The financial services industry faces mounting pressure to integrate artificial intelligence defences into its operational infrastructure as cyber threats evolve at an unprecedented pace. Marlene Amstad, who leads Switzerland's financial market regulator FINMA and chairs an international supervisory technology forum, has underscored the urgent need for banks and regulators to adopt cutting-edge technology to identify and remediate system vulnerabilities. In remarks following a hackathon designed to develop new supervisory tools, Amstad emphasised that the window for action is narrowing as hackers refine their attack methods and acceleration cycles.
The challenge confronting financial institutions transcends traditional cybersecurity management. Recent deployments of AI vulnerability-detection models have uncovered alarming gaps in system defences, triggering concern among policymakers about both immediate operational threats and broader national security implications. These discoveries have forced regulators to grapple with profound questions surrounding the safety protocols and accountability mechanisms that must underpin AI adoption within the financial sector. The tension between harnessing AI's analytical power and managing its inherent risks has become a defining governance question across developed and emerging economies.
Amstad articulated a fundamental principle guiding the regulatory response: as threat actors accelerate their operational tempo, financial institutions must correspondingly compress their vulnerability-patching cycles. This arms-race dynamic means that manual, traditional approaches to cybersecurity governance will prove inadequate. Machine-learning systems capable of identifying software flaws before they can be exploited represent a critical defensive capability that banks must deploy systematically. The Swiss regulator's position reflects a growing consensus among policymakers that AI is no longer optional infrastructure but rather a necessity for maintaining financial system stability.
To coordinate this transition globally, FINMA has helped establish a dedicated forum under the International Organization of Securities Commissions, the body that sets standards for securities regulators across markets representing approximately 95% of global financial assets. This institutional framework enables supervisors from different jurisdictions to align their approaches to AI deployment and share best practices. The coordination mechanism acknowledges that cybersecurity threats respect no borders, and fragmented national responses would leave dangerous gaps in the global financial system's defences. By embedding AI adoption within an established multilateral institution, regulators are signalling their commitment to systemic resilience.
The tangible expression of this commitment manifested in a recent hackathon that convened approximately 100 specialists in policy and technology. These participants collaborated intensively to develop prototype tools specifically designed for supervising cryptocurrency and digital asset markets. This focus on emerging asset classes reflects regulators' recognition that decentralised finance systems present novel security challenges that conventional supervision models struggle to address. The hackathon approach accelerates innovation cycles by bringing together officials and technologists in concentrated problem-solving environments, shortening the traditional timeline between identifying regulatory needs and deploying solutions.
Amstad revealed that regulators are exploring the prospect of encoding safeguards directly into blockchain and digital asset systems rather than applying oversight only at external supervisory checkpoints. This architectural approach would integrate compliance and security measures into the fundamental protocols governing digital assets. Such deep integration represents a fundamental shift from traditional regulation applied to institutions and would require close collaboration between regulators, blockchain developers, and financial engineers to avoid unintended consequences or systemic vulnerabilities embedded in the code itself.
The adoption of AI vulnerability-detection models has already exposed operational risks that underscore the stakes involved. Experience with systems such as Anthropic's Mythos has demonstrated that even advanced AI applications present their own security exposures and deployment challenges. These revelations have prompted financial institutions to examine not just whether they should adopt AI, but how they should architect their AI systems to minimise operational risks and maintain appropriate human oversight and accountability. The regulatory community is effectively learning in real time as deployment accelerates.
Geopolitical competition over AI capabilities has injected additional urgency into regulators' adoption timelines. The United States government recently directed Anthropic to discontinue exports of its latest Mythos and Fable models to markets outside approved jurisdictions, citing national security concerns and effectively weaponising AI development as a competitive advantage. Simultaneously, Chinese technology firm 360 Security Technology announced development of a domestically-designed alternative to Mythos, signalling that major economies are determining that self-sufficiency in advanced AI capabilities has become strategically essential.
This competitive dynamic has created pressure on Swiss policymakers and European regulators more broadly. Amstad has stressed that Switzerland must retain access to the most sophisticated AI models available to ensure that its financial system remains adequately defended against threats. The implication extends beyond Switzerland to all financially significant jurisdictions outside the United States: regulatory capacity to protect financial stability increasingly depends on access to leading-edge AI technology. Countries or regions that lose access to advanced models risk degrading their supervisory effectiveness and potentially destabilising their financial systems.
For Southeast Asian regulators and financial institutions, these developments carry particular significance. Many regional banks operate in jurisdictions where cybersecurity expertise remains concentrated in major financial hubs, and where budget constraints limit investment in advanced defensive infrastructure. The international coordination framework that FINMA and IOSCO are developing offers emerging markets a pathway to participate in and benefit from shared supervisory innovation without requiring each jurisdiction to develop AI capabilities independently. However, participation also requires that regulators in the region move swiftly to understand and evaluate these emerging tools.
Amstad has positioned AI as instrumental to strengthening financial system architecture before vulnerable systems become widely deployed. Rather than treating AI as an add-on to existing supervision, this perspective treats AI as a foundational element of next-generation regulatory systems. The implication is that regulators who delay adoption risk overseeing increasingly outdated surveillance and compliance infrastructure, while cyber threats continue to evolve. The window for regulatory adaptation remains open, but it is clearly closing.
The financial services industry globally is entering a phase where competitive advantage and systemic resilience increasingly hinge on AI deployment capability. Regulators must simultaneously accelerate their own adoption of these tools while managing the risks they introduce. The international coordination mechanisms being established represent acknowledgement that this challenge transcends individual national responses and demands coordinated global action. Whether existing regulatory institutions can move quickly enough to match the acceleration in both technological capability and threat sophistication remains an open question that will significantly shape financial system stability in coming years.
