AI security in finance: Bank of Russia recommendations
The Bank of Russia has published methodological recommendations designed to help financial institutions ensure information security when using artificial intelligence (AI) technologies.
This is the regulator’s first document that systematises risks associated with AI adoption, describes potential tactics of cyberattacks against AI systems, and gives recommendations regarding protection measures. For example, when a financial institution implements AI in its critical business processes involving high risks to information security, specifically in payment transactions, it is recommended that the relevant operation be confirmed by a human employee.
Furthermore, the Bank of Russia advises market participants to develop their own threat models and information security policies to work with AI. Responsibility for preparing these internal documents lies with an organisation’s deputy head for information security.
One of the sections of the recommendations addresses information security issues relating to AI services provided by vendors. For example, the fact that a vendor’s AI model participates in a bug bounty programme increases trust in that model.