Treasury official: Small financial institutions have ‘growth to do’ in using AI against threats

AI-specific fraud and cyber risks in the financial sector are especially pronounced for small banks, the agency’s chief AI officer said.
The sun flares over the headquarters of the U.S. Treasury on Jan. 3, 2024, in Washington, D.C. (Photo by J. David Ake/Getty Images)

Major financial institutions have used artificial intelligence to play increasingly stingy defense against fraud and cybersecurity threats over the past decade, a top Treasury Department official said Thursday. But “there’s growth to do” when it comes to deploying those same technologies for smaller banks.

Todd Conklin, the Treasury Department’s chief AI officer and deputy assistant secretary for the Office of Cybersecurity and Critical Infrastructure Protection, said during an American Bankers Association virtual event that the sector has done “very well” to narrow the cybersecurity gap between large and small lenders. 

But though Conklin has seen a “significant reduction” in fraud at some of the country’s largest financial institutions thanks to AI, there’s a concerted public-private effort now on “how do we ensure that we’re … leveraging the capabilities of our largest institutions and making sure that our smallest institutions have the same advantage from a defensive perspective.”

Protecting small financial institutions from AI-fueled threats was a primary topic of discussion during Thursday’s press briefing featuring Conklin and two members of the Financial Services Sector Coordinating Council, which contributed to Treasury’s March report on managing AI-specific cyber risks in the financial services sector.


Paul Benda, vice chair of the FSSCC and executive vice president of fraud, risk and cybersecurity at the ABA, said the focus of current and future public-private financial sector coalitions will be to “figure out ways to provide more data and better training systems” to smaller institutions. 

“By their nature, small institutions simply don’t have the same volume of data to train their systems on,” Benda said. “They may not have access to some [of the] same high-end technical systems that some of the larger institutions have. … Can we take those lessons learned from those larger institutions that are more leaning forward, that have sandboxes they can play in to test out these capabilities, and extend those to small institutions?”

At least some of the dozens of financial institutions interviewed as part of last month’s Treasury report raised “significant concerns about the data used to train commercial generative AI because of privacy and liability concerns.” A potential solution floated by representatives from those participating banks would be a “standardized description, similar to a nutrition label, for vendor-provided generative AI systems to clearly identify what data was used to train a model, where it came from, and how any data submitted to the model will be incorporated.”

Debbie Guild, the FSSCC chair and head of enterprise technology & security at PNC Financial Services Group, acknowledged during Thursday’s call that nutrition labels won’t “be something that everybody will care about.” But there is plenty of value for financial institutions large and small to be transparent about when an AI model “stopped being trained” given the decision-making that revolves around those outputs, she said.

Conklin added that nutrition labels will be “really significant” for small financial institutions given their reliance on third-party data sources “to meet the level of explainability that’s going to be required of them by the Regulatory Oversight Committee,” an international body of more than 65 markets regulators and other public officials from 50-plus countries. 


Treasury and the FSSCC, meanwhile, have enlisted “multiple core providers” — makers of software used by banks to manage processes — in discussions on how best to adopt and apply AI to financial services, Conklin said. 

Those third-party services “have a significant role to play as does, frankly, the U.S. Treasury Department, in terms of making sure we’re working in lockstep with our sector partners to try to close the gap between our largest and smallest institutions,” he added. “We’re going to definitely try to encourage as much innovation in that space as reasonably possible.”

Matt Bracken

Written by Matt Bracken

Matt Bracken is the managing editor of FedScoop and CyberScoop, overseeing coverage of federal government technology policy and cybersecurity. Before joining Scoop News Group in 2023, Matt was a senior editor at Morning Consult, leading data-driven coverage of tech, finance, health and energy. He previously worked in various editorial roles at The Baltimore Sun and the Arizona Daily Star. You can reach him at

Latest Podcasts