Financial Sector Artificial Intelligence Executive Oversight Group Deliverables

 

The use of Artificial Intelligence (AI) and Generative AI (GenAI) offers tremendous opportunities within the financial sector including improving service delivery to customers and clients, strengthening fraud detection, increasing the security of firms themselves, and creating innovative products to grow the economy.  Simultaneously, AI is also being used by nefarious actors to perpetuate fraud and weaken firms’ security defenses.  As AI continues to take hold, it is critical that financial institutions (FIs) use AI appropriately to maximize the positive impacts of this technology for their clients and customers, while also mitigating the risk of AI use by adversaries.  To better understand and address these dynamic concerns, in late 2024, the Financial Services Sector Coordinating Council (FSSCC) and the U.S. Department of the Treasury in collaboration with the Finance and Banking Information Infrastructure Committee (FBIIC) established the AI Executive Oversight Group (AIEOG).

 

A US Treasury press release on the overall effort can be found at Treasury Announces Public-Private Initiative to Strengthen Cybersecurity and Risk Management for AI | U.S. Department of the Treasury.

 

This effort initiated six workstreams to develop deliverables in partnership with industry and federal and state regulatory partners to enable secure and resilient AI across the U.S. financial system. Together, participants focused on addressing identified gaps in the financial sector’s use of AI, developing practical tools that financial institutions can use to manage AI-specific cybersecurity risks while unleashing innovation.

 

  • AI Lexicon defines key AI-related terms based on definitions from various industry standards and government resources with the goal of improving sector communications, on aspects ranging from risk management to contracts negotiation. Participants from FBIIC member federal agencies and FSSCC member firms collaborated with U.S. Treasury on the development of this AI Lexicon which includes common risk management and technical terminology with a focus on frequently used terms that have a specific meaning in the context of AI use in the financial sector.

 

  • Financial Services AI Risk Management Framework (FS AI RMF) authored collectively by the FSSCC FS AI RMF Workstream and the Cyber Risk Institute (CRI), is an operationalization of the National Institute of Science and Technology’s (NIST) AI RMF specifically tailored for financial services. The FS AI RMF consists of four primary deliverables—an AI Adoption Stage Questionnaire, a Risk and Control Matrix, a User Guidebook, and a Control Objective Reference Guide. It is designed as a complement rather than a replacement to existing frameworks and provides a scalable and adaptable approach tailored specifically for the financial services environment. Organizations can utilize the FS AI RMF to design and conduct their own assessments, address gaps, prioritize mitigation efforts, and develop a more resilient control posture across various stages of AI adoption. The suite of resources for the FS AI RMF can be found on the CRI webpage located here.