Economic news

ECB Tells Banks to Bolster AI Cyber Defences

  • ECB gives banks four months to draft plans
  • BoE says it won't issue 'edicts'
  • Fed defends lighter-touch regulation

FRANKFURT, July 7 (Reuters) - The European Central Bank on Tuesday gave euro zone banks four months to draw ​up plans to counter AI-enabled cyber threats, taking a more prescriptive approach than other major central banks ‌to risks posed by advanced AI models.

The U.S. Federal Reserves and Bank of England struck softer tones in separate comments on Tuesday as central banks look to tackle risks posed by Anthropic's Mythos and the latest generation of large-language models.

The cyber capabilities of some of these systems are considered so powerful that ​access has been restricted, with euro zone banks currently excluded from Mythos.

"These developments have potentially profound implications for the confidentiality, integrity ​and resilience of banks’ information and communication technology (ICT) systems," the ECB's chief supervisor Claudia Buch said ⁠in a letter to bank chief executives.

She told banks to prioritise protecting internet-facing systems and other exposed technology assets, including third-party software ​and open-source components, while speeding up vulnerability fixes and strengthening monitoring.

The euro zone's top banking supervisor also urged lenders to modernise ageing ​technology, improve cyber hygiene and strengthen crisis-management, recovery and information-sharing arrangements.

Banks have until October 31 to submit their plans. To free up resources, the ECB has postponed a separate IT survey and may adjust inspections and other supervisory work.

The ECB, which met banks in the spring to hear their views, ​will then share its findings to help identify challenges and areas for improvement.

BOE NOT ISSUING 'EDICTS', FED FAVOURS LIGHTER TOUCH

Speaking in London later ​on Tuesday, Bank of England Governor Andrew Bailey said the ECB's warning was "sensible" but that the BoE would take a less prescriptive approach.

"It's not ‌about issuing ⁠edicts," he told reporters, presenting the BoE's half-yearly Financial Stability Report. "It's about getting in a room and saying ... how are we going to share our understandings of the vulnerabilities that we find in this system?"

The BoE has long given firm advice to British banks to bolster their cyber defences but has not gone as far as to set public deadlines.

In a separate speech, Federal Reserve ​vice chair for supervision Michelle Bowman ​stressed responsible AI adoption, proportionality ⁠and "a lighter supervisory and regulatory touch" for lower-risk uses.

Like her European colleagues, she emphasised governance, controls and risk management, but focused on enabling innovation rather than responding to systemic cyber threats.

EU WATCHDOG ​WARNS OF DISRUPTIONS

In a warning published alongside the ECB's letter, the European Systemic Risk Board said ​large-scale cyber disruptions ⁠could erode trust in financial institutions and even trigger runs on companies or countries perceived as less secure.

"The ESRB considers these developments to be a source of systemic risks to the financial system," said the ESRB, a European Union body that issues recommendations to other authorities.

To ⁠illustrate the ​risks, the ESRB outlined scenarios ranging from a gradual loss of confidence in ​smaller banks to state-backed espionage and coordinated attacks on payments, clearing and settlement systems, potentially amplified by misinformation campaigns.

It said incidents could spread quickly through common technology ​providers and shared software used across the financial sector.

Additional reporting by Phoebe Seers and David Milliken in London. Editing by Mark Potter

Source: Reuters


To leave a comment you must or Join us


More news


Back to economic news list

By visiting our website and services, you agree to the conditions of use of cookies. Learn more
I agree