The Autorité des
marchés financiers has identified operational resilience and cyber risk as key
priorities in its 2026 action plan. It said financial firms must be better
prepared for rapidly evolving digital threats, particularly those linked to
artificial intelligence.
AMF Warns AI Accelerates Cyber Threats
The regulator warned
that new AI models could accelerate the discovery of system vulnerabilities and
make cyberattacks more efficient. It added that AI tools may also contribute to
the “industrialisation of malicious campaigns”. At the same time, it noted AI
can improve detection and response capabilities, but stressed that firms must
adapt their risk management frameworks accordingly.
The AMF said it will
remain active in international coordination through IOSCO, the Financial
Stability Board, the European Systemic Risk Board, and the G7 Cyber Expert
Group. It also co-chairs IOSCO’s Financial Stability Engagement Group with the
UK Financial Conduct Authority.
On supervision, the
AMF is enforcing the Digital Operational Resilience Act, in force since January
2025. The regulation sets requirements for cyber risk management, incident
reporting, resilience testing, and third-party oversight.
Firms Face Stricter AI Cyber Controls
The AMF will later
publish its own assessment focused on French supervised firms, highlighting key
lessons and areas for improvement.
In 2026, the regulator
will expand outreach and monitoring, including a webinar on 1 July and a survey
on how firms are managing AI-related cyber risks. Results are expected in the
autumn.
It will also continue
cybersecurity inspections covering data protection, incident response, and
resilience controls, with a focus on AI-driven threats.
The AMF urged senior
management to ensure cyber risks are properly identified, monitored, and
tested. It recommended alignment with ANSSI best practices, DORA requirements,
and European supervisory guidance.
Key measures include maintaining inventories
of critical systems, strengthening encryption, faster patching, regular
backups, staff training, incident testing, technical audits, crisis
simulations, and integrating AI-related scenarios into cyber risk planning.
EU Reports Rising
Cross-Border ICT Risk
Meanwhile, the
European Supervisory Authorities published their first
annual overview of major ICT-related incidents under the Digital
Operational Resilience Act. Issued by the EBA, EIOPA, and ESMA, the report
recorded 3,383 incidents, with around one third showing cross-border impact.
It said ICT risks are
increasingly “borderless and interconnected” due to shared infrastructure and
outsourcing. Cybersecurity incidents accounted for about 10% of cases. The
authorities also noted that AI-driven tools could increase future operational risk
in financial systems.
This article was written by Tareq Sikder at www.financemagnates.com.
SOURCE LINK : AMF Puts AI-Driven Cyber Risk at the Centre as Retail Financial Firms Face Rising Pressure
