The Bank of England is reviewing whether existing rules can cover the use of agentic AI in finance, including payments, trading, cybersecurity, and operations.
Deputy Governor Sarah Breeden said existing regulatory frameworks were not designed for AI agents that can act without direct human instruction. Speaking at the European Central Bank Forum on central banking in Portugal, she said relying on human oversight for every action by these systems is unlikely to be practical.
Breeden said current frameworks were not built to contemplate autonomous agents in payments, trading, and operational functions.
Agentic AI enters financial workflows
Agentic AI refers to systems that can make decisions and carry out tasks independently. In finance, such systems are already being used in areas such as product recommendations, operational workflows, and trading-related tasks.
Agentic systems differ from traditional automated trading tools because they can pursue objectives and make decisions with less direct human supervision. Breeden said these systems could act in similar ways if they are trained on similar data or designed around similar goals.
Breeden said recent advances in AI models for identifying cyber vulnerabilities show a change in capability. She said agentic AI systems can chain together sequences of actions at scale and speed.
A 2026 Cambridge Centre for Alternative Finance report found that 81% of surveyed financial services firms are adopting AI at some level. It also found that 52% of industry respondents are already actively adopting agentic AI.
The report said most current use remains focused on internal functions, including process automation, data visualisation, software engineering, and knowledge management. Breeden said use in trading is still mostly concentrated in lower-risk operational tasks.
BoE flags cyber resilience risks
Breeden described cyber resilience as one of the Bank of England’s closest financial stability concerns around agentic AI. She said the technology has undergone a “step change” in cyber capability and that supervisors need to look at risks across the financial system rather than only at individual firms.
She said AI tools can strengthen cyber defences when used by security teams. The immediate risk, she added, is that the same tools could increase the chance of attacks that harm financial stability if used by malicious actors.
Breeden also noted that open-source models may trail the most advanced closed models by only four to eight months. She said this gives authorities only limited comfort, despite restrictions on the release of some advanced models.
The IMF has also warned that AI-enabled cyber risk should be treated as a financial stability issue. It said attacks can scale quickly, spread across sectors that share digital infrastructure, and create wider disruption if several institutions are affected at once.
Breeden said authorities should place greater weight on simultaneous disruption across several firms and stress-test the likely impact before such events occur. She said recovery planning may also need to account for mass disruption, rather than only isolated outages.
The Bank of England is considering stronger recovery requirements for core systems. One option is to allow one bank to take over another bank’s basic functions during an outage or failure.
Other options include arrangements that allow critical services to continue if a firm’s core systems are compromised. Breeden also raised the question of whether key firms should have separate failover systems or the ability to rebuild compromised core systems quickly.
Tobias Adrian, financial counsellor and director of the International Monetary Fund’s capital markets department, also said AI poses serious risks to cyber resilience, according to Central Banking. The IMF has separately warned that shared software, cloud services, payment networks, and data networks can create correlated failures if widely used systems are targeted.
Regulators consider market safeguards
Breeden said regulators are also looking at guardrails, circuit breakers, and kill switches. These tools would be designed to limit or stop trading across markets if faulty AI models contribute to severe disruption.
Breeden said autonomous systems could amplify volatility if they respond in similar ways to the same market signals, especially if their objectives drift from their original purpose or from public policy goals.
The Bank of England has previously said existing rules were sufficient to manage AI-related risks. Breeden said recent developments have exposed gaps in current frameworks.
Global regulators review AI safeguards
The Financial Stability Board said earlier in June that AI agents pose a distinct challenge for human oversight and called for stronger safeguards.
The FSB’s June consultation set out 12 proposed sound practices for responsible AI adoption by financial institutions. The practices cover organisation-wide governance, AI risk management across development and deployment, and AI-related cyber, ICT, and third-party risks.
The FSB said the practices are not intended to create a binding international standard. It also said firms should define clear roles and responsibilities when using AI, especially when the technology is used in critical or material functions.
Breeden said the Bank of England’s focus is on ensuring that financial firms remain resilient as autonomous systems are used in more areas. The review covers firm-level controls and market-wide safeguards.
See also: HSBC expands AI banking partnership with Google Cloud
Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events, click here for more information.
AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here.
The post Bank of England reviews AI rules for agentic AI in finance appeared first on AI News.