ECB Orders Banks to Prepare for AI Cyber Threats to Protect Financial System
ECB's Directive and Growing Concerns Over AI-Driven Cyber Risks
FRANKFURT, July 7 (Reuters) - The European Central Bank on Tuesday gave euro zone banks four months to draw up plans to counter AI-enabled cyber threats that could undermine confidence in the financial system and disrupt payments.
Regulatory Response to Advanced AI Models
The move reflects mounting concern among regulators about advanced AI models such as Anthropic's Mythos whose cyber capabilities have become so powerful that access to some of them has been restricted — a limitation that currently excludes euro zone banks.
Implications for Bank ICT Systems
"These developments have potentially profound implications for the confidentiality, integrity and resilience of banks’ information and communication technology (ICT) systems," the ECB said in a letter to bank chief executives.
ECB's Recommendations for Banks
It told banks to prioritise protecting internet-facing systems and other exposed technology assets, including third-party software and open-source components, while speeding up vulnerability fixes and strengthening monitoring.
Modernisation and Crisis Management
The euro zone's top banking supervisor also urged lenders to modernise ageing technology, improve cyber hygiene and strengthen crisis-management, recovery and information-sharing arrangements.
Timeline and Supervisory Adjustments
Banks have until October 31 to submit their plans. To free up resources, the ECB has postponed a separate IT survey and may adjust inspections and other supervisory work.
Systemic Risks Highlighted by the ESRB
In a warning published alongside the ECB's letter, the European Systemic Risk Board said large-scale cyber disruptions could erode trust in financial institutions and even trigger runs on companies or countries perceived as less secure.
Potential Scenarios and Sector-Wide Impact
"The ESRB considers these developments to be a source of systemic risks to the financial system," said the ESRB, a European Union body that issues recommendations to other authorities.
To illustrate the risks, the ESRB outlined scenarios ranging from a gradual loss of confidence in smaller banks to state-backed espionage and coordinated attacks on payments, clearing and settlement systems, potentially amplified by misinformation campaigns.
It said incidents could spread quickly through common technology providers and shared software used across the financial sector.
(Reporting by Francesco Canepa. Editing by Mark Potter)


