Login to Bank Services

Enter your email address and password below to gain access.

To login to the Online Training Series, please click here.

Close
About the authors
Written by
Jamie Perry Chief Security Officer

​As Senior Vice President & Chief Security Officer at COCC, Jamie Perry leads our cutting-edge infrastructure and cybersecurity operations. In addition, she oversees our information technology governance, risk, and compliance strategy, business continuity, disaster recovery, and physical security efforts. Working closely with our technology teams, she has been an integral part of the success of our technology, security, resiliency, and product enablement. In 2019, Jamie received the Women of Innovation Award in the Large Business category from the Connecticut Technology Council for her work in developing COCC’s Security Operation Center (SOC), a 24×7 cybersecurity monitoring solution created to protect our clients, critical in today’s cyber landscape. Prior to joining COCC, Jamie served as a Senior Bank Information Technology Regulator where she worked with financial institutions and service providers of all sizes.

Jamie holds a bachelor’s degree in cybersecurity management and policy, a master’s degree in digital forensics, and holds several professional certifications. She is a retired U.S. Air Force Reservist, enlisting in the United States Air Force in 2004 as a Basic Public Affairs Specialist and joining the Inspector General in 2015. Jamie also has extensive experience in public relations, network administration, and information security engineering.

Jamie Perry
Chief Security Officer

Artificial intelligence (AI) is rapidly becoming part of the banking technology landscape, but for many community banks, it is not arriving through a formal strategy or internal development initiative. Instead, AI is increasingly embedded within the software institutions already rely on, from fraud monitoring and cybersecurity platforms to productivity tools. As these capabilities quietly expand within vendor platforms, banks may find themselves using AI before they have formally governed it, creating a new oversight challenge for boards and executive teams.

The entry point is rarely dramatic. A fraud detection platform adds a machine learning layer. A document review tool begins flagging exceptions automatically. A cybersecurity solution starts using behavioral analytics to identify anomalies that a rules-based system would have missed. Each update is an improvement, and each one moves the institution further into AI-enabled operations, often without a formal decision to do so.

The Vendor Delivery Problem
Community banks have long relied on technology providers and fintech partners to deliver capabilities that would be difficult to build internally. AI is increasingly following the same path. In many cases, these capabilities are introduced to improve efficiency, automate routine analysis or generate insights from large volumes of operational data.

The problem is transparency. Vendors are not always explicit about which features rely on AI. As a result, institutions may begin using AI through software updates or new platform features without fully understanding how those capabilities affect governance, risk management or regulatory oversight. A new feature welcomed for its efficiency gains is rarely subjected to the same scrutiny applied to a new vendor relationship or product launch and that gap is widening faster than most boards realize.

Accountability Doesn’t Outsource
Even when AI functionality resides within a vendor platform, regulators will likely continue to hold institutions accountable for how those systems are used and how automated decisions affect customers. This expectation is consistent with long-standing outsourcing guidance: Institutions cannot transfer responsibility for risk management simply because technology is delivered by a third party. As AI becomes more deeply embedded within vendor solutions, that principle takes on new importance.

The regulatory framework around AI is still developing, but examination pressure is already building. Agencies have made clear that model risk management expectations apply regardless of whether the model was built in-house or acquired through a vendor. Institutions that cannot clearly articulate where AI is operating in their technology stack or what oversight exists around those systems, will face harder conversations with regulators sooner than they expect.

Where Boards Should Start
For boards and executive teams, a useful starting point is asking management a few practical questions:

  • Where is AI already embedded within our technology stack?
  • Do we maintain an inventory of vendor platforms that include AI-driven capabilities?
  • How do vendors notify the bank when automated decision tools or machine learning features are introduced?
  • Do our existing risk management and governance frameworks adequately address AI-enabled systems?

A reasonable governance baseline does not require building a dedicated AI program from scratch. Start with a vendor inventory that tracks where AI is in use, what decisions those systems influence, and what contractual commitments exist around model changes and disclosure. From there, leadership can assess whether existing frameworks, third-party risk management, model risk oversight and fair lending review extend meaningfully to AI-enabled tools, or whether gaps need to close before the next exam cycle raises them first.

AI will continue to reach community banks and through the vendors and fintech partnerships that power much of the industry’s technology infrastructure. These capabilities will keep arriving gradually, through platform updates and new features, well ahead of any formal strategy. The priority for boards and executive teams should not be slowing that innovation but rather ensuring governance keeps pace with the technology already in place.

The institutions that get ahead of this won’t be the ones who moved fastest on AI, they’ll be the ones who looked hardest at what they already had.

WRITTEN BY

Jamie Perry

Chief Security Officer

​As Senior Vice President & Chief Security Officer at COCC, Jamie Perry leads our cutting-edge infrastructure and cybersecurity operations. In addition, she oversees our information technology governance, risk, and compliance strategy, business continuity, disaster recovery, and physical security efforts. Working closely with our technology teams, she has been an integral part of the success of our technology, security, resiliency, and product enablement. In 2019, Jamie received the Women of Innovation Award in the Large Business category from the Connecticut Technology Council for her work in developing COCC’s Security Operation Center (SOC), a 24×7 cybersecurity monitoring solution created to protect our clients, critical in today’s cyber landscape. Prior to joining COCC, Jamie served as a Senior Bank Information Technology Regulator where she worked with financial institutions and service providers of all sizes.

Jamie holds a bachelor’s degree in cybersecurity management and policy, a master’s degree in digital forensics, and holds several professional certifications. She is a retired U.S. Air Force Reservist, enlisting in the United States Air Force in 2004 as a Basic Public Affairs Specialist and joining the Inspector General in 2015. Jamie also has extensive experience in public relations, network administration, and information security engineering.