On May 19, the GAO published a report discussing the use and oversight of AI in financial services. The report highlighted the benefits of AI, such as improved efficiency, reduced costs, and enhanced customer experience, while also addressing risks like biased lending decisions, as well as cybersecurity and privacy threats. The GAO noted that AI strengthens security by detecting cyber threats and fraud more effectively but warned of systemic risks if too many institutions rely on similar AI models or third-party providers.

Regulators reported to the GAO that existing laws, regulations and guidance generally apply to financial services activities regardless of whether AI is used. Most of the regulators interviewed said that their existing authority is sufficient to supervise financial institutions’ use of AI at this time. However, in its report, the GAO identified limitations in the NCUA’s oversight framework, including insufficient model risk management guidance and a lack of authority to examine third-party technology providers. The GAO recommended expanding NCUA’s model risk management guidance to align with leading practices, such as those outlined in NIST’s AI Risk Management Framework, and suggested Congress grant the NCUA the authority to examine service providers to credit unions.

The report also noted while usage across agencies varied, federal financial regulators are using AI themselves to assist with general agency operations, as well as supervisory and market oversight practices. However, regulators highlighted their usage of AI is not used as a sole decision-making source but rather to inform staff decisions.