Florida Banking February/March 2026

Navigating AI Use How to Manage Third-Party Risk Without Stifling Your Bank’s Growth NCONTRACTS

RAFAEL DELEON SENIOR VICE PRESIDENT, INDUSTRY ENGAGEMENT,

and generate “hallucinations” – outputs that appear credible but are not factual. When these issues originate within third party relationships, the impact lands on your bank, your customers and your reputation. Where Third-Party AI is Hiding The first challenge is visibility. Not all AI use is obvious, and much of it operates quietly in the background. Banks and their vendors often use AI in anti money laundering and counter-terrorist financing, where transaction-monitoring tools identify suspicious activity and unusual patterns. AI is also common in enterprise platforms such as Microsoft Dynamics to support fraud detection, workflow automation and customer insights. Credit scoring and loan underwriting platforms rely on AI models to assess risk and inform decisions. Effective oversight starts by asking which vendors have your data, how it’s used, who can access it and what decisions AI influences or makes. Once you understand where AI exists across vendor relationships, you can assess the specific risks those systems introduce and determine where additional controls are needed. Data privacy and security are often the most significant risk areas. Vendors should be able to clearly document their security controls, including encryption standards, access management, and incident response procedures, so expectations are clear before an incident occurs. Banks often learn about vendor breaches from third parties — a clear breakdown in transparency.

The way your bank uses artificial intelligence (AI) extends far beyond your walls and internal systems. Every day, your vendors — and their vendors — are using AI to support your operations, services and customers. While nearly two-thirds of financial institutions with assets under $1 billion monitor their vendors' AI usage, understanding how and where it’s being used, where your data lives, and how it's being deployed is becoming more challenging. As threat actors grow more sophisticated and banks become more dependent on third-party providers, the risk surface continues to expand. The challenge isn’t choosing between innovation and control. It’s putting the right guardrails in place — clear expectations, meaningful transparency and ongoing oversight — so you can harness AI’s value without losing visibility into third-party risks. The Promise and the Peril of AI More than half of financial institutions with assets under $1 billion rely on just one or two people to manage their third-party risk programs, and nearly a third lack a dedicated full-time resource overseeing third-party risk management (TPRM). For community banks with lean teams managing dozens or even hundreds of vendor relationships, AI offers real advantages: streamlining operations, accelerating document processing and contract reviews, and flagging potential risks faster. But those gains come with tradeoffs. AI can introduce biased outcomes, expose sensitive data, create compliance gaps,

NCONTRACTS “

The first challenge is

visibility. Not all AI use is obvious, and much of

it is operating quietly in the background.”

12 | FLORIDA BANKING