Regulator watch
Autonomous agents are forcing a sharper control vocabulary.
What changed: Central-bank commentary is now explicitly discussing autonomous AI agents in trading and payments, including whether circuit breakers or kill switches are needed for market stability.
Why it matters: Large firms should expect AI governance to be judged beyond model approval. Agent authority, escalation, customer consent, liability, fraud, market integrity, and operational resilience need one control frame.
Affected functions: AI/ML, Model Risk, Technology, Cyber, Operational Resilience, Financial Crime, Markets, Payments, Legal, and Compliance.
Follow-up: Refresh the AI inventory to include agentic workflows, permission boundaries, external model and cloud dependencies, kill-switch ownership, and evidence of control operation.
Capital
AI infrastructure is now large enough to stress-test as a market exposure.
What changed: BIS-related coverage is framing the AI investment boom as a potential financial vulnerability if expectations, financing, power supply, or monetisation assumptions disappoint.
Why it matters: AI exposure can sit in public equities, private credit, infrastructure lending, supplier finance, energy assumptions, venture portfolios, and client suitability decisions.
Affected functions: Treasury, Finance, Capital Management, Credit Risk, Markets, Asset Management, Wealth, Investor Relations, and business heads.
Follow-up: Build a cross-book AI exposure map and run downside scenarios for valuation reversal, capex pullback, vendor distress, and correlated financing withdrawal.
Private markets
Crypto regulation is moving from perimeter debate to operating model.
What changed: UK crypto firms are expected to face more formal requirements around financial resilience, annual stress testing, market conduct, custody, consumer risk, and balance-sheet capital.
Why it matters: Crypto exposure is no longer only a product-approval question. It touches risk appetite, client disclosures, custody due diligence, operational resilience, financial crime, conflicts, and market-abuse surveillance.
Affected functions: Digital Assets, Payments, Financial Crime, Market Abuse, Conduct, Compliance, Treasury, Legal, Technology, and Product.
Follow-up: Prepare a crypto operating-model gap assessment covering authorisation, custody, stress testing, financial resources, market integrity, customer harm, and wind-down planning.