The financial services industry faces an urgent imperative to harness artificial intelligence as a defensive tool against mounting cybersecurity threats, according to senior Swiss regulators grappling with the paradox that the same technology enabling attackers is essential to protecting vulnerable systems. Marlene Amstad, president of Switzerland's financial market regulator FINMA, underscored the mounting pressure on banks and supervisory authorities to move decisively in adopting advanced technological solutions, warning that complacency invites catastrophic breaches as hackers continually refine their methods and accelerate their operations.
The acceleration of cyber threats has prompted a fundamental shift in how financial authorities worldwide approach their supervisory responsibilities. Rather than relying solely on traditional regulatory frameworks, watchdogs now recognise that deploying sophisticated AI capabilities represents an essential counterbalance to the sophistication of modern attacks. This shift reflects broader recognition across the financial sector that vulnerability detection systems powered by machine learning can identify system weaknesses faster than conventional security audits, allowing institutions to patch gaps before criminals exploit them. For Malaysian financial institutions increasingly integrated into global markets, this represents a critical strategic consideration, as cyber threats originating from international networks can directly compromise local banking infrastructure and customer assets.
Amstad chairs an influential international forum on supervisory technology operating within the International Organization of Securities Commissions, a body that establishes regulatory standards affecting markets responsible for approximately 95 percent of global financial transactions. This positioning places Switzerland at the centre of global efforts to standardise how regulatory authorities deploy protective technologies. The forum's mandate extends beyond isolated national responses, instead promoting coordinated adoption of AI-driven supervisory tools that can operate across jurisdictional boundaries. For regional regulators like Malaysia's central bank and the Securities Commission, participation in such frameworks ensures access to cutting-edge methodologies and shared intelligence about emerging threats.
The practical dimensions of this technological shift became evident during a recent hackathon convening approximately one hundred policy specialists and technology experts who collaborated to develop surveillance and compliance tools specifically tailored to cryptocurrency markets. These initiatives address a critical gap in current regulatory capabilities, as digital asset trading platforms operate across borders with limited traditional oversight mechanisms. The development of purpose-built AI tools for crypto supervision signals recognition that generic financial monitoring systems prove inadequate for emerging asset classes where transaction volumes and velocity far exceed traditional banking operations. Given the rapid growth of cryptocurrency adoption across Southeast Asia, including increasing institutional participation in Malaysia, such supervisory innovations carry direct implications for regional financial stability.
Beyond detection and response systems, regulators are exploring more fundamental architectural approaches to risk management. FINMA officials have indicated that supervisory authorities should consider embedding protective safeguards directly into the underlying protocols and code of digital asset systems themselves, rather than relying exclusively on post-hoc detection and enforcement mechanisms. This preventive engineering approach represents a conceptual evolution in how financial regulation functions, shifting from reactive monitoring toward proactive design of systems with built-in compliance features. Such an approach could substantially reduce the operational burden on smaller financial institutions and supervisors with limited technological resources, a consideration highly relevant to developing economies across Southeast Asia.
The emergence of AI-related operational risks within financial institutions has prompted urgent assessment of these systems' safety and accountability characteristics. Experiences with advanced language models including Anthropic's Mythos have revealed unexpected vulnerabilities and failure modes that create new categories of institutional risk. These range from the potential for manipulated outputs that could mislead trading decisions to security vulnerabilities within the AI systems themselves that could serve as attack vectors for malicious actors. Financial institutions deploying such technologies without adequate understanding of their limitations and failure modes expose themselves to substantial reputational and operational risks, underscoring the necessity for supervisory frameworks capable of assessing AI system safety before deployment in critical financial functions.
Geopolitical considerations increasingly intersect with financial cybersecurity strategies, as demonstrated by recent United States government actions ordering Anthropic to suspend exports of advanced AI models citing national security concerns. This decision underscores how frontier AI technologies have become embedded in great power competition, with nations viewing control over cutting-edge capabilities as strategically essential. Simultaneously, competing jurisdictions including China are accelerating development of indigenous AI capabilities, with domestic cybersecurity firms announcing locally-developed alternatives to restricted foreign models. For smaller nations and regional financial centres, this fragmentation of AI technology access creates complex strategic challenges, potentially limiting their capacity to adopt the most advanced supervisory tools available globally.
Amstad has publicly advocated for Switzerland maintaining unrestricted access to the world's most advanced AI models, framing such access as essential to enabling European financial regulators to develop equivalent protective capabilities. This position reflects concern that geopolitical restrictions on AI technology could create regulatory disadvantages for European institutions relative to global competitors operating from less-restricted jurisdictions. The underlying argument extends to all smaller financial centres: inability to access cutting-edge AI tools constrains regulatory effectiveness and potentially undermines financial stability. For Malaysia and other Southeast Asian nations, this dynamic raises important questions about technology sovereignty versus integration into global financial systems, and whether regional cooperation on AI development might offer pathways to technological capability building.
The deployment of AI for vulnerability detection and system hardening before financial technology infrastructure enters production represents a transformative approach to risk management that Amstad emphasises as instrumental to protecting interconnected global financial systems. Rather than treating AI purely as a regulatory surveillance tool, this framework positions artificial intelligence as an essential component of financial engineering, embedded throughout the design and deployment phases. This preventive orientation potentially offers substantial efficiency gains and cost savings relative to traditional security audit processes, while simultaneously enhancing protective effectiveness. Regional financial authorities considering technology adoption decisions should evaluate how such AI-centred design methodologies might be adapted to their institutional contexts and regulatory frameworks.
The coordination efforts underway through international supervisory forums suggest that financial regulation is entering a new technological era characterised by rapid innovation cycles and continuous adaptation. Supervisory authorities worldwide, including those in Malaysia and across Southeast Asia, must now simultaneously develop technical expertise in AI systems while maintaining traditional regulatory vigilance regarding financial stability and investor protection. This dual capability represents a significant institutional challenge for regulators already stretched across expanding mandates. International cooperation mechanisms and technology-sharing arrangements within regional bodies could help distribute this burden, enabling smaller jurisdictions to benefit from innovations developed by larger financial centres with greater resources.
