HomeLegal DirectoryTreasury AI Cyber Report (Fin. Services)

In effect Limited protection

Treasury Report — Managing AI-Specific Cybersecurity Risks in the Financial Services Sector

United States · Treasury Report (March 2024)

Treasury released a sector-wide report outlining AI-specific cybersecurity risks facing banks and financial institutions, the gap between large and small firms in AI-fraud defense, and supervisory expectations for AI-driven fraud, deepfakes, and prompt-injection attacks.

Technical detail

U.S. Treasury Department, 'Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector' (March 2024). Directs financial firms to extend existing third-party risk management (FFIEC, NIST), incident response, and model risk management programs to AI use cases including LLM agents, AI-enabled fraud, and synthetic identity.

Who is protected: Consumers and businesses banking with U.S. financial institutions

Who must comply: Banks, credit unions, broker-dealers, and other financial-services firms regulated by Treasury bureaus and partner agencies

Key facts

JurisdictionUnited States
LevelFederal
StatusIn effect
Protection strengthLimited protection
Effective date2024-03-27
Enacted2024-03-27
CitationTreasury Report (March 2024)
Enforced byU.S. Department of the Treasury (with OCC, FRB, FDIC, NCUA, FinCEN, SEC, CFTC)
Private right of actionNo — agency enforcement only
PenaltiesNo direct penalties; supervisory expectations enforced via existing examination authority
Topicsconsumer protection · consumer data privacy · automated decision-making
Last verified2026-06-17
Official sourceTreasury Report — Managing AI-Specific Cybersecurity Risks in the Financial Services Sector ↗

More AI rules in United States

Related consumer protection rules elsewhere

See something wrong or out of date? Submit a correction — every entry must carry a verifiable official source.