Artificial intelligence (AI)

The term ‘artificial intelligence’ means a machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations or decisions influencing real or virtual environments.

Source: AIEOG AI Lexicon (Feb 2026), 15 USC 9401

Artificial intelligence (AI) is the broad term for machine-based systems that can make predictions, recommendations, or decisions to achieve human-defined goals. The statutory definition from 15 USC 9401 is the authoritative reference used across federal agencies and is the definition financial institutions should align with for governance purposes.

The definition describes a three-step process: (1) perceive the environment by taking in data, (2) analyze that data and build models from it, and (3) use those models to produce actionable outputs, predictions, recommendations, or decisions.

This is intentionally broad. It encompasses everything from simple rule-based systems that follow predefined logic to sophisticated machine learning models that learn patterns from data to generative AI systems that create new content. The breadth ensures that governance and regulatory frameworks can cover the full range of AI technology.

For financial institutions, the practical implication is that many existing systems may qualify as AI under this definition, even if they were not originally described that way. A statistical model that scores loan applications, a rules engine that flags suspicious transactions, and a chatbot that handles customer inquiries could all fall within the statutory definition.

The definition of AI is the gateway to governance. What counts as AI determines what falls within the scope of AI-specific policies, risk assessments, inventories, and regulatory expectations. Getting this definition right is the first step in building an effective AI governance program.

Regulatory alignment:

• Federal alignment. The 15 USC 9401 definition is used by the Treasury, OMB, NIST, and other federal agencies. Financial institutions that align with this definition ensure consistency with federal expectations.
• Examination scope. Examiners will use some version of this definition when determining which of your systems to ask about during AI-focused supervisory activities.
• Inventory completeness. A definition that is too narrow will miss systems that regulators consider AI. A definition that is too broad will create unnecessary governance burden. The statutory definition provides a reasonable middle ground.

Practical challenges:

• Legacy systems. Many institutions have statistical models and rules engines that pre-date the current AI discussion but may meet the definition. Deciding how to bring these into AI governance is a common challenge.
• Vendor products. Vendor tools may embed AI capabilities that the institution is not fully aware of. The definition helps identify which vendor products should be in scope.
• Emerging capabilities. As AI technology evolves, new capabilities (generative AI, agentic systems) need to be assessed against the definition and brought into governance.

1. Adopt a clear, defensible AI definition. Align your internal definition with 15 USC 9401 or the NIST AI RMF definition. Document why you chose it.
2. Apply the definition consistently. Use the same definition across all governance activities: inventories, risk assessments, policies, and training.
3. Assess legacy systems. Review existing models and automated systems against the AI definition to determine which fall in scope.
4. Communicate the definition across the organization. Business units, technology teams, and procurement need to understand what qualifies as AI so they can identify it when they encounter or acquire it.
5. Review vendor products. Assess whether vendor tools used by your institution contain AI capabilities that should be brought into your governance framework.
6. Update as needed. If the regulatory definition evolves, update your internal definition and reassess what falls in scope.

AI system, AI model, Machine learning, Deep learning, General purpose AI, Traditional AI, AI governance