The Bank of England is considering whether existing rules can cover the use of agent AI in financial areas, including payments, trading, cybersecurity and operations.
Lt. Gov. Sarah Breeden said the existing regulatory framework is not designed for AI agents that can act without direct human direction. Speaking at the European Central Bank Forum on Central Banks in Portugal, he said it was not practical to rely on human oversight of every action taken by these systems.
Breeden said the current framework is not built to account for autonomous agents in payment, trading and operational functions.
Agentic AI enters financial workflows
Agent AI refers to systems that can make decisions and perform tasks independently. In the financial industry, such systems are already used in areas such as product recommendations, operational workflows, and transaction-related tasks.
Agent systems differ from traditional automated trading tools because they can pursue goals and make decisions without much direct human supervision. Breeden said these systems could work similarly if they were trained on similar data or designed with similar goals.
Breeden said recent advances in AI models for identifying cyber vulnerabilities demonstrate a shift in capabilities. She said agent AI systems can chain together a series of actions at scale and quickly.
A 2026 Cambridge Center for Alternative Finance report found that 81% of financial services companies surveyed have implemented AI at some level. We also found that 52% of industry respondents are already actively implementing agent AI.
Most current usage is still focused on internal functions such as process automation, data visualization, software engineering, and knowledge management, according to the report. Breeden said trading usage remains largely focused on low-risk operational tasks.
Bank of England warns of cyber resilience risks
Mr Breeden explained that cyber resilience is one of the Bank of England’s most proximal financial stability concerns related to agentic AI. He said the technology was a “step change” in cyber capabilities and supervisors needed to look at risks across the financial system, not just individual companies.
He said security teams can use AI tools to strengthen their cyber defenses. He added that the immediate risk is that if the same tools are used by bad actors, the potential for attacks that undermine financial stability increases.
Breeden also pointed out that open source models may only be four to eight months behind state-of-the-art closed models. He said that despite restrictions on the launch of some advanced models, there was limited reassurance for authorities.
The IMF also warns that cyber risks from AI should be treated as a financial stability issue. If multiple institutions are affected at once, the attack could quickly escalate and spread across sectors that share digital infrastructure, causing broader disruption, it said.
Breeden said authorities need to place more emphasis on simultaneous disruptions across multiple companies and stress test the potential impact before such an event occurs. He said recovery plans may need to consider large-scale disruptions, not just isolated outages.
The Bank of England is considering tightening recovery requirements for core systems. One option is to allow one bank to take over the basic functions of another bank in the event of an outage or failure.
Other options include arrangements that allow critical services to continue if a company’s core systems are compromised. Breeden also raised the question of whether major companies should have separate failover systems or the ability to quickly rebuild compromised core systems.
Financial advisor and International Monetary Fund Capital Markets Director Tobias Adrian also said AI poses serious risks to cyber resilience, according to the central bank. The IMF has separately warned that shared software, cloud services, payment networks, and data networks can disrupt each other if widely used systems are targeted.
Regulators consider market protection measures
Breeden said regulators are also looking at guardrails, circuit breakers and kill switches. These tools are designed to limit or stop trading across markets if a flawed AI model contributes to a severe disruption.
Breeden said when autonomous systems react in similar ways to the same market signals, it can amplify volatility, especially if their objectives diverge from their original purpose or public policy goals.
The Bank of England has previously said existing rules are sufficient to manage AI-related risks. Mr. Breeden said recent developments have exposed gaps in the current framework.
Global regulators consider AI safety measures
The Financial Stability Board said in early June that AI agents pose a clear challenge to human oversight and called for stronger safeguards.
The FSB’s June consultation set out 12 sound practices for the responsible adoption of AI by financial institutions. This practice covers organization-wide governance, AI risk management across development and deployment, and AI-related cyber, ICT, and third-party risks.
The FSB said the practice was not intended to create binding international standards. He also said that when using AI, companies need to define clear roles and responsibilities, especially when the technology is used in critical or critical functions.
Mr Breeden said the Bank of England was focused on ensuring the resilience of financial institutions as autonomous systems were used in more areas. This review covers company-level controls and market-wide safety measures.
SEE ALSO: HSBC expands AI banking partnership with Google Cloud
Want to learn more about AI and big data from industry leaders? Check out the AI & Big Data Expos in Amsterdam, California, and London. This comprehensive event is part of TechEx and co-located with other major technology events. Click here for more information.
AI News is brought to you by TechForge Media. Learn about other upcoming enterprise technology events and webinars.

