
The financial world is buzzing with a new challenge: how to regulate agentic Artificial Intelligence. The Bank of England (BoE) is spearheading a critical review, assessing whether our existing financial rules can truly cover the rapid adoption of these autonomous systems across payments, trading, cybersecurity, and operations.
Deputy Governor Sarah Breeden recently underscored the urgency of this task at the European Central Bank Forum. She highlighted that current regulatory frameworks were simply not designed for AI agents that can act without direct human instruction. Relying on constant human oversight for every action by these advanced systems is proving to be increasingly impractical.
The Rise of Autonomous AI in Finance
What exactly is “agentic AI”? These are sophisticated systems capable of making decisions and carrying out complex tasks with a significant degree of independence. Unlike traditional automated trading tools, agentic systems can pursue objectives and make strategic decisions with far less direct human supervision, marking a significant leap in AI capability.
The financial sector is already embracing this technology. A 2026 report from the Cambridge Centre for Alternative Finance revealed that an impressive 81% of surveyed financial services firms are adopting AI at some level. Even more strikingly, 52% of industry respondents are already actively deploying agentic AI within their operations.
For now, most of this adoption is focused on internal functions, enhancing process automation, data visualisation, software engineering, and knowledge management. Breeden noted that in trading, agentic AI use is primarily concentrated in lower-risk operational tasks. However, the potential for expansion into more critical areas is clear, requiring a proactive regulatory approach.
Navigating the Cybersecurity Frontier
Cyber resilience stands as one of the Bank of England’s most pressing financial stability concerns regarding agentic AI. Breeden emphasized that this technology has ushered in a “step change” in cyber capabilities, both for defense and offense. Supervisors must therefore assess risks across the entire financial system, not just at individual firms.
While AI tools can significantly strengthen cyber defenses when wielded by security teams, the immediate danger lies in their potential misuse. If malicious actors harness these same powerful tools, they could escalate attacks that severely harm financial stability. The International Monetary Fund (IMF) has echoed this warning, urging that AI-enabled cyber risk be treated as a systemic financial stability issue.
The IMF highlighted how AI-powered attacks can scale quickly and spread across sectors that share digital infrastructure. This poses a significant threat, as simultaneous disruption across multiple institutions could create widespread instability. Breeden also pointed out that open-source AI models are catching up to the most advanced closed models in just four to eight months, offering authorities only limited comfort despite restrictions on some releases.
Rethinking Regulation and Resilience for an AI Future
To mitigate these emerging risks, the Bank of England is actively exploring stronger recovery requirements for core systems. One innovative option under consideration is allowing one bank to temporarily take over another bank’s basic functions during an outage or failure. Other proposals include arrangements to ensure critical services continue even if a firm’s core systems are compromised.
Regulators are also examining the implementation of “guardrails,” “circuit breakers,” and “kill switches.” These crucial tools would be designed to limit or halt trading across markets should faulty AI models contribute to severe disruption. Such measures aim to prevent autonomous systems from amplifying volatility, especially if their objectives diverge from their original purpose or public policy goals.
The Financial Stability Board (FSB) recently reinforced these concerns, stating in June that AI agents pose a distinct challenge for human oversight and necessitate stronger safeguards. Their consultation outlined 12 proposed sound practices for responsible AI adoption by financial institutions, covering critical areas like:
- Organization-wide governance frameworks
- Robust AI risk management across development and deployment
- Comprehensive AI-related cyber, ICT, and third-party risk management
These practices, while not binding international standards, strongly advocate for defining clear roles and responsibilities when using AI, particularly in critical financial functions. The Bank of England’s core focus remains on ensuring that financial firms maintain their resilience as autonomous systems become increasingly integrated into every facet of finance, with an eye on both firm-level controls and market-wide safeguards.
Source: AI News