AI Regulation: Does AI Need a Bank Examiner?

In an opinion piece published in The Wall Street Journal last week, two Wharton profs argue that when it comes to AI regulation, the government should look to its experience with bank regulation as a guide:

Frontier AI labs aren’t banks, but they’re structurally similar. A few private companies are making fast-moving, technically complex decisions that carry significant public consequences. In a draft paper, we propose an AI Risk Supervisor: an expert body with jurisdiction over a few frontier model developers. Modeled on bank supervision, it would do three things.

First, conduct continuous examinations. Frontier labs already maintain internal safety processes, rehearse responses to cyberattacks, and publish manuals for their systems. A supervisor would turn those episodic disclosures into a regular process, seeing risk assessments, deployment plans, and incident reports before they become public controversies.

Second, administer confidential stress tests. If the government wants to know whether a model can meaningfully assist cyberattacks, biological misuse or autonomous weapons development, it shouldn’t publish a checklist every lab can optimize against and every adversary can study.

Third, require mitigations when examinations reveal unacceptable risks.

The goal isn’t to declare models “safe.” It is to make sure dangerous capabilities are identified, managed and constrained before they cause systemic harm.

The authors say that this AI risk supervisor could be funded by industry fees, with Senate-confirmed leadership removable by the president.  However, they argue that its staff should be insulated from day-to-day political pressure (yeah, good luck with that in the current environment). As with other federal agencies, the AI risk supervisor would report regularly to Congress and publicly disclose aggregate findings, enforcement actions and standards, while maintaining the confidentiality of specific examination findings.