Treasury Report — Managing AI-Specific Cybersecurity Risks in the Financial Services Sector
United States · Treasury Report (March 2024)
Treasury released a sector-wide report outlining AI-specific cybersecurity risks facing banks and financial institutions, the gap between large and small firms in AI-fraud defense, and supervisory expectations for AI-driven fraud, deepfakes, and prompt-injection attacks.
Technical detail
U.S. Treasury Department, 'Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector' (March 2024). Directs financial firms to extend existing third-party risk management (FFIEC, NIST), incident response, and model risk management programs to AI use cases including LLM agents, AI-enabled fraud, and synthetic identity.
Who is protected: Consumers and businesses banking with U.S. financial institutions
Who must comply: Banks, credit unions, broker-dealers, and other financial-services firms regulated by Treasury bureaus and partner agencies
Key facts
| Jurisdiction | United States |
|---|---|
| Level | Federal |
| Status | In effect |
| Protection strength | Limited protection |
| Effective date | 2024-03-27 |
| Enacted | 2024-03-27 |
| Citation | Treasury Report (March 2024) |
| Enforced by | U.S. Department of the Treasury (with OCC, FRB, FDIC, NCUA, FinCEN, SEC, CFTC) |
| Private right of action | No — agency enforcement only |
| Penalties | No direct penalties; supervisory expectations enforced via existing examination authority |
| Topics | consumer protection · consumer data privacy · automated decision-making |
| Last verified | 2026-06-17 |
| Official source | Treasury Report — Managing AI-Specific Cybersecurity Risks in the Financial Services Sector ↗ |
More AI rules in United States
- FTC Act Section 5 (unfair/deceptive AI) · In effect
- TAKE IT DOWN Act · In effect
- FCRA (AI in credit & background checks) · In effect
- ECOA / Regulation B (AI credit discrimination) · In effect
- Title VII / ADA (AI hiring) · In effect
- COPPA + 2025 Rule (childrens data) · In effect
Related consumer protection rules elsewhere
- CCPA/CPRA + ADMT Regulations · In effect
- AB 2013 (Training Data Transparency) · In effect
- SB 942 (AI Transparency Act) · Enacted (not yet in effect)
- SB 53 (Frontier AI Safety) · In effect
- Colorado AI Act (repealed) · Repealed / replaced
- SB 26-189 (Colorado ADMT Law) · Enacted (not yet in effect)
See something wrong or out of date? Submit a correction — every entry must carry a verifiable official source.