[author: Raj Gambhir]
- Pursuant to President Biden’s October 2023 AI executive order, the US Department of Treasury (Treasury) released a report on cybersecurity risks in the financial services sector in March 2024.
- While recognizing the benefits that AI-based cybersecurity tools provide, the report cautions financial institutions to be aware of both the special vulnerabilities of such AI-based tools and the novel capacities that AI grants to threat actors — defined as individuals or groups that intentionally harm digital devices or systems — seeking to carry out targeted cyberattacks against financial institutions.
- To address these risks, Treasury recommends that financial institutions implement risk management procedures in line with the principles contained within “existing laws, regulations, and supervisory guidance.”
- Treasury also recommends that the industry and regulators work to create a common AI lexicon, expand the National Institute of Standards and Technology’s AI Risk Management Framework (“NIST AI RMF”) to more explicitly address the financial sector, support further research on algorithmic explainability, and address gaps in human…
