The Risks of Artificial Intelligence in Financial Services

April 4, 2024

What happened?

In March, the U.S. Department of Treasury has released its newest report, Managing Artificial Intelligence- Specific Cybersecurity Risks in the Financial Services Sector. The report, which was mandated by Executive Order 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, outlines the current state of AI as it relates to the financial industry, as well as best practices for managing and utilizing AI, largely in relation to growing fraud and cybersecurity threats associated with AI. As AI continues to grow in popularity, it is critically important for financial services industry professionals to understand what AI is, how to use it responsibly, and how to take proper precautions to mitigate risk.

To create the report, the U.S. Treasury Department conducted 42 in-depth interviews with industry stakeholders. Key findings and observations follow.

Reported AI Usage Among Financial Institutions:

• Most financial institutions report that they are already using AI in some capacity, and several report long term machine learning tools in their risk management strategies.
• Some financial institutions report using behavior analysis AI in their existing cybersecurity tools. This type of AI can more accurately detect potential threats than current signature-based threat detection tools.
• Implementation of AI tools into cybersecurity programs is expensive but interviewees believe it has the potential to improve cost effectiveness in the long term.

Cybersecurity and AI:

• As AI tools quickly become widely accessible, interviewees predict there will likely be a rapid emergence of AI in cyberthreats. Malicious actors could use AI to create complex social engineering techniques, develop new malware that’s harder to detect, discover vulnerabilities in their victim’s network, and conduct disinformation campaigns.
• AI can also be used to conduct detailed fraud campaigns by impersonating individuals through mimicking voices, videos, or other identification factors—which has a heightened risk for the financial services industry. For instance, earlier this year an AI generated video call successfully convinced a Hong Kong financial worker to transfer $25.6 million dollars to malicious actors.

Risk Management:

• Interviewed financial institutions report that they rely on their existing risk management frameworks and best practices to implement AI risk management.
• Many also rely on frameworks such as NIST’s RMF or OECD AI Principals to guide their AI risk management frameworks.
• Institutions emphasized the importance of a collaborative relationship with regulators and their efforts to implement regulatory recommendations into their policies and procedures.

The U.S. Treasury Department also noted that the the the proposed rule on the Conflicts of Interest Associated with the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers would provide guidance and regulation regarding the use of AI, among other regulations.

What does this mean for me and my firm?

AI will continue to grow in popularity in usage. As it does, the likelihood of cyberattacks increases. Advisers should review their current cybersecurity programs and consider what updates are necessary to address AI.  Consider the following proposed best practices:

1. Add AI risk management into current risk management programs.
2. Develop and implement AI risk management frameworks.
3. Integrate risk management functions across departments.
4. Increase proactive compliance and mapping of the supply chain.
5. Expand vendor due diligence to account for AI factors.
6. Utilize NIST’s Cybersecurity Framework for potential AI opportunities.
7. Implement multifactor authentication using a risk-based tiering system.
8. Consider risk tolerance when implementing AI tools.

Fairview Cyber’s team of regulatory experts well-versed in AI and its implications on RIAs and compliance programs. If you have questions about AI, or how to update your compliance program to meet best practices regarding AI usage, let us know. One of our regulatory experts will be in touch soon. Contact us today for more information about our services.