The financial services industry faces an intensifying technological arms race. As artificial intelligence systems become more sophisticated, both cybercriminals and state actors are leveraging these tools to identify and exploit weaknesses in banking infrastructure at unprecedented speed. In response, regulators and financial institutions are scrambling to adopt their own AI-powered defences, recognizing that traditional security measures can no longer keep pace with the accelerating threat landscape.

Marlene Amstad, president of Switzerland's Financial Market Supervisory Authority (FINMA), has emerged as a vocal advocate for rapid regulatory adoption of advanced AI capabilities. Speaking recently in Zurich, Amstad emphasized that financial institutions and supervisory bodies cannot afford to lag behind the threat curve. The core challenge is straightforward but urgent: as malicious actors harness artificial intelligence to identify software vulnerabilities with machine-like efficiency, banks and regulators must compress their response cycles from months to days or even hours. This fundamental mismatch between attack velocity and defensive capacity represents perhaps the most pressing operational risk facing the global financial system today.

The stakes extend well beyond individual institutions. FINMA has taken a leadership role in establishing a dedicated forum within the International Organization of Securities Commissions (IOSCO), the international standard-setting body that oversees regulatory frameworks across markets representing approximately 95 percent of global financial assets. This forum specifically focuses on supervisory technology adoption, creating a coordinated mechanism for regulators to share tools, methodologies, and lessons learned. The initiative reflects growing recognition that cybersecurity in finance is no longer a purely national concern but rather a systemic vulnerability that demands international cooperation and harmonized approaches.

The practical dimensions of this regulatory mobilization became visible recently when approximately 100 policy specialists and technology experts gathered for a hackathon designed to develop new supervisory tools. Rather than working in isolation, regulators actively collaborated to build technologies addressing a particularly critical gap: cryptocurrency market supervision. Digital asset markets have attracted intense regulatory scrutiny following a series of high-profile collapses and fraud cases, yet supervisory capacity has struggled to keep pace with innovation and trading volumes. By bringing together international expertise in a concentrated format, regulators aimed to accelerate the development of AI-powered monitoring systems that can detect suspicious patterns, market manipulation, and operational failures across dispersed crypto trading platforms.

Amstad revealed that regulators are exploring particularly innovative approaches to embedding security directly into the architecture of digital asset systems themselves. Rather than monitoring transactions after they occur, this forward-looking strategy would integrate safeguards at the protocol level, making certain categories of fraud or manipulation technically impossible rather than merely detectable. Such an approach represents a fundamental shift from reactive supervision to proactive system design, though it requires deep technical collaboration between regulators, developers, and financial institutions—entities that traditionally operate at arm's length from one another.

The urgency intensifies when considering documented operational risks emerging from current AI systems. Researchers working with advanced AI models have uncovered vulnerabilities that raise both cybersecurity and accountability concerns for financial institutions. These discoveries have prompted heightened scrutiny from government authorities. Most notably, the U.S. government recently moved to restrict exports of certain cutting-edge AI models, citing national security implications. This geopolitical dimension adds complexity to the regulatory calculus: financial institutions and watchdogs in many countries now face pressure to adopt sophisticated AI tools, yet access to the most advanced capabilities is becoming fragmented along geopolitical lines.

Swiss policymakers view this fragmentation with particular concern. Amstad has stated explicitly that Switzerland must retain access to the most advanced AI models to ensure its financial sector remains competitive and its regulators can maintain supervisory effectiveness. This position reflects a broader anxiety across non-superpowers: the emerging bifurcation of AI technology development along U.S.-China lines threatens to limit options for countries seeking to harness these capabilities for legitimate regulatory purposes. Switzerland's long-standing position as a global financial centre depends partly on maintaining sophisticated regulatory infrastructure; losing access to cutting-edge AI tools could undermine this competitive advantage.

Meanwhile, geopolitical competition is reshaping the AI landscape in ways with direct implications for financial regulation. Chinese cybersecurity firm 360 Security Technology recently announced the development of domestic alternatives to advanced AI models, a move reflecting broader Chinese technological sovereignty initiatives. These parallel development tracks create both opportunities and risks: while alternative sources for AI capabilities reduce dependency on any single provider, they also fragment the global technology ecosystem, potentially creating compatibility challenges and reducing the efficiency of international regulatory cooperation.

Amstad's perspective on AI deployment reveals important nuance about regulatory thinking. Rather than viewing AI solely as a threat to be contained, she emphasizes its instrumental role in strengthening financial systems before technologies are widely deployed. This forward-looking stance suggests that artificial intelligence, properly governed and deployed, can actually reduce systemic risk by enabling regulators to identify vulnerabilities during development phases rather than discovering them through costly failures. The implication is that restricting AI adoption by regulators, paradoxically, may increase overall system fragility by preventing early detection of flaws.

For financial institutions and regulators across Southeast Asia and beyond, these developments carry immediate implications. International coordination on supervisory technology means that local regulators face pressure to adopt compatible systems and approaches. Additionally, the geopolitical dimension of AI access raises questions about the technology sources available to regional authorities. Smaller countries with limited in-house technical capacity may find themselves dependent on either advanced AI services from major powers or domestic alternatives of uncertain quality. This creates a multilayered challenge: adopting new tools quickly enough to address cyber threats, maintaining sufficient technical independence to avoid excessive dependence on foreign powers, and ensuring that regulatory systems remain interoperable with global financial infrastructure.