The global financial industry faces an urgent technological arms race as cybersecurity threats intensify and regulators scramble to develop artificial intelligence countermeasures. Marlene Amstad, who leads the Swiss Financial Market Supervisory Authority (FINMA) and chairs an international forum dedicated to supervisory technology, has sounded an alarm about the need for rapid institutional change. Speaking to international media, she emphasised that banks and financial regulators cannot afford to move slowly when deploying new tools and systems designed to identify and neutralise digital vulnerabilities before malicious actors can exploit them.
The acceleration of hacking capabilities powered by advanced AI systems has fundamentally altered the cybersecurity landscape for the financial sector. Detection models trained to identify software weaknesses have revealed a concerning trend: cyberattacks are becoming both more frequent and more sophisticated, while simultaneously raising serious questions about national security implications. For financial institutions, this convergence of technological advancement and geopolitical concerns introduces novel operational risks that existing governance frameworks struggle to address. The traditional approach of patching vulnerabilities after discovery has become inadequate when adversaries can now identify and exploit weaknesses at machine speed.
Amstad's perspective reflects a growing consensus among regulators that passivity invites disaster. "As hackers move faster, banks must adapt by patching vulnerabilities more rapidly," she explained, capturing the essence of the challenge facing institutions globally. This statement encapsulates a fundamental realisation: the old reactive model where organisations discovered problems and then remedied them sequentially no longer provides sufficient protection. Instead, financial firms must adopt a proactive, continuous-improvement approach where AI systems work alongside human specialists to anticipate threats and strengthen defences before deployment to live environments.
To advance this agenda internationally, FINMA has been instrumental in establishing a dedicated forum within the International Organization of Securities Commissions, which sets standards for market regulation across jurisdictions. This collaborative structure encompasses supervisory authorities representing approximately 95 percent of global financial markets, giving the initiative considerable scope and influence. The forum's creation acknowledges that cybersecurity threats transcend national borders and that regulatory responses must likewise be internationally coordinated to be effective. Such cooperation allows smaller and less-resourced regulators in developing economies to benefit from technological innovations pioneered by larger financial centres.
The practical work of developing these AI-powered tools took concrete form during a recent hackathon that brought together approximately 100 policy specialists and technology experts. These professionals collaborated to design and test new supervisory instruments, with particular emphasis on strengthening oversight of cryptocurrency markets—an area where regulatory infrastructure remains relatively immature compared to traditional finance. The hackathon model itself represents an innovative approach to regulatory development, borrowing from Silicon Valley methodology to create rapid prototyping environments where ideas can be tested and refined under intensive collaborative conditions.
One particularly forward-thinking proposal emerging from these discussions involves embedding protective mechanisms directly into the architecture of digital asset systems themselves. Rather than relying solely on external monitoring and compliance checks, regulators are exploring whether safeguards can be woven into the foundational code and governance structures of blockchain and cryptocurrency platforms. This approach would distribute responsibility for compliance throughout the system rather than concentrating it entirely on external oversight, potentially creating more resilient and self-regulating financial infrastructure.
The regulatory focus on AI tools has intensified following recent real-world experience with large language models. Amstad specifically referenced Anthropic's models as illustrative examples, noting that testing and deployment of such systems has exposed significant operational vulnerabilities that institutions had not previously recognised. These discoveries have prompted serious reassessment of how financial organisations integrate AI into their operations, particularly regarding safety mechanisms and accountability structures. When an AI system makes a consequential decision affecting customer funds or market stability, questions of liability and transparency become paramount.
Geopolitical dimensions have further complicated the regulatory response. The United States government recently ordered Anthropic to cease exporting its most advanced AI models, citing national security grounds—a decision that reflects American concerns about technological capabilities falling into potentially hostile hands. Simultaneously, China has moved to develop domestic alternatives, with cybersecurity firm 360 Security Technology announcing it has created a local equivalent to serve market demands. This fragmentation into competing technological ecosystems threatens the international coordination that financial regulators hope to achieve.
For Switzerland and other financial centres keen to maintain competitiveness, Amstad has articulated a clear position: maintaining access to the most sophisticated AI models available globally is essential. She contends that regulators and banks cannot adequately strengthen their defensive posture if they operate with outdated or inferior technology. This argument reflects a broader tension in current geopolitical economy, where technological leadership increasingly determines economic and financial influence. Switzerland's historical reliance on regulatory expertise and financial sophistication could be undermined if the country lacks access to cutting-edge tools used by competitors.
The stakes for Southeast Asian regulators and financial institutions are considerable. The region's rapidly expanding digital financial sector—encompassing fintech platforms, cryptocurrency exchanges, and increasingly sophisticated banking operations—faces similar cyber threats with arguably fewer established defensive capabilities than larger markets. Malaysian regulators, alongside counterparts in Singapore, Thailand, and Indonesia, will need to assess how these international developments affect their own supervisory strategies. Participation in or alignment with FINMA's international forum could provide valuable pathways to adopting proven AI-driven compliance tools.
Moreover, the emphasis on embedding safeguards into system architecture rather than relying purely on external oversight carries particular implications for the region's developing fintech ecosystem. Early adoption of security-by-design principles could give Southeast Asian platforms competitive advantages while simultaneously protecting consumers and maintaining financial stability. Rather than retrofitting security measures into existing systems—a costly and often ineffective approach—new platforms could incorporate protective mechanisms from inception.
The fundamental dynamic driving these regulatory initiatives reflects a sobering recognition: artificial intelligence has become simultaneously an essential tool for financial supervision and a profound source of risk. Regulators cannot ignore the technology without ceding ground to bad actors who will deploy it without hesitation. Conversely, poorly managed AI implementation in financial institutions can create new vulnerabilities that are difficult to detect and potentially catastrophic in their consequences. The regulatory response being assembled through international cooperation represents an attempt to navigate this paradox—embracing technological innovation while building in sufficient safeguards to protect financial stability and national security interests.
