AI risk doesn't stop at the model

For most of the last two years, the question financial institutions have asked about artificial intelligence has been a question about the model. Is it accurate. Is it biased. What does it do with our data. Those are the right questions, and a great deal of governance has been built to answer them. Last weekend was a reminder that some of the more consequential risks sit outside the model altogether.

What happened

On Friday 12 June, the US Commerce Department issued an export control directive barring foreign nationals from using Anthropic's two newest and most capable models, citing national security concerns tied to a cybersecurity vulnerability. The restriction applied to any foreign national, inside or outside the United States, including the company's own staff. Unable to apply that criterion selectively, Anthropic withdrew the models for everyone while it disputes the order. Its established models remained available, so this was not a blanket loss of access. It was something more specific, and in some ways more instructive.

The detail that matters is not the outage. It is the basis for it. Access was gated by nationality, overnight, by a single government, on grounds the provider itself contests.

Why this lands differently for banks

A global or regional bank runs on a multinational workforce. Compliance in Hong Kong, technology in India, surveillance in London, all drawing on the same tools. A control that switches access on or off according to passport is no longer a thought experiment. It is a live operational fact, and it raises two questions at once.

The first is one every risk function already knows how to ask. How exposed is a deployment strategy to capability a government can withdraw without notice, and where is the fallback. This is concentration risk and provider dependency in a new setting.

The second is newer and harder. What does it mean to build core workflows on tools that some of your own colleagues may be barred from using on the basis of where they were born. That is not only a resilience question. It is an ethics and agency question, and it will not be answered by a continuity plan.

The gap our frameworks were not built for

Financial institutions have built real discipline around AI already. Model risk management, responsible AI, concentration risk, provider dependency. These are mature lenses, and they work. But each of them governs how a model behaves, or how dependent we are on it. None was designed to govern whether we are permitted to use it at all.

That is the gap this weekend exposed. Geopolitical and sovereign exposure is not a tail event to be noted and filed. It is becoming a standing variable in any decision to deploy advanced AI, and it deserves a place on the risk register alongside the lenses we already trust. The institutions that handle this well will be the ones that asked the question before a directive landed, not after.

I have no special insight into where this particular order goes next, and the legal position is contested. But the principle it surfaces is not going away. Access to advanced AI is becoming something governments shape, and that is now part of the risk, not background to it.

So the question I would put to any AI governance forum this week is a simple one. Does your framework account for geopolitical risk, or does it still stop at the model, relying on MRM and RAI frameworks built to govern how the model behaves, not whether you can use it. I would be interested to hear how others are thinking about this.