The world's financial regulators face an urgent challenge: cybersecurity threats are evolving faster than traditional defence systems can adapt. As artificial intelligence reshapes both attack and defence capabilities in the financial sector, Marlene Amstad, president of Switzerland's FINMA and chair of an international supervisory technology forum, has warned that banks and regulators must act decisively to close vulnerabilities before malicious actors exploit them. Speaking following a major hackathon convened by market supervisors, Amstad underscored the mounting pressure on institutions to strengthen their technological defences against an AI-accelerated threat landscape.
The conversation around AI and financial security has grown more urgent in recent months as vulnerability detection models have revealed concerning gaps in existing systems. These tools have surfaced troubling evidence of cyberattack risks climbing steeply, alongside broader national security vulnerabilities that extend beyond individual institutions. The integration of artificial intelligence into financial systems introduces novel operational and safety questions that regulators are only beginning to understand. Unlike traditional cybersecurity challenges that follow predictable patterns, AI-driven threats operate with speed and adaptability that challenge conventional supervisory approaches.
Amstad's message to the financial sector is unambiguous: as hackers accelerate their operations and increase their sophistication, banks cannot remain static in their response. The traditional cycle of identifying vulnerabilities, developing patches, and deploying fixes has become too slow for the current threat environment. Financial institutions must compress this timeline dramatically, moving from reactive remediation to proactive identification and near-instantaneous patching. This shift demands not only technological investment but also fundamental changes to how banks manage their IT operations and cybersecurity governance.
Recognising the global scale of the challenge, FINMA has spearheaded the creation of a dedicated forum within the International Organization of Securities Commissions, the internationally recognised standard-setter for securities market regulation. This forum explicitly aims to accelerate AI adoption among financial watchdogs that collectively oversee approximately 95 per cent of global financial markets. By bringing regulators together under a coordinated framework, the initiative seeks to prevent regulatory fragmentation and ensure consistent approaches to AI-enabled supervision across borders. For Malaysian regulators and financial institutions, participation in such forums matters significantly, as supervisory standards set in Zurich and other major centres often cascade into local requirements.
The practical dimension of this regulatory push became visible at a hackathon held this week, where approximately 100 policy specialists and technology experts gathered to collaboratively develop new supervisory tools. The immediate focus centred on cryptocurrency and digital asset markets, areas where regulatory capacity has consistently lagged behind market innovation. Participants worked to design artificial intelligence systems capable of monitoring crypto transactions, identifying suspicious patterns, and detecting emerging risks in real time. These tools represent a departure from traditional compliance approaches that rely heavily on manual review and post-facto investigation.
Beyond merely detecting vulnerabilities, regulators are exploring a more ambitious approach: embedding safeguards directly into the architecture of digital asset systems themselves. Rather than treating security as an external layer added after a system is built, this strategy would interweave protective mechanisms into the foundational code and infrastructure. Such an approach could prevent certain categories of attack before they materialise, shifting the burden of security from constant reactive monitoring to preventative system design. For Southeast Asian regulators developing digital asset frameworks, understanding and potentially adopting such preventative architectures could significantly enhance market resilience.
Amstad's discussion of specific AI models illustrates the competitive and geopolitical dimensions of financial technology regulation. Experience with Anthropic's models—systems used by researchers and developers to understand AI capabilities and limitations—has inadvertently exposed operational risks specific to the financial sector. These findings have triggered serious concerns about how advanced AI systems might be misused or what vulnerabilities they might introduce into financial infrastructure. The revelations prompted forceful action by the U.S. government, which this month ordered Anthropic to halt exports of its latest model iterations, citing national security concerns that extend beyond financial markets into broader economic competition and strategic technology control.
The geopolitical stakes became evident when Chinese cybersecurity firm 360 Security Technology announced it has developed a domestic alternative to the restricted models. This move reflects broader patterns in global technology development, where trade restrictions and export controls drive investment in domestic alternatives. For Malaysian policymakers and financial institutions, such developments underscore how technological sovereignty and access to cutting-edge tools can become intertwined with international relations and trade policy. Restrictions that limit access to advanced AI models in one region may force development of separate technological ecosystems elsewhere.
Amstad has been explicit about Switzerland's position: the country must retain access to the most advanced artificial intelligence models available globally if its financial sector and regulators are to remain competitive and secure. She argues convincingly that AI will prove instrumental in hardening financial systems before they are deployed to handle sensitive transactions and vulnerable customer data. Without access to state-of-the-art technology, regulators risk falling further behind both malicious actors and the financial innovation they are meant to supervise. This perspective carries implications for smaller financial centres, including those in Southeast Asia, which may find themselves caught between the desire to maintain cutting-edge defences and global restrictions on sensitive technologies.
The broader question facing financial regulators worldwide is whether traditional supervisory models can adapt quickly enough to an AI-driven world. Regulators historically have operated on longer timescales than markets, conducting thorough reviews before issuing guidance or new rules. However, the pace of technological change and cybersecurity threats now demands near-real-time supervision enabled by AI-powered monitoring and analysis. The hackathon approach signals a recognition that regulators must become more agile and collaborative, pooling expertise across borders to develop tools faster than any single agency could achieve independently.
For Malaysian regulators at Bank Negara Malaysia and the Securities Commission, the Swiss example offers both a template and a cautionary tale. The template involves convening international cooperation to share supervisory challenges and collaboratively develop technological solutions. The cautionary element reflects how geopolitical competition over AI technology can constrain access to essential tools, potentially leaving smaller economies disadvantaged if major powers restrict critical capabilities. Malaysia's position as a growing fintech hub and a jurisdiction with ambitions to strengthen digital asset supervision makes it essential that policymakers engage actively in international forums shaping AI governance in finance.
The race between regulators and cyber threats will likely intensify rather than stabilise in coming years. As artificial intelligence becomes more sophisticated and more widely accessible, the asymmetry between defensive and offensive capabilities could widen, creating new vulnerabilities faster than regulators can patch them. The proactive approach championed by Amstad and international colleagues represents a necessary shift toward prevention rather than reaction. However, success requires sustained commitment to investment in technology talent, international cooperation that transcends geopolitical tensions, and a willingness to continuously adapt supervisory frameworks as AI capabilities evolve. The stakes—financial stability, systemic resilience, and consumer protection—justify the urgency.
