In response to Presidential Executive Order 14110 on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, the U.S. Department of the Treasury has released a comprehensive report on Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector. The report, prepared by the Treasury's Office of Cybersecurity and Critical Infrastructure Protection (OCCIP), aims to address the challenges and opportunities posed by AI in the financial industry.

Under Secretary for Domestic Finance Nellie Liang stated that the Biden Administration is fully committed to collaborating with financial institutions to harness emerging technologies while safeguarding against threats to operational resilience and financial stability.

The report highlights significant risks and opportunities in deploying AI in the financial services sector. One of the key challenges is the growing disparity between large and small institutions in developing in-house AI systems. While larger institutions have the resources to develop their own AI systems, smaller institutions face limitations due to a lack of internal data resources required for training large models. Additionally, institutions that have migrated to the cloud have an advantage in securely leveraging AI systems.

Addressing the gap in fraud prevention data sharing among firms is another critical challenge identified in the report. As AI deployment increases, data availability for training models becomes crucial, particularly in fraud prevention. Larger institutions have an advantage over smaller ones due to their extensive historical data, while the latter often lack the necessary resources and expertise to build their own anti-fraud AI models.

The report also raises concerns about regulatory fragmentation as various financial-sector regulators both at the state and federal levels, and internationally, are developing regulations for AI. Regulatory coordination is deemed essential to ensure effective oversight in the rapidly evolving AI landscape.

To mitigate operational risks associated with AI, the National Institute of Standards and Technology (NIST) AI Risk Management Framework could be expanded and tailored to include more relevant content specific to the financial services sector.

The report emphasizes the importance of monitoring data supply chains and proposes the development of best practices for data supply chain mapping. Furthermore, it suggests the implementation of standardized descriptions, akin to "nutrition labels," for vendor-provided AI systems and data providers. These labels would provide transparency on data usage and origin.

Explainability of black box AI solutions, such as generative AI, also poses a challenge for financial institutions. The report suggests conducting additional research and development to improve explainability solutions and encourages the adoption of best practices in the absence of these solutions.

Recognizing the need to bridge the AI workforce talent gap, the report emphasizes the importance of best practices for less-skilled practitioners and role-specific AI training for employees outside of information technology fields.

To facilitate effective communication across the financial sector, the report calls for the establishment of a common AI lexicon that can be understood universally by financial institutions, regulators, and consumers.

In terms of international collaboration, the report acknowledges ongoing discussions about AI regulation in the financial services sector and affirms the Treasury's commitment to engaging with foreign counterparts.

Throughout the report's preparation, the Treasury conducted interviews with 42 financial services sector and technology-related companies, ranging from large international financial institutions to local banks and credit unions. Major technology companies, data providers, trade associations, cybersecurity and anti-fraud service providers, and regulatory agencies also contributed their insights.

While the report does not impose requirements and does not explicitly endorse or discourage the use of AI in the financial sector, the Treasury will continue to work with private sector stakeholders, federal agencies, financial regulators, and international partners to address the challenges and explore the impacts of AI, including its effects on consumers and marginalized communities.

The Treasury's dedication to researching and addressing AI-related risks in the financial sector underscores its commitment to ensuring the safe and secure development and utilization of AI technologies in the modern financial landscape.