NCUA resources that can be referenced when evaluating or performing due diligence on third-party vendors that provide artificial intelligence services:
Artificial intelligence (AI) continues to transform the financial services landscape. Credit unions are increasingly exploring AI solutions to enhance member services, streamline operations, and remain competitive. AI may present significant opportunities for improving efficiency and member experience, and it can also introduce unique risks and considerations that credit unions should carefully navigate. The National Credit Union Administration (NCUA) recognizes the importance of supporting credit unions as they evaluate, implement, and manage AI technologies. This page provides resources on risk management considerations specific to AI, which may help credit unions make informed decisions when implementing AI or partnering with AI service providers.
When partnering with AI companies and solutions, credit unions face distinct challenges that may extend beyond traditional third-party vendor management. These challenges include understanding algorithmic decision-making processes, ensuring fair lending compliance, protecting member data privacy, maintaining operational resilience, and managing model risk. The complexity of AI systems often requires careful consideration of due diligence approaches and ongoing monitoring of vendor frameworks.
The resources compiled here address key areas including AI implementation, risk management, data security, use cases, and cybersecurity risks. Whether you are beginning to explore AI solutions or seeking to enhance existing AI risk management practices, these resources are here to assist your credit union when considering AI tools.
AI Risk Management and Governance
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST), provides organizations with a comprehensive collection of “NIST AI Resources”. This resource hub provides credit unions with access to NIST’s extensive portfolio of AI tools and includes practical recommendations and suggestions for AI design, development, governance, and usage. NIST’s AI resources may offer credit unions practical approaches for managing risks to individuals and organizations associated with AI.
As credit unions explore AI technologies to enhance member services and operational capabilities, this resource may provide important considerations for building trustworthy AI systems that align with the cooperative principles and the member focused mission of credit unions.
AI Implementation and Scalability
The Committee of Sponsoring Organizations (COSO) of the Treadway Commission published a research paper on AI and enterprise risk management entitled “Realize the Full Potential of Artificial Intelligence: Applying the COSO Framework and Principles to Help Implement and Scale Artificial Intelligence.” This paper provides a structured framework for understanding and managing AI related risks, while exploring opportunities to leverage AI strategically. As credit unions increasingly consider AI applications for member services, fraud detection, and operational efficiency, this resource offers valuable insights into governance structures, risk assessment methodologies, and performance monitoring approaches.
COSO presents considerations for establishing board oversight, defining risk appetite, and implementing controls that may align with credit unions’ missions and core values. The resource also provides information that may support informed decision-making for credit unions as they navigate AI adoption.
AI Data Security
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) may serve as another resource for credit unions. CISA offers a range of AI resources and may provide credit unions with information related to protecting the data that powers AI systems throughout their entire life cycle. As credit unions increasingly leverage AI for member services, risk assessment, and operational optimization, CISA resources may assist credit unions as they consider the fundamental importance of securing AI training and operational data.
CISA published a “Cybersecurity Information Sheet on AI Data Security” that discusses AI data supply chain security, methods to protect against maliciously modified data, and the mediation of AI data drift risks. Credit unions can use this resource to help aid in the establishment of data security frameworks that protect sensitive member information, AI system integrity, and to maintain the accuracy of AI driven decisions that are critical to serving members effectively.
Deploying AI Systems Securely
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) also published an additional document, “Deploying AI Systems Securely”, that may serve as a resource for credit unions. The document provides comprehensive security methods for deploying and operating AI systems developed by external entities. As credit unions explore AI technologies for enhanced member services, fraud detection, and operational efficiency, this resource offers some critical cybersecurity considerations specific to AI system deployment and maintenance.
The document addresses the unique security challenges that AI systems may present, including the protection of model weights, secure API implementation, and continuous monitoring protocols. Credit unions can leverage this resource to help establish AI security frameworks that protect sensitive member data and maintain system integrity.
AI Uses and Opportunities in Financial Services
The U.S. Department of the Treasury published a report examining both traditional AI applications and emerging generative AI technologies. This report, “Artificial Intelligence in Financial Services”, addresses critical areas including data privacy and security standards, bias and explainability challenges, consumer protection considerations, concentration risks, and third-party vendor management.
Credit unions can leverage this resource to better understand the regulatory landscape, implementation best practices, and risk mitigation strategies as they evaluate AI technologies.
AI Specific Fraud Risks
The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) published a report on “Fraud Schemes Involving Deepfake Media Targeting Financial Institutions”. This report may provide credit unions with information on how to identify fraudulent activities involving AI and generated deep fake content. This resource addresses the growing threat of criminals using AI tools to create fake identity documents, photos, and videos to circumvent customer verification processes and commit fraud. The resource includes specific red flag indicators to help credit unions detect suspicious deep fake activity and includes best practices for strengthening identity verification procedures.
Credit unions can use this resource to enhance their fraud detection capabilities, protect members from sophisticated AI enabled scams, and ensure proper reporting of suspicious activities involving deep fake media to support broader efforts in combating financial crimes.