STRATEGIC INSIGHTS
AI control across eighty institutions in eight sectors
A disclosure-grounded study of AI control across 80 leading institutions in 8 sectors.
This report evaluates publicly available information concerning AI control and governance at the institutions reviewed. It does not assess, audit, certify, or determine the actual effectiveness of any institution’s internal AI controls, governance, cybersecurity, or operational practices. Institutions may maintain controls, capabilities, or governance that are not publicly disclosed and therefore are not reflected here.
AI is a given. Control is not.™
FROM THE 2026 ANNUAL REPORT · CONSOLIDATED INDUSTRY AND EIGHT-SECTOR VIEW · 80 LEADING INSTITUTIONS
AN INDUSTRY-WIDE study of AI control
SCOPE & METHODOLOGY
Scope of This Report This report evaluates publicly available information concerning AI control and governance at the institutions reviewed. It does not assess, audit, certify, or determine the actual effectiveness of any institution’s internal AI controls, governance, cybersecurity, or operational practices. Institutions may maintain controls, capabilities, or governance that are not publicly disclosed and therefore are not reflected here. All findings reflect only the evidence identified through the methodology described in this report, on the basis of public disclosure as of the review period — and are analytical interpretations of that evidence, not statements of fact about any institution’s actual practices. Heat-map classifications reflect publicly available information reviewed under the methodology described in this report. They are not assessments or certifications of any institution’s actual internal AI capabilities or controls. Grey (Not Disclosed) indicates the absence of public disclosure, not the absence of control.
A Note on Independence Institutional AI publishes this report as independent research. Institutional AI also provides AI control advisory and technology services to financial institutions. The findings presented here were developed using the methodology described in this report and were not influenced by, and do not depend on, any commercial relationship with any institution reviewed. No institution’s placement reflects, or can be changed by, any commercial engagement with Institutional AI.
BEYOND THE STANDARD - the 5×5 Control Matrix, the tier syste
THE QUESTIONS EVERY BOARD MUST ASK ON AI CONTROL
BOARD BRIEFING │ 2026 EDITION
A Note to the Board
A board that asks these twenty-five questions and records honest answers will produce, in a single sitting, the most accurate picture of its institution’s real AI control posture it has ever held.
The pattern of answers — not any single answer — is the finding:
· Identify the critical cells. Five cells — one per ecosystem — typically carry the highest fiduciary consequence. Resolve those first.
· Assign an owner and a date to every "assured only" answer. An open control gap without an owner is an unmanaged risk.
· Make this a standing review. AI control is a fiduciary matter that sits above the technology-risk layer. The twenty-five questions are a quarterly instrument, not a one-time exercise.
For the institutions that steward the world's capital
Our Insights content is provided for informational and educational purposes only and does not constitute legal, regulatory, investment, tax, or other professional advice. The views expressed reflect Institutional AI's analysis as of the date of publication and are based on publicly available information and general market observations.
Where third-party research, data, surveys, or organizations are referenced, citations are provided in the corresponding publications. References are for analytical and educational purposes only and do not imply endorsement, affiliation, or partnership. Original research remains the property of its respective publishers.
Institutional AI makes no representation or warranty as to the accuracy, completeness, or suitability of the information for any purpose. Readers should conduct their own due diligence and consult appropriate professional advisors before acting on any information presented.
AI is a given. Control is not.™
© 2026 Institutional AI. All Rights Reserved.