NCUA Shares AI Risk Management Resources

The National Credit Union Administration ("NCUA") compiled reference material for credit unions to use "when evaluating or performing due diligence on third-party vendors that provide artificial intelligence services." 

The on-line publication includes material on "AI implementation, risk management, data security, use cases, and cybersecurity risks." NCUA emphasized that AI systems often require careful consideration beyond traditional third-party vendor management and that while artificial intelligence offers opportunities to enhance member services and efficiency, it introduces unique challenges regarding fair lending, data privacy, and model risk. To assist institutions in navigating these complexities, the NCUA included information on due diligence, algorithmic decision-making, and vendor management. 

The NCUA pointed to a 2024 report from the Treasury Department on AI risks in financial services and FinCEN on fraud schemes involving deepfake media. These materials are intended to help institutions detect suspicious activity, strengthen identity verification against sophisticated scams, and understand the broader regulatory landscape surrounding emerging technologies. The agency also highlighted cybersecurity resources from the Cybersecurity and Infrastructure Security Agency ("CISA") focused on protecting data throughout the AI lifecycle and deploying systems securely, specifically addressing challenges such as model weight protection and secure API implementation.