Financial regulators worldwide are racing to harness artificial intelligence as a defensive shield against accelerating cyber threats, recognising that traditional supervision methods cannot keep pace with hackers' evolving tactics. Marlene Amstad, president of Switzerland's Financial Market Authority (FINMA) and chair of an international supervisory technology initiative, has underscored the critical urgency of this technological pivot, warning that banks and regulators must move swiftly to identify and eliminate system weaknesses before they become exploitation targets.
The acceleration of AI-driven cybersecurity risks has become a central preoccupation for financial market authorities globally. Recent deployments of vulnerability-detection models have illuminated a troubling picture: cyberattacks are becoming more sophisticated and frequent, whilst simultaneously raising fresh operational and safety concerns for financial institutions deploying AI systems themselves. This paradox—where the technology meant to protect networks also introduces novel risks—reflects the double-edged nature of AI adoption in the heavily regulated financial sector. Institutions now face the uncomfortable reality that their defences and their vulnerabilities are increasingly intertwined with the same technological infrastructure.
Amstad emphasised that the fundamental challenge is one of velocity. As criminal actors and state-sponsored hackers accelerate their offensive capabilities, banks must develop matching speed in identifying flaws and deploying patches. This is not merely a technical issue but a supervisory imperative: regulators cannot effectively oversee the safety of financial systems if they lack the tools to detect risks in real time. Traditional inspection and audit methodologies, conducted at quarterly or annual intervals, have become dangerously anachronistic in an environment where significant breaches can occur within hours.
To address this institutional lag, FINMA has catalysed the creation of a dedicated forum within the International Organization of Securities Commissions (IOSCO), a standard-setting body that exercises influence over approximately 95 per cent of global securities markets. This multilateral platform represents an attempt to overcome the fragmentation that typically characterises financial regulation, where individual jurisdictions develop isolated approaches that leave systemic gaps. By aligning supervisory technology strategies across major economies, the initiative seeks to create a coherent global response to technology-enabled financial crimes and operational breakdowns.
The practical manifestation of this supervisory co-ordination took concrete form this week when roughly 100 policy officials and technology specialists convened for a specialised hackathon. Rather than adopting the adversarial model of traditional cybersecurity exercises, this gathering brought together regulators to collaboratively design new supervisory tools. The focus on digital asset supervision reflects growing anxiety about the nascent but rapidly expanding cryptocurrency sector, where regulatory capacity has historically lagged market innovation. The shared development approach enables resource-constrained authorities in smaller economies to benefit from technological advances that might otherwise remain exclusive to well-funded regulators in major financial centres.
Amstad has signalled that the regulatory ambitions extend beyond post-facto detection of breaches. Authorities are exploring whether safeguards could be embedded directly into the architecture of digital asset systems themselves, shifting from reactive supervision toward preventive design. This represents a conceptual shift from traditional regulation, which typically responds to harms after they materialise, toward a more proactive stance that treats technological design as inherently a regulatory concern. Such embedded guardrails could include automated compliance mechanisms, transaction monitoring protocols hardwired into blockchain systems, and algorithmic circuit-breakers designed to halt suspicious activity instantaneously.
The knowledge gained from practical experience with leading AI models has already surfaced concerning operational vulnerabilities. Amstad referenced recent experience with advanced systems such as Anthropic's models, which have exposed unexpected failure modes and safety challenges when deployed in high-stakes financial contexts. These discoveries have reinforced the view that AI is not a turnkey solution but rather a tool requiring careful integration, continuous monitoring, and substantial institutional investment in training and governance. Financial institutions deploying AI for trading, risk assessment, or compliance must simultaneously develop internal expertise to oversee these systems, a dual requirement that strains many banks' technical capacity.
Geopolitical dimensions have added urgency to the regulatory agenda. The U.S. government recently imposed export restrictions on advanced AI models developed by Anthropic, citing national security considerations. Such restrictions create a regulatory dilemma: authorities need access to cutting-edge technology to protect their financial systems, yet major powers are increasingly weaponising technology exports as instruments of strategic competition. China's 360 Security Technology has already unveiled domestic alternatives to restricted Western models, signalling that export controls may accelerate the fragmentation of the global AI ecosystem rather than contain technological proliferation.
Swiss authorities have articulated a particular concern about maintaining access to advanced AI capabilities. Amstad has stated plainly that Switzerland must retain connectivity to the frontier of AI development, lest its financial regulators and institutions fall behind in an increasingly bifurcated technological landscape. For a small country whose prosperity depends substantially on its reputation as a trusted global financial hub, regulatory disability would be economically catastrophic. This calculation drives Switzerland's active participation in multilateral supervisory initiatives and its interest in collaborative development approaches that spread costs and technical expertise across jurisdictions.
The irony inherent in this supervisory evolution is that regulators are increasingly dependent on the same advanced technologies that they are struggling to oversee. AI systems powerful enough to detect sophisticated attacks may themselves become targets for manipulation or misuse. This creates an escalating dynamic where the tools of regulation themselves require regulation. Looking forward, the financial sector will likely see continued investment in human expertise alongside technological deployment, as authorities recognise that algorithms cannot fully replace experienced judgment in navigating novel and evolving risks.
For Malaysia and other Southeast Asian financial centres, these global regulatory developments carry significant implications. As regional institutions increasingly integrate into global financial networks and as digital asset markets attract substantial flows in the region, alignment with international supervisory standards becomes strategically important. Malaysian regulators would benefit from observing how FINMA's supervisory technology forum evolves and whether the collaborative development model proves replicable in emerging market contexts where regulatory resources are more constrained.
