The chief of Europe’s securities regulator said the risks from and potential speed of cyberattacks are growing, joining a chorus of warnings from financial supervisors on the threats posed by artificial intelligence models that are evolving quickly.
Geopolitical tensions have increased cybersecurity risks and the regulator has been contacting financial entities it supervises to assess their cybersecurity defenses in light of recent developments in AI, Verena Ross, chair of the European Securities and Markets Authority, said in an interview in Paris.
“We are closely watching how bringing AI models into this could increase the potential speed with which such attacks could happen,” she said, declining to comment on individual providers.
The financial sector has been rattled this month by reports that a new AI model, Mythos, made by U.S. AI company Anthropic, can find and exploit previously undiscovered cybersecurity vulnerabilities in IT systems. Regulators too are grappling with the challenges of keeping pace with the changes, according to Ross.
“We collectively between the national and the EU level need to up our game to try to ensure that we have the capability to properly look at what financial entities are doing in this space and that we also build up our expertise so that we can oversee the critical third party providers,” Ross said.
ESMA, with two other European Union regulators, in November named 19 technology companies considered critical third-party providers to the bloc’s finance industry, as part of new regulation to improve tech resilience. Ross declined to comment on whether AI providers could be added to the group of critical providers at a later date.
Rich Valuations, Suspect Trades
Cyber risk is one underlying vulnerability that could coincide with a reassessment of valuations of financial assets, Ross said.
Big price swings, including a spike in the oil price following the outbreak of the U.S. and Israeli war on Iran, have rattled investors. Stock markets in the U.S. and elsewhere are near all-time highs, boosted by large tech companies.
“We are still looking very carefully at how the markets are reacting in terms of the overall valuations, which are still very, very high, so there’s a question of what type of events might turn that general positive feeling in the market around and might lead to quite some selloff,” said Ross.
The 58-year-old executive, who will be standing down from her post on October 31, said big swings in markets typically draw supervisory scrutiny for possible insider trading. The U.S. Commodity Futures Trading Commission is examining a series of trades in oil derivatives, media including Reuters have reported.
“Whenever you see very volatile markets that are driven by news and things like that, it’s an area that you automatically spend some attention and look at carefully. That’s quite natural,” she said, declining to be drawn on any specific regulatory activity.
Policing Crypto
National regulators in EU countries are responsible for overseeing crypto companies, and have given firms until the end of June to secure a license or stop offering their services.
France’s regulator said in January that nearly a third of unlicensed crypto companies had not told the regulator whether they planned to get a license.
“One of the challenges we will face from the first of July onwards is how do we then deal with the policing of the perimeter,” Ross said.
The European Commission has proposed that ESMA gain more powers to supervise important cross-border financial market players, including major trading venues and crypto companies, as part of a wider package to centralize supervision and reduce fragmentation in the EU’s financial markets.
The plans are supported by the EU’s six biggest economies but are opposed by some countries.
“My impression is that there is indeed a political ambition now to try to move forward quickly,” Ross said.
(Reporting by Elisa Martinuzzi and Elizabeth Howcroft; editing by Hugh Lawson)
