BoE reviews rules for agentic AI across financial services
The Bank of England is reviewing whether current rules cover agentic AI in payments, trading, cybersecurity and operations, Deputy Governor Sarah Breeden told the ECB forum.
Deputy Governor Sarah Breeden told the European Central Bank forum in Portugal that the Bank of England is reviewing whether existing rules cover the use of agentic artificial intelligence across payments, trading, cybersecurity and operations.
Agentic AI refers to systems that can set objectives, make decisions and carry out sequences of actions without direct human instruction. Breeden said such systems are already in use for product recommendations, internal process automation and some trading-related tasks.
These systems differ from conventional automated tools because they can chain actions at speed and scale and pursue goals with less direct supervision. Breeden warned that expecting a human to oversee every action by an autonomous agent is unlikely to be practical for many workflows.
The Bank’s review will assess whether firm-level controls and market-wide safeguards are sufficient as agentic AI moves into more critical functions. Officials will place greater emphasis on scenarios where multiple institutions could be disrupted at the same time, rather than focusing only on single-firm failures.
Cyber resilience is a central concern. Breeden noted recent advances in AI tools for identifying vulnerabilities have changed capability on both offense and defence. She highlighted the risk that attackers could use advanced models to scale and speed up cyber incidents that would harm financial stability.
Breeden also pointed out that open-source models may trail the most advanced closed models by only four to eight months, reducing regulators’ confidence even where some model releases are restricted. The International Monetary Fund has warned that AI-enabled cyber attacks could spread across shared infrastructure such as cloud services, payment systems and common software, creating correlated failures.
The Bank is considering policy options that include stronger recovery requirements for core systems, arrangements allowing one bank to take over basic functions of another during an outage, and requirements for critical services to remain operational if a firm’s systems are compromised. Breeden raised the possibility that key firms should maintain separate failover systems or be able to rebuild core systems quickly after a breach.
Regulators are also weighing market safeguards to limit the impact of faulty or misaligned models. Proposed tools include circuit breakers, kill switches and trading limits designed to halt or curb activity if autonomous systems amplify volatility or respond in similar ways to the same market signals.
Global bodies are developing guidance in parallel. The Financial Stability Board published a consultation proposing 12 sound practices for responsible AI use in finance, covering governance, risk management across development and deployment, and cyber and third-party risk; the practices are non-binding.
Industry adoption of AI is widespread. A 2026 report from the Cambridge Centre for Alternative Finance found 81% of surveyed firms have adopted AI at some level and 52% are actively using agentic AI, with most current deployments concentrated in internal functions such as process automation, data visualisation, software engineering and knowledge management.
Content on BlockPort is provided for informational purposes only and does not constitute financial guidance.
We strive to ensure the accuracy and relevance of the information we share, but we do not guarantee that all content is complete, error-free, or up to date. BlockPort disclaims any liability for losses, mistakes, or actions taken based on the material found on this site.
Always conduct your own research before making financial decisions and consider consulting with a licensed advisor.
For further details, please review our Terms of Use, Privacy Policy, and Disclaimer.








