Context Informed logo Context Informed

AI Governance · Texas Community Banking

Right-sized AI governance for community banks.

Context Informed helps Texas community banks build practical, examinable AI governance. The work is grounded in federal supervisory practice and Texas law, and sized for institutions that cannot staff an enterprise program.

NIST AI RMFTRAIGA Safe HarborFFIEC IT HandbookFAIR QuantificationCRI Profile / FS AI RMFAAISM Domains 1–3
01

The situation

Texas community banks are entering a period where AI use and AI supervision are both moving faster than the guidance that governs them.

The Texas Responsible AI Governance Act took effect on January 1, 2026. It places the heaviest obligations on governmental entities, and it gives institutions a meaningful incentive to get governance right: substantial compliance with the NIST AI Risk Management Framework operates as a safe harbor. Enforcement runs exclusively through the Texas Attorney General, with a sixty-day window to cure many violations. The practical message for a bank is straightforward. A documented, NIST-aligned governance program is not paperwork. It is the difference between a curable finding and a penalty.

At the same time, the federal examination framework has not caught up. The FFIEC IT Examination Handbook has not issued AI-specific guidance. Examiners are being asked to evaluate AI risk management at supervised institutions using procedures written for an earlier generation of technology. That gap is not a reason to wait. It is the reason to build now so that a bank is ready whatever the handbook eventually says.

And most of the available help is built for the wrong institution. The published AI governance programs come from national advisory firms and platform vendors designed around large enterprises with compliance teams. A two-hundred-fifty-million-dollar community bank with thirty employees cannot implement an enterprise program. It needs governance that is proportionate to its size, its vendor-driven AI footprint, and its AI strategic objectives.

Context Informed exists to close that distance.

02

Service lines

1

Institutional AI Policy and Governance

Internal AI acceptable-use policies, governance structures, and a risk management framework for an organization's own use of AI in examination support, analysis, and reporting.

Where it fits best: an institution that must govern its own AI use to the standard it expects of others.

2

TRAIGA Compliance Guidance

Guidance that helps supervised institutions understand and meet TRAIGA obligations, including the NIST AI RMF safe harbor, disclosure requirements, and the documentation that demonstrates good-faith compliance.

Where it fits best: a community bank that needs to turn the safe harbor from a statutory phrase into an operating program.

3

Community Bank AI Readiness

Right-sized AI governance frameworks built specifically for institutions under ten billion dollars in assets, recognizing limited staff and a largely vendor-driven AI footprint. A direct application of the supervisory principle that model risk management should be tailored to a bank's size and complexity.

Where it fits best: a community bank that knows it cannot sit out AI and cannot run an enterprise program.

03

Why Context Informed

Most AI governance advice is written from one side of the examination table. Context Informed is built from both.

Brad Agee has spent more than twenty years inside examined institutions and across the examination table from them. He has held risk and audit roles at Texas community and regional banks, including Internal Audit IT Manager at Herring Bank, Information Security Officer at City Bank, and Chief Internal Auditor at American Bank of Commerce. He has worked the other side as a bank IT auditor at a CPA firm, scoping audit findings. As a senior risk consultant at RiskLens, he built and integrated quantitative cyber risk programs for large-cap institutions using the FAIR methodology.

That history is the practice's sharpest differentiator. A framework designed by someone who has sat for examinations, and has audited toward them, tends to be one institutions can actually run.

The credentials behind the work are AAISM, the first AI-specific security management certification from ISACA, held alongside CISSP, an MBA, and Open FAIR. The positioning is deliberate. Context Informed is a capability-builder, not a product vendor. The objective of an engagement is to leave a bank with governance it owns and can sustain, not a dependency on an outside advisor.

Credentials
AAISM · CISSP · MBA · Open FAIR
Based in
Lubbock, Texas
Practice
BSA Consulting (Context Informed), a single-member LLC
Credential Brief AAISM — Advanced in AI Security Management What the credential covers, and how its three domains apply to bank supervision.