AI in Financial Services: GAO Report Highlights Benefits, Risks, and Oversight Gaps

The May 2025 report by the U.S. Government Accountability Office (GAO-25-107197) offers a comprehensive overview of how artificial intelligence (AI) is reshaping the financial services sector. From automated trading and risk management to customer service and credit decisions, financial institutions are increasingly turning to AI for efficiency and cost savings. However, the report underscores that alongside these benefits come significant challenges, including the potential for bias, data quality concerns, and cybersecurity threats.

AI applications in finance range from chatbots and robo-advisors to complex credit underwriting algorithms. These tools offer greater financial inclusion, faster services, and increased security by detecting fraud and cyber threats more effectively than traditional systems. Institutions also see the potential for improved profitability and operational efficiency. Nevertheless, the GAO cautions that the very features that make AI powerful—such as its reliance on vast datasets and complex models—can also introduce novel vulnerabilities.

The report identifies multiple risks. For consumers, AI-driven decisions in lending may inadvertently perpetuate discriminatory practices, especially when training data reflects societal biases. Generative AI may produce inaccurate or misleading financial advice, while machine learning models used for credit scoring can struggle with explainability, creating compliance risks under laws like the Equal Credit Opportunity Act. Operational risks also arise when institutions rely on external technology service providers without robust oversight, making them more susceptible to data breaches and model failures.

The GAO finds that federal financial regulators primarily rely on existing laws and supervisory frameworks to oversee AI, rather than developing new regulations. Agencies such as the Federal Reserve, FDIC, OCC, and CFPB incorporate AI reviews into their risk-based examinations. While some have begun issuing AI-specific guidance—particularly in lending—the report notes a significant oversight gap at the National Credit Union Administration (NCUA). Unlike its peer agencies, NCUA has not issued comprehensive model risk management guidance applicable to AI and lacks statutory authority to examine technology service providers that support credit unions. These limitations hinder its ability to assess and mitigate emerging risks.

Importantly, the report emphasizes that most regulators view existing authority as generally sufficient, though the rapid pace of AI innovation could outstrip current frameworks. It recommends that Congress revisit GAO’s earlier recommendation to grant NCUA authority over third-party technology vendors and urges NCUA to issue broader and more detailed guidance on managing model risk.

The GAO concludes that as financial institutions and regulators increasingly integrate AI into their operations, a proactive and adaptable oversight approach will be essential. Balancing innovation with accountability, especially in areas affecting vulnerable consumers or market stability, will require ongoing policy evaluation and interagency coordination. The future of AI in finance, the report suggests, must be guided by principles of transparency, fairness, and robust risk management.

This blog post is a summary and interpretation of GAO report GAO-25-107197. It is not guaranteed to be accurate or complete and does not constitute legal advice.