin is close to a checklist of where supervisory conversations are heading. If you are deploying generative or agentic AI, the four themes are the questions to expect: can senior management explain the tools, is AI use inside your stated risk appetite with real escalation triggers, is AI-generated code validated before it ships, and do your AI agents have scoped, short-lived, least-privilege access instead of broad standing credentials. Because the practices are tied to Guidelines you already follow, none of this should feel foreign. It is the existing expectations, applied to a new capability.
For US CPAs and finance leaders, the value is comparative. OSFI is not your regulator, and this bulletin carries no authority over US institutions. But it is one of the clearest current statements from a prudential regulator on the specific risk of over-privileged AI agents, and the framing travels well. The access-control practices in particular, unique non-human identities, least privilege, just-in-time credentials, are exactly the controls a US audit or risk team should already be thinking about as agentic tools move from pilots into production. The direction also lines up with where international bodies like the Financial Stability Board have been pointing, so treating OSFI's bulletin as a preview of the questions you will eventually field is reasonable.
The through-line is the same one that shows up in every good controls story. Keep a human accountable for material decisions, do not let an autonomous agent hold more access than it needs, and be able to show your work: who approved the action, what the agent could reach, and how you would know if it went wrong. OSFI is not ordering US teams to build those controls. It is showing that a peer regulator now treats them as the baseline.
What to do now
Read the actual document, not the headline. This is sound practices grounded in existing Guidelines, not a new rule and not enforcement. Inventory where generative and, especially, agentic AI already touches your environment, since the agentic case is where the access-control risk concentrates. Give every AI agent its own scoped identity with least-privilege, short-lived credentials rather than broad standing access. Put approval checkpoints in front of high-risk actions and validate AI-generated code before it reaches production. Keep a named person accountable for any material decision an AI touches, treating its output as an input rather than the answer. And if you are a US institution, base any control change on your own applicable standards and your risk and audit functions, not on a Canadian bulletin, useful as it is for benchmarking.
Questions professionals are asking
Did OSFI issue a new rule or regulation on AI?
No. OSFI posted a technology-risk bulletin of sound practices in mid-July 2026. It is non-binding guidance, expressly grounded in existing Guidelines B-13, E-21, and B-10. It does not create, change, or remove any rule, standard, or legal duty, and it is not an enforcement action.
What does the bulletin actually cover?
Sound practices across four areas: governance (senior-management literacy, aligning AI strategy with risk appetite, clear escalation triggers), accuracy (treating AI outputs as inputs to a decision rather than the decision itself, with a human accountable for material calls), software security (validating AI-generated code and using approval checkpoints for high-risk actions), and access control (unique non-human identities for AI agents, least-privilege and scoped permissions, and short-lived just-in-time credentials).
Is this the same as OSFI's model-risk guideline E-23?
No. This is a separate, first-of-its-kind bulletin focused specifically on generative and agentic AI through a cyber-security and operational-resilience lens. It is distinct from the E-23 model-risk guideline.
Does this affect US CPAs or US institutions?
Not directly. OSFI is the Canadian federal regulator for banks, insurers, and pension plans, and this bulletin carries no authority over US institutions. For US finance leaders it is a useful comparative read on how a prudential regulator frames agentic-AI and over-privileged-agent risk, not a requirement.
Should we change our AI controls because of this bulletin?
Only on your own terms. The bulletin can help you benchmark and can flag where supervisory attention is going, but any change to your controls should rest on your own applicable standards and the judgment of your risk and audit functions, not on a Canadian bulletin.
RELATED BRIEFINGS
Browse the full AI Regulation News tracker
Informational analysis for working professionals, not legal, accounting, or audit advice. Confirm how any guideline or requirement applies to your situation with qualified professionals in the relevant jurisdiction.