Regulators adopt AI tools to counter cyber risks in finance

The financial services industry faces an urgent paradox: the very technology threatening to destabilize banking systems may be its best defence against an escalating wave of sophisticated cyberattacks. Marlene Amstad, head of Switzerland's FINMA regulator and chair of an influential international supervisory technology forum, has warned that financial institutions worldwide must accelerate their adoption of advanced artificial intelligence tools to identify and neutralize system vulnerabilities before malicious actors can exploit them. Speaking following a newly launched hackathon convening policy experts and technology specialists from major markets, Amstad underscored that the window for action is narrowing as cybercriminals leverage machine learning to execute attacks at unprecedented speed and complexity.

The challenge facing regulators across Southeast Asia and beyond extends far beyond traditional cybersecurity concerns. Recent deployments of AI vulnerability-detection models have exposed a troubling reality: financial networks harbour far more structural weaknesses than previously understood, creating openings for both criminal hacking operations and state-sponsored cyber intrusions targeting critical infrastructure. The stakes are particularly acute for developing economies dependent on cross-border financial flows, where a single breach could cascade across regional payment systems and destabilize multiple countries' economies simultaneously. Intelligence agencies and national security officials have begun flagging the dual-use dilemma inherent in advanced AI systems, which can simultaneously strengthen defences and provide attackers with sophisticated new weapons.

The international response is taking shape through institutional mechanisms that reflect the globalized nature of modern finance. FINMA spearheaded the creation of a specialized forum within the International Organization of Securities Commissions, a standard-setting body whose member regulators collectively oversee approximately 95 percent of worldwide capital markets. This collaborative platform aims to dramatically expand the pace and scale at which financial watchdogs can implement machine learning tools for monitoring everything from anomalous trading patterns to systemic risk accumulation. By pooling technical expertise and resources across borders, regulators hope to compress what might otherwise take years of independent development into months of coordinated innovation.

The inaugural hackathon held in late June brought together roughly 100 specialists spanning policy, compliance, and software engineering disciplines. These participants worked toward a singular objective: designing practical AI applications specifically calibrated for supervising cryptocurrency and digital asset markets, sectors that have historically operated with minimal regulatory oversight and maximum technological dynamism. The exercise revealed both the potential and the complications involved in translating cutting-edge machine learning into operational tools that regulators can actually deploy within their existing governance frameworks. Digital asset markets, with their 24/7 trading cycles and algorithmic complexity, represent something of a testing ground for the broader deployment of AI-assisted supervision across all financial sectors.

Amstad has suggested that regulators are exploring an innovative approach that transcends conventional after-the-fact enforcement. Rather than waiting to detect violations or vulnerabilities after they materialize, supervisory authorities are investigating whether safeguards can be directly embedded into the underlying architecture of blockchain systems and digital platforms themselves. This architectural approach would shift the responsibility for security from periodic audits and emergency patches to fundamental protocol design, potentially preventing vulnerabilities from ever surfacing in operational environments. For regional economies where fintech innovation is accelerating rapidly, this proactive model could significantly reduce the regulatory burden while simultaneously strengthening systemic resilience.

The geopolitical dimension adds another layer of complexity to these regulatory calculations. The United States government recently imposed export restrictions on advanced AI models developed by Anthropic, citing national security considerations and concerns that foreign actors could weaponize sophisticated language models for espionage, market manipulation, or cyber warfare. Meanwhile, China's 360 Security Technology firm has announced the development of domestically produced AI alternatives with comparable capabilities, triggering a potential bifurcation of global AI markets along geopolitical lines. Switzerland's position as a financial centre with close ties to both Western democracies and Asian markets creates acute pressure for the country to maintain technological sovereignty and negotiate continued access to the most powerful AI systems.

Amstad articulated Switzerland's strategic imperative with considerable clarity: the country must retain access to the most advanced artificial intelligence models available globally, arguing that doing so is essential to fortifying financial defences before vulnerabilities can proliferate into systemic threats. This position reflects a broader recognition among financial policymakers that AI capability gaps between regulators and the institutions they supervise create dangerous asymmetries in information and threat detection capacity. When banks and fintech companies possess AI tools substantially more sophisticated than those available to supervisory authorities, the regulatory relationship inverts into a potentially destabilizing dynamic where enforcement becomes reactive and incomplete.

The implications for Southeast Asian regulatory bodies are substantial. Most regional financial authorities lack the technical capacity and capital resources to independently develop world-class AI systems for market supervision. Rather than attempting to build such capabilities in isolation, regulatory agencies across ASEAN could leverage the international frameworks being established by FINMA and the International Organization of Securities Commissions to gain access to shared tools and methodologies. This collaborative approach would allow smaller economies to punch above their weight technologically while simultaneously raising supervisory standards across the region in a coordinated manner. The hackathon model itself represents a scalable blueprint that regional authorities could adapt for their own contexts and priorities.

Operational risks introduced by artificial intelligence systems themselves present a distinctly modern supervisory challenge that traditional regulatory frameworks were never designed to address. When financial institutions deploy machine learning models for critical functions—from credit decisions to fraud detection—they introduce new categories of failure mode that don't fit neatly into legacy risk management architectures. Models trained on historical data may exhibit unexpected behaviour in novel market conditions, or they may perpetuate and amplify biases embedded in their training datasets. Recent experiences with systems like Anthropic's Mythos have highlighted these vulnerabilities, revealing that even sophisticated AI models can harbour significant safety and accountability gaps that become apparent only during real-world deployment.

The fundamental strategic insight animating these regulatory initiatives is that technology cannot be wished away or prohibited outright; it can only be navigated skillfully or mismanaged catastrophically. Rather than attempting to constrain AI development through restrictive rules that quickly become obsolete, regulatory authorities are positioning artificial intelligence as a tool for resilience and early warning. By embedding AI into supervisory processes, financial watchdogs gain the capacity to monitor increasingly complex systems at speeds and scales that human analysts cannot match. This technological arms race in supervision will likely shape the character of financial regulation throughout the coming decade, determining whether regulatory institutions can maintain meaningful oversight of markets increasingly mediated by machine learning algorithms.

For Malaysia and other Southeast Asian financial hubs, the unfolding international cooperation on AI-powered supervision represents both opportunity and imperative. Participation in these collaborative frameworks offers pathways to upgraded supervisory capacity without requiring massive independent investment in artificial intelligence research and development. Simultaneously, remaining outside such collaborative structures risks creating regulatory blind spots precisely when financial systems are becoming more technologically complex and internationally interconnected. The institutions and methodologies being developed in Zurich and disseminated through international bodies will define the regulatory baseline for emerging markets attempting to attract sophisticated financial business while maintaining systemic stability and investor protection.

Related Stories

BREAKING: Johor Assemblyman Quits UMNO, Drops Bombshell — Claims Royal Palace Ordered State Election

Di Sebalik Senarai: Bagaimana PH Memilih Calon PRN Johor Ke-16 Yang Akan Diumumkan Malam Ini

Pulse on Johor: Anwar and PH Mark PRN Ke-16 Beginning at Bukit Gambir