Regulators adopt AI to counter cyber risks in banking

The global financial system faces a critical challenge as artificial intelligence simultaneously amplifies both the speed of cyberattacks and the urgency of regulatory response. Marlene Amstad, president of the Swiss Financial Market Supervisory Authority (FINMA) and chair of an international forum dedicated to supervisory technology, underscores the pressing need for banks and regulators to adopt cutting-edge technological defences. Speaking recently, Amstad emphasised that financial institutions must abandon reactive security postures and embrace proactive vulnerability detection powered by machine learning algorithms designed specifically to identify system weaknesses before criminal actors can weaponise them.

The intersection of artificial intelligence and cybersecurity has become increasingly fraught with danger for the financial sector. Recent analysis of AI-powered vulnerability detection models has revealed that cyberattack frequencies and sophistication are climbing steeply, creating compounding national security implications across jurisdictions. The core problem is asymmetrical: hackers using AI tools can identify and exploit weaknesses at machine speed, while traditional manual patching processes operate on human timescales. This temporal mismatch leaves institutions perpetually exposed to breach windows that may last hours or days. Regulators recognise that conventional cybersecurity frameworks, designed for slower threat environments, cannot adequately protect modern financial infrastructure without fundamental technological upgrades.

Swiss financial authorities have taken a leading role in establishing institutional mechanisms for coordinated AI adoption across the global regulatory landscape. FINMA has spearheaded the creation of a specialised forum within the International Organization of Securities Commissions, a body that establishes baseline standards for market regulation across jurisdictions representing approximately 95 percent of worldwide financial market activity. This institutional architecture represents a significant shift from the traditional fragmented approach to financial regulation, recognising that cybersecurity threats transcend borders and require harmonised technological responses. By concentrating expertise and resources within a single forum, regulators aim to accelerate the development and deployment of AI tools that supervisory authorities can apply consistently across different markets and regulatory environments.

The practical implementation of these regulatory ambitions crystallised during a recent international hackathon convened in Zurich, where approximately 100 policy specialists and technology experts collaborated to prototype new supervisory tools. The focus of this intensive workshop was particularly acute on cryptocurrency and digital asset markets, recognised as especially vulnerable to sophisticated attacks due to their rapid evolution and limited historical regulatory precedent. Participants worked to design AI systems capable of monitoring blockchain-based financial activities in real time, detecting anomalous patterns that might indicate emerging threats to market integrity or systemic stability. This hands-on approach reflects a sophisticated understanding that effective regulation requires regulators to develop genuine technological competence rather than merely imposing rules on institutions they do not fully understand.

One emerging regulatory concept involves embedding protective safeguards directly into the fundamental architecture of digital asset systems themselves, rather than attempting to monitor and police transactions after they occur. This represents a philosophical shift from traditional post-hoc enforcement towards preventive engineering, leveraging AI to design systems that resist compromise even if attacked by sophisticated adversaries. The implications for Malaysia and Southeast Asian fintech ecosystems are substantial, as the region has emerged as a global hub for digital asset innovation and cryptocurrency trading. Regulators across ASEAN nations will likely need to adopt similar architectural approaches to maintain credibility with both market participants and international supervisory bodies.

The geopolitical dimensions of AI-powered financial regulation have become impossible to ignore following recent decisions by the United States government. This month, American authorities directed Anthropic, a leading artificial intelligence research company, to cease exports of its latest foundation models, Mythos and Fable, citing grave national security concerns. The decision signals that advanced AI capabilities are now treated as strategically sensitive technologies subject to controls similar to military or nuclear export restrictions. Simultaneously, Chinese cybersecurity specialists at 360 Security Technology announced development of a domestically produced alternative to Mythos, indicating that technological restrictions may accelerate the balkanisation of AI development into competing geopolitical spheres. For financial regulators outside major power blocs, this fragmentation creates genuine dilemmas: obtaining access to the most sophisticated AI tools for defensive purposes may prove increasingly difficult if those tools become entangled in great-power competition.

Amstad articulated a clear position that Switzerland and by extension, smaller financial regulators globally, must retain unfettered access to the most advanced artificial intelligence models currently available. She contends that regulatory capability in the financial sector depends fundamentally on the ability to deploy state-of-the-art technology, and restrictions on AI access would handicap supervisory authorities precisely when they most desperately need enhanced technological prowess. This argument carries particular weight for Switzerland, which hosts disproportionate global financial activity relative to its population and has built an international reputation for sophisticated financial oversight. If Swiss regulators cannot access leading AI tools, that disadvantage would ripple throughout global financial markets where Swiss institutions and policies exert significant influence.

Further, Amstad emphasised that artificial intelligence must be deployed as a fundamental part of system hardening processes before financial platforms are made publicly available to users. This preventive principle reverses conventional industry practice, where security measures are often added reactively after deployment reveals vulnerabilities. AI tools examining code architecture, identifying logical flaws, and simulating attack scenarios can theoretically catch critical defects during development phases. The operational and reputational costs of deploying a system later found to be compromised are extraordinarily high, justifying substantial investment in AI-powered pre-deployment security analysis. For Malaysian financial technology companies seeking to access international markets, this emerging regulatory expectation may become a de facto requirement for market entry.

The broader context for these regulatory developments involves the fundamental acceleration of technological change in financial services. Machine learning and artificial intelligence are no longer peripheral technologies confined to niche applications; they have become central to core financial operations including trading, risk management, and customer service. This proliferation of AI systems simultaneously creates vulnerability surfaces that attackers can target. A single compromised AI model deployed across a major financial institution could theoretically affect millions of transactions before detection. Regulators are struggling to develop monitoring and governance frameworks adequate to supervising systems that even their developers sometimes cannot fully explain or predict.

For Southeast Asian financial regulators, including Malaysia's own supervisory authorities, these developments signal the necessity of substantially upgraded technological capacity within regulatory agencies themselves. The era when regulators could supervise financial systems using primarily legal and economic expertise has definitively ended; contemporary financial oversight requires embedded technical talent capable of understanding artificial intelligence, cryptography, and software architecture. Countries that fail to build this internal expertise will find themselves unable to effectively supervise increasingly AI-driven financial sectors, creating opportunities for bad actors to exploit regulatory blind spots. The investments required are substantial, but the costs of regulatory failure in an AI-dominated financial landscape would be catastrophic.

The coordination mechanisms being established through FINMA and international bodies represent an encouraging acknowledgment that cybersecurity in finance is an inherently international challenge. However, significant tensions remain between the imperative to adopt advanced AI tools and the geopolitical competition that is increasingly restricting access to the most powerful systems. How these tensions resolve will substantially shape the future landscape of global financial regulation and the relative competitiveness of different regional financial ecosystems. Malaysia and other ASEAN nations would be wise to participate actively in international regulatory forums establishing these new standards, ensuring that Southeast Asian interests and perspectives shape the global governance frameworks that will govern financial technology for decades to come.

Related Stories

BREAKING: Johor Assemblyman Quits UMNO, Drops Bombshell — Claims Royal Palace Ordered State Election

Anwar Ibrahim Bersama Kepimpinan PH Umumkan Calon PRN Johor Ke-16 di Bukit Gambir Malam Ini

Johor Centre Stage: PH Presents PRN16 Candidates Under Anwar's Leadership

Stay ahead of the headlines