Artificial intelligence is already making consequential decisions about people’s money-who gets a loan, at what price, which claims get paid, what products show up on the screen, and how someone is coached to manage an account that’s running short. It does this at scale, largely out of sight, and with almost no accountability when it gets it wrong. That’s been true for a while. What’s changed is that AI is no longer just deciding. It’s starting to act.
For most of the history of consumer finance, the law has rested on a simple assumption: a person initiates the transaction. You apply for the card. You move the money. You click buy. Agentic AI breaks that assumption. We now have systems that can shop, switch, transfer, and even apply for credit on someone’s behalf-not following fixed rules you set in advance, but making judgment calls as circumstances change. Late last year, large language models crossed the line from recommending a purchase to completing it inside the same conversation. The same shift is coming fast to banking, lending, and insurance. No one has exactly gone all in yet. But, as use of general purpose chat tools is now ubiquitous just 3 years after the debut of ChatGPT, we may soon live in an agent-intermediated world. When an agent can initiate and finish a financial transaction without a human pressing the button each time, the old questions about consent, authorization, and who’s liable when it goes sideways don’t have ready answers.
That should give all of us pause. It clearly gives consumers pause. In our most recent nationally representative survey of more than 4,000 U.S. adults, most people know AI is somewhere in their financial lives — but far fewer realize it’s making the consequential calls. Only about one in six recalled encountering AI in a credit decision, and roughly one in ten in how they’re priced. People are not asking to be left out of the future. They’re asking for the future to be built so it actually works for them.
That’s the gap the Consumer Finance AI Standard is meant to fill.
The Consumer Finance AI Standard
Existing consumer protection laws apply to AI in full. But no framework has defined what consumers should be able to expect from an AI-powered financial product specifically-what good looks like in practice, not just what’s illegal. We built the Standard to answer that. It sets expectations across nine principles, all organized around one question: is this product actually working for the consumer?
Security and Trust – Your money, identity, and sensitive information are protected.
Privacy and Data Minimization – Only the data that’s needed gets used.
Transparency and Accountability – You can understand the decisions made about you, and someone is responsible when they’re wrong.
Honesty and Non-Manipulation – The AI tells you the truth, even when it isn’t what you want to hear, and never turns your own psychology against you.
Reliability and Operational Integrity – It works consistently and accurately, especially when the stakes are highest.
Consumer Agency and Control – You stay in control, including when AI is acting for you.
Duty of Loyalty – The AI works for you, not the company.
Fairness and Nondiscrimination – You’re treated based on your actual financial situation, not who you are.
Duty of Vigor – The AI doesn’t just avoid harming you-it actively works to advance your interest, surfacing the rights and options that are relevant to your situation.
Each principle breaks down into concrete criteria and evaluation procedures, so it gives consumers a clear standard to expect and companies a concrete roadmap to build against.
Why this isn’t model risk management
When people in financial services hear “AI standard,” they often think of model risk management-the SR 11-7 discipline that examiners and risk teams already know. Congress is even moving to clarify how that guidance applies to AI. That work matters. But it answers a different question than ours.
Model risk management asks whether a model is safe and sound for the institution: Is it accurate enough? Well-documented? Validated? A threat to the bank’s stability or the broader system? Those are the right questions for a regulator worried about the safety and soundness of a financial institution. They are not the same as asking whether the product is good for the person on the other side of it. A model can be perfectly validated, fully documented, and entirely within an institution’s risk appetite-and still be optimized to extract value from the customer rather than serve them.
That’s the line our Standard draws, and it’s why two of the principles have no real analog in model risk management. A Duty of Loyalty says the product’s primary objective must be the consumer’s financial interest-not engagement, not revenue, not a partner’s margins. A Duty of Vigor goes further: where you have rights under laws like ECOA, FCRA, or TILA, a loyal product should help you see and orient you to them rather than presenting an adverse decision as final. Model risk management has no concept of either. It was never designed to. It codifies the difference between a product that is not designed to harm you and one that is designed to help you – and only the second is a standard worth holding an AI to.
Why now
This is arriving at a moment when the public guardrails are loosening, not tightening. As of July 21, 2026, disparate-impact liability is gone from federal ECOA enforcement-the kind of outcome-based fairness test that has anchored fair lending for half a century. It survives under the Fair Housing Act and a growing number of state laws, and litigation is coming. But the federal floor just dropped, precisely as AI makes outcome-based discrimination easier to produce and harder to prove. When the public rules retreat, the case for a clear, independent, consumer-first standard gets stronger, not weaker.
Consumer-first AI is buildable. The reason a product optimizes for the firm instead of the customer is almost never a technical limit. It’s a choice about what the system is told to maximize. Our own innovation work, alongside researchers at Stanford and Princeton, has shown that long-standing duties-loyalty, disclosure, acting in a principal’s interest-can be translated into rules that govern how an AI agent actually behaves. The technology can carry these obligations. The question is whether the companies deploying it will choose to build that way. A standard makes that choice visible.
For nearly 90 years, Consumer Reports has tested products, published what we found, and given people something they could trust at the point of decision. This is that same work, aimed at a marketplace that’s now being run by software acting on people’s behalf. We’re not interested in slowing the technology down. We’re interested in making sure that when an AI is managing your money, it’s managing it for you.
If you’re building in this space, we want to build with you and we want to test the Standard with you. The Standard is how we’ll tell the difference between products that say they put consumers first and the ones that actually do.
