Financial regulators across the globe are facing mounting pressure to integrate advanced artificial intelligence systems into their supervisory frameworks, driven by the alarming acceleration of cybersecurity threats targeting the banking sector. Marlene Amstad, president of Switzerland's Financial Market Supervisory Authority (FINMA) and chair of an international forum dedicated to supervisory technology, has underscored the critical urgency of this transition, warning that financial institutions and their overseers must move swiftly to adopt cutting-edge technological defences or risk catastrophic vulnerabilities in an increasingly hostile digital landscape.
The challenge confronting global financial systems has intensified dramatically as artificial intelligence capabilities have expanded, simultaneously empowering both legitimate security researchers and malicious actors seeking to exploit institutional weaknesses. Vulnerability detection models powered by AI have recently exposed significant gaps in existing protections, revealing the scope of potential cyberattacks and national security risks lurking within financial infrastructure. This dual-edged reality has forced regulators to confront uncomfortable questions about how AI itself must be leveraged defensively, even as its proliferation introduces new operational risks and accountability concerns that institutions have only begun to grapple with.
Amstad articulated a central paradox facing the financial sector: as criminal and state-sponsored hackers operate with increasing sophistication and speed, traditional defensive strategies focused on patching vulnerabilities after they are discovered have become fundamentally inadequate. Banks and financial institutions must fundamentally reimagine their cybersecurity posture, shifting from reactive responses to proactive, AI-enabled threat detection and rapid mitigation capabilities. The window for manual remediation has essentially closed, and organisations that fail to adopt algorithmic defences risk falling irreversibly behind the threat curve.
Recognising this imperative, FINMA has taken a leading role in establishing institutional frameworks for technology adoption among financial regulators. Working through the International Organization of Securities Commissions, a standard-setting body whose member authorities oversee approximately 95 percent of global financial markets, Switzerland has helped create a dedicated forum designed to accelerate AI deployment among financial watchdogs. This multilateral approach represents an acknowledgment that cybersecurity threats transcend national borders and that regulatory coordination, rather than fragmented national responses, offers the only realistic pathway to systemic protection.
The practical manifestation of this commitment materialised this week in a hackathon that brought together approximately 100 policy specialists and technology experts from supervisory agencies worldwide. Rather than convening merely to discuss theoretical frameworks, regulators gathered to collaboratively engineer concrete tools for supervising cryptocurrency markets, an area of particular concern given the nascent nature of digital asset regulation and the concentration of technical sophistication among market participants relative to the institutional knowledge of many supervisors.
Amstad revealed that regulators are now exploring the prospect of embedding protective safeguards directly into the architectural fabric of digital asset systems themselves, rather than relying solely on external monitoring and enforcement mechanisms. This preventive approach represents a significant shift in regulatory philosophy, moving beyond post-facto oversight toward systemic risk reduction embedded at the protocol level. Such an approach would theoretically make certain categories of financial crime or systemic risk substantially more difficult to execute, though it raises complex questions about the balance between security and market innovation.
The conversation around AI's role in financial supervision has been sharpened by recent experiences with specific large language models and their security implications. Anthropic's advanced AI systems have become a focal point for examination, with researchers and security professionals uncovering operational vulnerabilities that expose the nascent field of AI security to critical scrutiny. These discoveries have illuminated how even sophisticated systems designed by leading AI laboratories contain flaws that could potentially be weaponised by determined adversaries, particularly within high-stakes financial environments where system failures could trigger cascading market instability.
Geopolitical dimensions have substantially complicated the deployment landscape for financial regulators. The United States government, citing national security concerns, recently ordered Anthropic to halt exports of its most advanced AI models, effectively restricting global access to cutting-edge capabilities. Simultaneously, Chinese technology firms such as 360 Security Technology have announced domestic alternatives, suggesting that regulatory constraints on AI technology distribution may accelerate the fragmentation of global AI systems into competing regional ecosystems. For Switzerland and other smaller financial centres, such geopolitical constraints present genuine dilemmas about maintaining technological competitiveness while respecting the security directives of larger powers.
Amstad has publicly stated that Switzerland must retain access to the most advanced AI models available, framing this as a prerequisite for effective financial supervision in the modern era. Her argument rests on the principle that regulators cannot effectively oversee risks they lack the technological capacity to understand and anticipate. Without access to frontier AI systems, even sophisticated supervisory agencies risk becoming progressively outmatched by both sophisticated market participants and bad actors deploying equivalent or superior capabilities in their respective domains.
The regulatory community's conviction that AI will prove instrumental to systemic hardening reflects a recognition that traditional cybersecurity measures have reached the limits of their effectiveness against contemporary threats. Rather than viewing AI deployment as an optional enhancement to existing regulatory approaches, financial authorities increasingly regard it as a foundational necessity. This perspective carries important implications for how financial markets will operate in coming years, suggesting that institutional access to advanced AI systems will function as a de facto prerequisite for competitive participation in regulated finance.
For Malaysia and Southeast Asian financial centres, these developments carry significant implications. As regional economies deepen capital market integration and increase cross-border financial flows, the cybersecurity standards and AI capabilities deployed by global financial regulators directly affect the resilience and trustworthiness of platforms accessible to local institutions and investors. The emerging international consensus around regulatory use of AI creates both opportunities and risks for the region, potentially enabling more sophisticated supervision but also accelerating a technological arms race in which less-developed regulatory capacity could prove disadvantageous.
The broader trajectory appears clear: financial regulation will increasingly depend upon regulatory agencies possessing not merely formal authority over markets but also computational and artificial intelligence capabilities sufficient to comprehend and anticipate threats emerging from sophisticated actors operating at the frontier of technological capability. The international framework FINMA and others are constructing represents an attempt to democratise access to these capabilities across diverse regulatory contexts, though geopolitical fragmentation threatens to undermine such universalist ambitions.
