The US Department of the Treasury has published a comprehensive report addressing cybersecurity risks associated with the use of Artificial Intelligence (AI) in the financial services sector.
Mandated by a Presidential Executive Order, the report, led by the Office of Cybersecurity and Critical Infrastructure Protection, aims to guide the sector toward secure AI utilization while acknowledging the technology’s potential to redefine cybersecurity and fraud prevention.
This report comes as a response to growing concerns relating to heightened risks of cyber threats targeting the financial sector:
“Like other critical infrastructure sectors, the financial services sector is increasingly subject to costly cybersecurity threats and cyber-enabled fraud,” the report states. “As access to advanced AI tools becomes more widespread, it is likely that, at least initially, cyberthreat actors utilizing emerging AI tools will have the advantage by outpacing and outnumbering their targets.”
The document underscores the importance of public-private collaboration in adopting secure cloud technologies and outlines key areas for future focus, including addressing capability gaps between large and small institutions, improving fraud data sharing, and enhancing regulatory coordination.
It also highlights the necessity of expanding the National Institute of Standards and Technology AI Risk Management Framework, developing best practices for data supply chain mapping, and addressing challenges related to explainability, talent gaps, and the need for a common AI lexicon.
The report specifies a number of best practices for managing cybersecurity risks in finance, including:
- Situating AI risk management within existing enterprise risk management programs
- Developing and implementing an AI risk management framework
- Integrating risk management functions for AI
- Implementing risk-based tiered multifactor authentication mechanisms
- Considering risk tolerance of AI systems
The report also stipulates that there are a variety of challenges that lie ahead:
“There are many direct and indirect AI-related challenges and opportunities for the financial services sector, including those regarding consumer and investor protection, disparate impact, financial stability, and financial regulatory concerns,” the report states. “Treasury will continue to assess different aspects of AI impact for the financial services sector with respect to gaps and emerging concerns.”
The Treasury’s recommendations are based on interviews with various stakeholders, aiming to foster a secure, innovative financial landscape.