SINGAPORE Trends and Developments Contributed by: Rajesh Sreenivasan, Steve Tan, Benjamin Cheong and Lionel Tan, Rajah & Tann Singapore LLP
GenAI and Financial Institutions GenAI stands to revolutionise how our business - es operate, making business processes more productive, efficient, and convenient. Some pos - sible use cases include the automation of data extraction, acceleration of research, streamlin - ing of operations, and enhancement of customer experience. However, GenAI poses unique risks for certain industries – in particular, financial institutions (“FIs”). Threat actors’ use of GenAI can lead to serious repercussions for FIs, including cyber attacks, scams, and data leakage. These could impact the organisation financially and repu - tationally and may lead to potential regulatory repercussions. The Monetary Authority of Singapore (“MAS”) has thus published an information paper on “Cyber Risks Associated with Generative AI” on 30 July 2024. This paper aims to raise FIs’ awareness by highlighting key cyber threats aris - ing from GenAI, the risk implications, and the appropriate mitigation measures that FIs can take. The paper covers the following threat areas: • deepfakes and GenAI-enabled phishing; • malware generation and enhancement; • data leakage from GenAI deployment; and • genAI model and output manipulation. The information paper is part of Project Mind - Forge, in which MAS, financial industry partici - pants, and technology partners collaborate to develop a risk framework for the responsible use of GenAI in the financial sector.
has sought to assist enterprises in this regard as well. On 31 May 2024, AI Verify Project Moon - shot was launched, providing an easy-to-use testing toolkit designed to address security and safety challenges often associated with the use of large language models. It is one of the world’s first open-sourced tools to combine red-team - ing, benchmarking, and baseline testing in one platform. Guidelines on Securing AI Systems On 15 October 2024, the Cyber Security Agency of Singapore (“CSA”) issued the Guidelines on Securing AI Systems and the accompanying Companion Guide for Securing AI Systems. The guidelines were developed to help organisations adopt AI in a secure manner, covering the fol - lowing areas: • identifying potential threats and risks; • providing principles to guide decision-makers and practitioners on the implementation of security controls; and • providing best practices to protect AI sys - tems. In particular, it proposes a four-step process for organisations to identify potential risks, pri - orities, and, subsequently, the appropriate risk management strategies as follows. • Step 1: Conduct a risk assessment focusing on security risks to AI systems. • Step 2: Prioritise areas to address based on risk/impact/resources. • Step 3: Identify and implement the relevant actions to secure the AI system. • Step 4: Evaluate residual risks for mitigation or acceptance.
432 CHAMBERS.COM
Powered by FlippingBook