US Treasury Issues First AI Risk Framework for Banks
The U.S. Treasury has released the first standardized AI Risk Management Framework (FS-AI-RMF) for the financial sector. The framework provides guidance for banks on governance, data integrity, fraud prevention, and operational resilience when deploying AI systems.
- This initiative is part of a larger rollout of six resources the Treasury plans to release in February to help the financial sector securely adopt AI. The other resources will cover topics like governance, data integrity, fraud, digital identity, and operational resilience. - The framework was developed by the Artificial Intelligence Executive Oversight Group (AIEOG), a public-private partnership. This group brought together senior executives from financial institutions, federal and state regulators, and other key stakeholders. - A key component of the release is an "AI Lexicon" designed to establish a common language for AI concepts within the financial industry. This is intended to improve communication between technical, business, and regulatory teams. - The Treasury's framework is specifically designed to adapt the National Institute of Standards and Technology's (NIST) more general AI Risk Management Framework for the financial services sector. It aims to translate the high-level principles of the NIST framework into actionable, sector-specific controls. - For a practical application, the framework includes a matrix of 230 control objectives to help financial institutions manage risks throughout the entire lifecycle of an AI system. It also provides a questionnaire to help an institution determine its current stage of AI adoption. - The guidance is intended to be scalable for financial institutions of all sizes, with a particular focus on helping small and mid-sized institutions. - While the framework provides guidance, some cybersecurity experts are calling for more than just principles and are urging for the implementation of enforceable controls. There are concerns that without mandated guardrails, the guidance may be too aspirational as AI-enabled attacks increase. - The release of this framework is in support of the President's AI Action Plan, which calls for clear standards and risk-based governance for the safe and responsible deployment of artificial intelligence.
