Financial institutions increasingly deploy AI systems built on open source components released under permissive licenses (Apache 2.0, MIT). These licenses contain broad warranty disclaimers drafted for conventional software libraries, not for autonomous AI agents making consequential financial decisions. We conduct a regulatory gap analysis, placing open source license terms next to the supervisory expectations of major financial regulators (OCC, FINRA, FCA, MAS) and the EU AI Act's open source carve-out. The analysis documents tensions across four dimensions: warranty, indemnification, audit, and attribution. The license disclaims all liability; the regulator assigns full accountability to the deploying institution; no framework addresses the intersection. We further identify agent identity as a prerequisite for accountability allocation and propose directions for a tiered accountability framework.
Alex Li (Fri,) studied this question.