How Banks Are Securing Employee AI
Usage Without Blocking
Productivity

In 2023 the largest banks banned ChatGPT. By 2026 many of the same banks had put AI assistants in the hands of tens of thousands of employees. The industry paid a steep price for the lesson: a ban does not stop AI use – it just moves it underground and without oversight. This is how banks went from blocking to secure enablement.

~30%
of financial firms still ban or restrict employee generative-AI use — down sharply as enablement wins
98%
of Morgan Stanley advisor teams adopted its internal AI assistant — the "build, don't block" model
73%
of financial firms name data privacy & protection as their top AI risk — the core driver of AI governance
20 days
after Samsung approved ChatGPT, engineers leaked confidential data three times — the enablement risk

The last three years of AI in banking is a textbook example of why a blunt block is a bad idea. When ChatGPT took off in the early part of 2023, the biggest banks did what regulated institutions do: they blocked it. JPMorgan, Goldman Sachs, Citigroup, Bank of America, Wells Fargo and Deutsche Bank blocked or banned employees from using it, on the grounds of third-party data-handling and compliance risk. It was the safe-looking move. And it was also not enough on its own – because a block is a front door that is closed but all other doors are open.

Fast-forward to 2026, and several of those same institutions run some of the most ambitious internal AI deployments in any industry. Morgan Stanley's OpenAI-powered assistant reached 98% adoption among its financial-advisor teams. JPMorgan launched an internal suite of LLMs to tens of thousands of employees. Goldman Sachs rolled out its GS AI Assistant across the firm. Banks did not give up caution – they swapped the blunt instrument of blocking for a more nuanced approach: secure enablement. This guide is about how that change occurred, why blocking fails, and the practical framework banks use to enable employees to be productive with AI without putting the institution at risk.

The Three-Phase Evolution: Ban → Build → Govern

The industry went through three phases in about three years. Knowing the curve explains why "just block it" is now the wrong answer – and what took its place.

2023
Phase 1
Ban — the reflex response
When ChatGPT went viral, banks banned or blocked it in its entirety over concerns about third party data-handling and compliance. Perfectly understandable in the context of fiduciary duties – but it turned a data-governance issue into a simple access issue and pushed usage onto personal devices where IT had no visibility at all.
2023–24
Phase 2
Build — "don't block, provide"
Banks noticed that employees wanted AI so badly that they would go around the bans and they created official alternatives: enterprise LLM deployments trained on their own data and under contracts not to train on their inputs. Morgan Stanley, JPMorgan and Goldman provided employees with a safe official tool and thus took away the incentive to use a risky one.
2025–26
Phase 3
Govern — enablement with guardrails
We can't just give a sanctioned tool if sensitive data can still leak into it or if shadow AI is still running alongside it. We are in the governance phase: technical controls that look at what data goes into any AI tool, enforce policy in real time and produce the audit trail regulators want. Enablement and control, together.
Why Blocking Backfires

The uncomfortable truth banks discovered: a ban doesn't eliminate AI use, it eliminates AI visibility. It can't keep models out of company PCs, but it can't keep models out of employees' personal phones – and a motivated employee with a deadline will paste that spreadsheet into ChatGPT on their own device, where the bank has no monitoring, no redaction, no record. Blocking turns a governable risk into an invisible one. The Samsung case made this real: 20 days after approving ChatGPT, engineers leaked confidential source code and meeting notes three times – and that was with approval, in the open, where it could at least be seen.

Why a ban makes the risk worse, not better
Employee with a deadline BAN ONLY Corporate PC blocks it the front door only Personal phone → ChatGPT no monitoring, no record ✗ INVISIBLE ENABLE + GOVERN Sanctioned tool + control inspects every prompt Productive + sensitive data redacted, logged, allowed ✓ GOVERNED Same employee, same task — the only difference is whether the bank can see and control the data flow.

The Secure-Enablement Framework

The banks that get this right all arrive at the same four-part solution. It is not a question of productivity versus security, but of building the framework in which the employee gets the tool and the institution retains control.

Pillar 1
Provide a sanctioned tool
Provide employees with an approved, enterprise-class AI choice under contracts that do not allow training on your data so there is no productivity reason to use a consumer tool. Removing the incentive to go around policy is the bedrock on which everything else is built.
Pillar 2
Inspect the data, not just the tool
The risk is not the AI tool, but the sensitive data that is fed into it. Prompt inspection in real time for PII, account data, MNPI and source code allows you to enable productive use while catching the exact interactions that would be a red line.
Pillar 3
Enforce policy inline
Detection without action is only observation. The control must redact or block sensitive data at the time of use – before it leaves – so a good-natured employee physically cannot send client data to an un-governed tool, sanctioned or not.
Pillar 4
Log everything for the regulator
In banking, if you can't prove it, it did not occur. Every AI interaction and every policy decision must have an audit trail – the evidence that the examiner will accept, that the model-risk governance will use and that will transform "we have a policy" into "here is the enforcement record".

Tiered Access: Match the Control to the Data

Not all employees and not all tasks are equal and it is this that makes governance feel like friction. Banks that protect productivity use tiered controls – light touch for low risk use and tighter control where regulated data is in play.

Use case Data involved Control posture
Drafting internal memos, brainstorming No client or regulated data Light — allow & log
Summarizing public market research Public information only Light — allow & log
Coding assistance Internal (non-production) code Medium — inspect for secrets
Client-facing analysis, advisory prep Client PII, account data Strict — redact/block CHD & PII
Anything touching MNPI or deal data Material non-public information Strict — block to ungoverned tools
The Regulatory Backdrop

This is not just sound practice – it is driven by a pile of banking-specific obligations: GLBA and Reg S-P for customer financial data, SR 11-7 model-risk-management expectations, FINRA/SEC supervision and recordkeeping rules, MNPI and information-barrier requirements, and new AI-specific guidance. All of them require you to be able to show you have control over where sensitive data goes. An AI governance program that generates logs and enforces policy is not only safer – it is the answer to the examiner's question.

How Leading Banks Actually Did It

The pattern is very similar for all the institutions that went from banning to enabling: build or license a safe tool and then govern access to it and around it.

Morgan Stanley
I collaborated with OpenAI to launch an assistant trained on the firm's research and documentation, so that advisors can have access to the firm's internal intellectual property instead of a public chatbot.
98%
advisor-team adoption
JPMorgan Chase
Launched an internal LLM Suite to tens of thousands of employees after an initial ban – a sanctioned, governed environment that replaces the urge to use consumer tools.
200k+
employees with access
Goldman Sachs
Deployed GS AI Assistant across the firm, bringing generative-AI productivity to employees in a sandboxed environment instead of letting them shadow the tool.
Firmwide
rollout

Banks that won did not have to choose between security and productivity – they rejected the idea that it was a

— Polygraf AI, on secure AI enablement in banking
Free Tool · Polygraf AI Risk Calculator

Model your employee-AI exposure — and the cost of getting it wrong

What is the actual risk of how your people are using AI right now? Polygraf's AI Risk Calculator shows you your exposure to breach, regulatory and litigation risk and which obligations apply from GLBA to SR 11-7 to state privacy laws based on your tools, data types and current controls.

  • Quantified exposure across breach, regulatory, and litigation risk
  • A tailored read on which financial-services obligations apply
  • Gaps surfaced: sanctioned tooling, inspection, enforcement, and logging
  • Modeled reduction from adding inline detection and governance controls
Run the free AI Risk Assessment →
Sample result
Financial
Total Potential Exposure
$49.8M
Data breach
Regulatory
Litigation
Reputational

The Implementation Playbook

If you are moving your institution from blocking (or from an ungoverned free-for-all) to secure enablement, this is the order to follow

1
See what's actually happening first
Before you set policy, understand what AI is being used today – including shadow AI on approved and personal channels. You can't govern what you can't see, and the real use is usually much larger than the approved list would indicate.
2
Provide a sanctioned, enterprise-grade tool
Deploy a sanctioned AI solution on contracts that prohibit training on your data. Make it good enough that employees use it – the sanctioned route only works if it is actually useful, not a crippled compliance tick box.
3
Deploy inline data inspection and control
Add the control layer that detects sensitive data – PII, account numbers, MNPI, source code – as it is being typed into any AI tool and redacts or blocks it before it leaves. This is what allows you to enable broad use while the specific dangerous interactions do not occur.
4
Apply tiered policy by role and data
Match the intensity of control to the risk: light-touch for low-risk tasks, strict for client data and MNPI. Uniform friction is what employees hate (and run away from) governance – calibrated friction keeps them on the sanctioned track.
5
Log, monitor, and train continuously
Keep the audit trail regulators want, watch for new tools and new patterns, and train employees on the right way and why it is the right way. Governance is a process – new AI tools are always coming and the program has to keep up.
How Polygraf AI Enables Secure AI in Banking

Polygraf AI is the control layer that makes "enable without exposing" a reality. It is where employees interact with any AI tool, whether approved or not, and scrubs every prompt in real time for the data types banks need to protect: customer PII, account and card numbers, MNPI and source code. It strips and blocks that data before it leaves the environment, so employees can continue to be productive on their daily tasks while the specific interactions that would violate GLBA, expose MNPI or leak client data are automatically stopped. And it records every decision, providing the audit trail that examiners and model-risk teams need. Because it is on-premise with zero data egress and sub-100ms latency, it controls AI use without adding a new data-exposure point or slowing down employees. It is how a bank says yes to AI productivity without saying yes to the risk.

Polygraf AI

Let Your People Use AI — Safely

Polygraf AI audits every AI prompt for PII, account data, MNPI, and source code – redacting or blocking it before it is sent out, with the audit trail the regulators need. Productivity and control, together. On-premise, sub-100ms, zero data egress.

Request a Demo →
Air-gap ready · GLBA-aware · SOC 2 · PCI
Deploys in under an hour

NEWS & More

Insights & Updates from Polygraf.

Blog Posts

AI tools that process cardholder data may fall under PCI-DSS scope. Polygraf AI explains what finance teams need to know about PCI-DSS compliance for AI.

To learn more about Polygraf, please get in touch.

At Polygraf, we envision a future where AI augments human capabilities without compromising safety, privacy, or ethical standards. Trust in our commitment to building this future with you.

Products

thank you

Your download will start now.

Thank you!

Please provide information below and
we will send you a link to download the white paper.