국가전략정보포털

Title page

Contents

Executive Summary 2

1. Introduction 7

1.1. BACKGROUND AND PURPOSE OF THIS REPORT 7

1.2. REPORT ORGANIZATION 7

1.3. SCOPE AND METHODOLOGY 8

1.4. WHAT DO WE MEAN BY ARTIFICIAL INTELLIGENCE? 9

1.5. FINANCIAL SERVICES SECTOR PROFILE 10

1.6. CYBERSECURITY AND FRAUD TRENDS 10

2. Artificial Intelligence in Financial Services: Cybersecurity and Fraud Protection 12

2.1. AI SYSTEMS AND MITIGATION OF CYBERSECURITY AND FRAUD RISKS 12

2.2. MIXED USE OF IN-HOUSE AND THIRD-PARTY AI SYSTEMS 13

2.3. CAUTIOUS ADOPTION OF GENERATIVE AI SYSTEMS 14

2.4. CYBERSECURITY AND RISKS RELATED TO AI MODELS 14

2.5. FRAUD DETECTION AND THE IMPACT OF DATA 15

3. AI Cybersecurity and Fraud Threats for Financial Institutions 16

3.1. CYBERTHREAT ACTOR USES OF AI 16

3.2. CYBERTHREATS TO AI SYSTEMS 17

3.3. IDENTITY IMPERSONATION AND SYNTHETIC IDENTITY 18

3.4. THIRD-PARTY RISKS AND MAGNIFIED DATA SECURITY AND PRIVACY 19

4. Regulatory Landscape for Artificial Intelligence in Financial Services 21

4.1. U.S. FINANCIAL SECTOR REGULATORY LANDSCAPE 21

5. Best Practices for Managing AI-Specific Cybersecurity Risks 26

5.1. SITUATING AI RISK MANAGEMENT WITHIN EXISTING ENTERPRISE RISK MANAGEMENT PROGRAMS 26

5.2. DEVELOPING AND IMPLEMENTING AN AI RISK MANAGEMENT FRAMEWORK 27

5.3. INTEGRATING RISK MANAGEMENT FUNCTIONS FOR AI 27

5.4. EVOLUTION OF THE CHIEF DATA OFFICER ROLE AND MAPPING THE DATA SUPPLY CHAIN 28

5.5. ASKING THE RIGHT QUESTIONS OF VENDORS 29

5.6. SURVEYING NIST'S CYBERSECURITY FRAMEWORK TO IDENTIFY OPPORTUNITIES FOR AI USE 29

5.7. IMPLEMENTING RISK-BASED TIERED MULTIFACTOR AUTHENTICATION MECHANISMS 30

5.8. PICKING THE RIGHT TOOL FOR THE JOB AND RISK TOLERANCE 31

5.9. CYBERSECURITY BEST PRACTICES CLOSELY APPLY TO AI SYSTEMS 31

6. Next Steps: Challenges & Opportunities 33

6.1. NEED FOR A COMMON AI LEXICON 33

6.2. ADDRESSING THE GROWING CAPABILITY GAP 34

6.3. NARROWING THE FRAUD DATA DIVIDE 34

6.4. REGULATION OF AI IN FINANCIAL SERVICES REMAINS AN OPEN QUESTION 35

6.5. EXPANDING THE NIST AI RISK MANAGEMENT FRAMEWORK 35

6.6. BEST PRACTICES FOR DATA SUPPLY CHAIN MAPPING AND "NUTRITION LABELS" 36

6.7. DECIPHERING EXPLAINABILITY FOR BLACK BOX AI SOLUTIONS 36

6.8. GAPS IN HUMAN CAPITAL 37

6.9. UNTANGLING DIGITAL IDENTITY SOLUTIONS 38

6.10. INTERNATIONAL COORDINATION 39

7. Conclusion and Other Treasury AI Work 40

Annex A: FSSCC R&D Committee Paper: Artificial Intelligence in the Financial Sector: Cybersecurity and Fraud Use Cases and Risks 41

Annex B: External Participants 48

Glossary 49