The U.S. Department of the Treasury issued a report this week that probes cybersecurity risks in the financial sector from artificial intelligence (AI).
The report, called Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector, identifies significant opportunities and challenges that AI presents to the security and resiliency of the financial services sector. It provides an overview of current AI use cases for cybersecurity and fraud prevention, as well as best practices and recommendations for AI use and adoption.
“Artificial intelligence is redefining cybersecurity and fraud in the financial services sector, and the Biden Administration is committed to working with financial institutions to utilize emerging technologies while safeguarding against threats to operational resiliency and financial stability,” Under Secretary for Domestic Finance Nellie Liang said. “Treasury’s AI report builds on our successful public-private partnership for secure cloud adoption and lays out a clear vision for how financial institutions can safely map out their business lines and disrupt rapidly evolving AI-driven fraud.”
The report outlines ways to address immediate AI-related operational risk, cybersecurity, and fraud challenges.
Among them, it addresses the widening gap between large and small financial institutions when it comes to in-house AI systems. Large institutions are developing their own AI systems, while smaller institutions may be unable to do so because they lack the internal data resource. Additionally, financial institutions that have already migrated to the cloud may have an advantage when it comes to leveraging AI systems.
It also examines narrowing the fraud data divide. As more firms deploy AI, a gap exists in the data available to financial institutions for training models. This gap is significant in the area of fraud prevention, where there is insufficient data sharing among firms. As financial institutions work with their internal data to develop these models, large institutions hold a significant advantage because they have more historical data. Smaller institutions generally lack sufficient internal data and expertise to build their own anti-fraud AI models.
It also looks at how financial institutions and regulators are collaborating on how best to resolve oversight concerns together in a rapidly changing AI environment.
Further, it probes how the National Institute of Standards and Technology (NIST) AI Risk Management Framework could be expanded and tailored to include more applicable content on AI governance and risk management related to the financial services sector.
In addition, it looks at:
• Best practices for data supply chain mapping and “nutrition labels;”
• Explainability for black box AI solutions;
• A need for a common AI lexicon;
• Untangling digital identity solutions; and
• International coordination.
The report was developed by the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP), which conducted interviews with 42 financial services sector and technology related companies. Financial firms, from global systemically important financial institutions to local banks and credit unions, provided input on how AI is used within their organizations. Additional stakeholders included technology companies and data providers, financial trade associations, cybersecurity and anti-fraud service providers, and regulatory agencies.