On February 19, 2026, the U.S. Department of the Treasury released two voluntary resources for Artificial Intelligence (AI) use in financial services: (1) a Shared AI Lexicon and (2) the Financial Services AI Risk Management Framework (FS AI RMF).

Treasury frames both items as practical, non-binding guidance intended to strengthen shared terminology and risk-based AI governance as financial institutions expand their use of AI for decision making, customer engagement, and operations.

This update applies to employers in the financial services sector that develop, procure, or deploy AI systems (including through third-party providers), and the update took effect on February 19, 2026.

What Employers Need to Do

• Inventory and Scope AI Use Cases: Identify where AI is used (or planned) in products, operations, compliance, and customer engagement, and map those use cases across the AI lifecycle that the framework is designed to cover.

• Adopt a Shared Internal Vocabulary (without “hard-coding” it into Legal Obligations): Use the Lexicon to align terminology across legal, risk, security, and business teams, but avoid treating Lexicon definitions as legally dispositive or contract-controlling.

• Run the FS AI RMF Adoption Stage Questionnaire: Use the questionnaire to determine your AI adoption stage and prioritize controls proportionate to current maturity and business impact.

• Map Controls to AI Systems and Vendors: Use the FS AI RMF’s control objectives and lifecycle approach to assess gaps for internal AI systems and third-party AI providers, including governance, monitoring, and change management.

• Document “Audit-ready” Evidence: Build centralized documentation for key decisions (who approved, what testing occurred, monitoring processes, drift/changes, and incident handling) so governance can be evidenced consistently over time.

• Prepare Contracting Playbooks for AI Vendors: Use the Lexicon and FS AI RMF as a baseline to tighten vendor diligence and contract clauses (e.g., incident coordination, updates, audit rights) while clearly stating what is binding versus reference material.

• Inventory Current AI-enabled Tools and Vendor Relationships, run the FS AI RMF Adoption Stage Questionnaire to gauge maturity, and use that output to ask AI vendors targeted governance questions (auditability, explainability, and lifecycle accountability).

Overview

• Voluntary Guidance (“Soft Law”): Treasury released these as non-binding tools to guide AI use and strengthen AI risk management practices (not as regulations).

• AI Lexicon (Shared Vocabulary): Establishes common definitions for key AI concepts, capabilities, and risk categories to improve clarity across legal, technical, and business teams.

• FS AI RMF (Operational Framework): A sector-specific adaptation of the National Institute of Standards and Technology (NIST) AI RMF, intended to translate high-level principles into practical, scalable controls for AI governance across the AI lifecycle.

• FS AI RMF Components: Includes an AI Adoption Stage Questionnaire and a scalable risk and control structure with more than 200 control objectives that organizations can tailor based on AI maturity and risk.

• Development Model: Produced through the Artificial Intelligence Executive Oversight Group (AIEOG) public-private collaboration coordinated with the FBIIC and FSSCC.

• Part of a Larger Series: Treasury announced a set of six AI deliverables for the sector, with the Lexicon and FS AI RMF as the first two.

Why This Matters

• Benchmarking Pressure: Even though the Treasury characterizes these resources as voluntary, a similar framework often becomes an informal benchmark used in audits, vendor oversight, and governance discussions.

• Operational Specificity (Not Just Principles): The FS AI RMF is designed to be implementable and assessable, translating AI risk governance into concrete controls and evidence expectations across the AI lifecycle.

• Contracting and Vendor Oversight Implications: Treasury’s shared vocabulary and sector-specific control objectives can influence how firms structure AI procurement, vendor diligence, incident reporting expectations, and audit rights—while still requiring careful legal framing.

Key Risks for Employers

• Treating “Voluntary” as Optional in Practice: Even though Treasury frames these as non-binding, they are positioned as practical tools for scalable AI governance and can become a benchmark in audits and oversight discussions.

• Misusing Lexicon Definitions in Contracts: The Lexicon explicitly cautions that it is an optional tool and not intended for private contracts; treating it as legally dispositive can create disputes and unintended obligations.

• Control-evidence Gaps: The FS AI RMF emphasizes implementable controls and evidence artifacts; weak documentation of decisions, testing, monitoring, and change control can create audit and governance exposure.

• AI Maturity Misclassification: Underestimating your adoption stage can lead to under-implementing controls for higher-impact AI deployments (or building the wrong controls in the wrong order).

• Third-party Risk Cannot be Outsourced: The FS AI RMF is designed for institutions and their third-party providers; gaps in vendor diligence, monitoring, and supply-chain governance can undermine “responsible AI” claims.

• Cybersecurity and Operational Resilience Drift: Treasury’s stated goal includes stronger AI cybersecurity and operational resilience; AI deployments that scale faster than security, monitoring, and lifecycle controls increase disruption and incident risk.

Additional information

• Treasury Announcement (Official): Treasury’s press release describes both resources and the problem statement (inconsistent terminology + uneven risk practices) the tools are intended to address.

• Lexicon Caveat (Important): The AI Lexicon states it is optional and does not represent official Treasury views, and it is not intended for legal interpretation or private contracts.

• Six-workstream Roadmap: Treasury announced the six AIEOG workstreams and the FSSCC guide lists them as: AI Lexicon & Taxonomy; FS AI RMF; Explainability; Data Nutrition Labeling; AI Enhanced Fraud; Identity & Authentication.

• Where to Access (Official/Primary): Treasury’s release page and the associated sector materials are available through Treasury and the AIEOG and FSSCC hubs.

Source Reference

• Department of Treasury – Press Release – Treasury Releases Two New Resources to Guide AI Use in the Financial Sector (February 19, 2026)

Resources

• FSSCC – Publish Documents

This communication is intended solely for the purpose of conveying information. The present post might incorporate hyperlinks directing readers to websites managed by third-party entities. The inclusion of any links within this communication is meant to serve as points of reference and could encompass opinion articles from various law firms, articles from HR associations, official websites, news releases, and documents of government agencies, and other relevant third-party sources. Vensure has no authority over these external websites and bears no responsibility for their content. Furthermore, Vensure does not endorse the materials present on these websites. The contents of this communication should not be interpreted as legal advice or as a legal standpoint concerning specific facts or scenarios. Nor should it be deemed an exhaustive compilation of facts potentially pertinent to federal, state, or local laws. It is strongly advised that employers solicit legal guidance from an employment attorney when undertaking actions in response to any legal updates provided. This is due to the possibility of future alterations occurring in federal, state, and local laws, regulations, as well as the directives and guidelines issued by governing agencies. These changes may transpire at any given time, potentially rendering certain portions of the content within this update void or inaccurate.