US Treasury unveils initiative to strengthen AI cybersecurity and risk management across finance
The US Treasury announced a public-private push to tighten cybersecurity and risk management for artificial intelligence in the financial sector. Backed by the President's AI Action Plan, the department will release six resources in February 2026 to help financial institutions deploy AI that is secure and resilient.
These resources were built in partnership with industry leaders and federal and state regulators. The goal: close practical gaps, reduce cyber exposure tied to AI, and enable responsible innovation without slowing down the business.
Who's at the table
The AI Executive Oversight Group (AIEOG) led the work, formed through the Financial and Banking Information Infrastructure Committee (FBIIC) and the Financial Services Sector Coordinating Council (FSSCC). It brings together senior executives from banks and other financial institutions, federal and state regulators, and key sector stakeholders.
The group focused on tools management can actually use-sharpening governance, standardizing data practices, improving transparency, and strengthening defenses against fraud and identity threats.
What's being released in February
- Six practical resources to guide secure AI adoption across the US financial system.
- Staged rollouts through February 2026 to help firms review, implement, and iterate.
- Workstreams covering governance, data management, transparency/explainability, fraud mitigation, and digital identity-built to work together, not as isolated checklists.
"As this Administration has made clear, it is imperative that the United States take the lead on developing innovative uses for artificial intelligence, and nowhere is that more important than in the financial sector," said Treasury Secretary Scott Bessent. "This work demonstrates that government and industry can come together to support secure AI adoption that increases the resilience of our financial system."
Why this matters for management
AI is moving from pilots to production in credit, payments, fraud, AML, and ops. With that comes higher stakes: model abuse, data leakage, third-party risk, and faster fraud cycles. Regulators will look for clear lines of accountability, documented controls, and measurable outcomes.
The Treasury's resources will help align risk, security, and business teams on what "good" looks like. Expect more clarity on governance expectations, data controls, model transparency, fraud detection standards, and identity assurance.
Action checklist for leaders
- Assign a single accountable owner for AI risk and cybersecurity across the portfolio.
- Inventory AI systems, data flows, and third-party dependencies; classify by business impact and threat exposure.
- Update AI governance to include model registries, security reviews, red-teaming, monitoring, and incident playbooks.
- Tighten data controls: lineage, access, retention, encryption, and synthetic data policies for training and testing.
- Refresh threat models for AI-specific risks (prompt injection, model theft, data poisoning, output manipulation).
- Strengthen fraud and identity programs with continuous monitoring, anomaly detection, and step-up verification.
- Bake security and audit clauses into vendor contracts for AI services and models; ensure evidence is accessible.
- Prepare board reporting on AI risk posture, key controls, and metrics-quarterly at minimum.
- Upskill teams in AI security and governance; align roles across risk, security, data, and product.
What to watch
- Staggered releases from Treasury in February 2026-plan internal reviews and quick pilots per deliverable.
- Potential alignment with the Administration's broader AI directives and regulator guidance across finance.
Useful context: the Administration's direction on AI is outlined in the Executive Order on Safe, Secure, and Trustworthy AI. You can review it here: White House Executive Order on AI. Treasury news and updates are available via its newsroom: U.S. Department of the Treasury - Press Releases.
Next steps for your team
Stand up a short, focused task force (risk, security, data, compliance, and product) to map the new resources to your current controls and roadmaps. Prioritize quick wins that reduce real exposure-access controls, monitoring, vendor evidence-while planning deeper changes to governance and data practices.
If you're building capability and need structured development paths, see AI for Finance and the AI Learning Path for CIOs.
Your membership also unlocks:
