The Bank of England is reassessing whether existing financial rules can govern agentic AI as autonomous systems move into trading, payments, cybersecurity and critical banking operations.
Financial regulation has long rested on a stable assumption: behind every consequential action sits an identifiable institution and, ultimately, a human decision-maker. Agentic AI is beginning to strain that assumption.
As financial institutions deploy systems capable of interpreting objectives, selecting tools, initiating transactions and adapting their behaviour across multiple steps, the regulatory question is no longer simply whether an AI model is accurate or explainable. It is whether rules can govern decisions distributed across models, software agents, data pipelines, external providers and automated infrastructure.
That is the concern confronting the Bank of England. Speaking at the European Central Bank Forum on Central Banking in Sintra, Sarah Breeden, the Bank’s Deputy Governor for Financial Stability, said existing frameworks were not designed to contemplate autonomous agents. She also questioned whether keeping a human “in the loop” for every action could remain realistic as financial systems become more autonomous and interconnected.
The Regulatory Problem Is Moving Beyond Model Risk
For much of the past decade, the financial sector’s AI debate has centred on familiar concerns: biased outputs, weak explainability, privacy failures, poor data and unreliable predictions. Those risks remain important. Agentic systems add another layer because they do not merely generate an answer; they can convert that answer into a sequence of actions.
A conventional model may flag a suspicious payment or recommend a trade. An agentic system can interpret a goal, retrieve information, choose tools, execute a transaction and revise its approach as conditions change. The centre of risk therefore moves from the quality of one output to the behaviour of an entire decision-and-action chain.
Finance has used automation for decades. What is changing is the breadth of the workflow that can be delegated, the discretion given to the system and the speed at which it can act. Breeden described the transition as macro-relevant and inherently uncertain, shaped by advances in capability, computing capacity, diffusion across sectors and the financing of AI infrastructure.
Adoption Is Already Moving Beyond Experimentation
The Cambridge Centre for Alternative Finance reported that 81% of surveyed financial-services firms were adopting AI at some level. Fifty-two per cent were already actively adopting agentic AI, including 23% at the scaling or transforming stages and 29% in pilots. Fintech firms were ahead of traditional financial institutions, at 57% compared with 45%.
Deployment, however, remains concentrated in internal execution. Process automation, software engineering and knowledge management were among the most common uses, while only 14% of surveyed firms regarded AI as transformational to organisational strategy. Governance cannot begin only after an agent reaches a critical workflow.
Cyber Resilience Is the Most Immediate Stability Concern
Breeden identified agentic cyber capability as her most immediate financial-stability concern. AI can help defenders identify vulnerabilities, inspect code and respond to incidents. The same capabilities can help attackers discover weaknesses, combine exploits and operate at a scale that previously required larger teams and more time.
The systemic danger lies less in a new form of attack than in AI increasing its speed, reach and reproducibility. Modern finance depends on shared software, cloud platforms, payment networks, data services and telecommunications infrastructure. A weakness in one widely used component can therefore affect several institutions at once.
The IMF has similarly warned that AI can amplify cyber risk through common technologies and service providers. Severe incidents could disrupt payments and financial intermediation, create funding pressures and weaken market confidence.
Firm-level cybersecurity is therefore necessary but insufficient. Regulators also need to understand the potential “blast radius” of a breach: which institutions share the same dependencies, how far disruption could spread and whether recovery plans assume an isolated outage when the real event may affect many firms simultaneously.
Resilience Must Focus on Critical Functions, Not Only Firms
Breeden argued that authorities should assign greater probability to simultaneous disruption across multiple firms, strengthen system-wide stress testing and improve coordination between regulators and industry. She also raised more radical recovery questions: could one institution temporarily provide another bank’s basic functions during a severe disruption? Should key firms maintain separate failover systems or be able to rebuild compromised infrastructure rapidly?
These questions point to a shift in operational resilience. Regulators may need to focus not only on preserving institutions, but on preserving critical functions such as access to deposits, payment settlement, market liquidity and essential records.
A financial system can remain solvent on paper and still become unstable if several institutions lose operational capability at the same time.
Agentic Trading Could Turn Similarity Into Systemic Risk
In financial markets, autonomous AI is still used mainly for lower-risk operational and research tasks. The Bank of England is looking ahead to what happens when agents begin developing and executing strategies more independently.
The concern is not merely that one model may be wrong. It is that many agents may be wrong in the same direction.
Institutions may rely on overlapping data, similar foundation models, comparable risk constraints and related optimisation goals. During stress, that can produce synchronised behaviour. Agents responding to the same signal may sell assets, reduce exposure or withdraw liquidity at nearly the same moment, reinforcing the volatility they are reacting to.
The Bank is working with the BIS Innovation Hub and the Bundesbank on simulations intended to identify which elements of agent design could encourage herding. Breeden also raised market-wide guardrails resembling circuit breakers or kill switches if faulty AI systems contribute to severe disruption.
Regulators may therefore need to assess not only whether each institution has governed its own models properly, but whether the interaction of many individually compliant systems could produce an unstable collective outcome.
Agentic Payments Raise Questions of Consent and Liability
Payments may bring this issue directly into consumer life. Today, an AI assistant may recommend a product while the user completes the purchase. The emerging model allows the agent to complete the transaction as well.
That convenience creates difficult questions. How does a customer authorise a series of transactions rather than one payment? Who is responsible when an agent exceeds its mandate or is manipulated into transferring funds? How should liability be divided among the customer, bank, merchant, agent provider and model developer?
Breeden also warned of fragmentation if technology firms, payment systems and merchants create closed protocols that primarily work within their own ecosystems. The Bank is participating in the design of the United Kingdom’s next-generation retail-payments infrastructure, while the government is expected to examine how payments regulation should adapt to transactions conducted by AI agents.
The underlying issue is delegated authority: existing mechanisms for consent and redress may need to work across a chain of machine-initiated decisions.
Global Regulators Are Building Governance Across the AI Lifecycle
In June 2026, the Financial Stability Board published a consultation proposing 12 sound practices for responsible AI adoption by financial institutions. They cover organisation-wide governance, risk management across development and deployment, and risks linked to cybersecurity, information technology and third-party providers.
The FSB is not proposing a binding international standard. It is seeking a flexible reference point for boards, senior management and regulators.
Flexibility, however, cannot mean vague responsibility. A credible framework must establish who owns an agent, what data and tools it may access, which actions it may execute, how decisions are recorded and under what conditions the system must escalate or stop.
A human may not approve every action, but a human institution must still define the boundaries within which those actions occur.
The Real Challenge Is Accountable Autonomy
The Bank of England’s intervention changes the regulatory debate. The central question is no longer whether AI should be used in finance. It is how autonomy can be introduced without allowing responsibility to dissolve across models, vendors and automated workflows.
Human oversight cannot be reduced to an approval box or an operator watching thousands of machine-speed actions. It must be designed into the system through constrained permissions, traceable decisions, continuous evaluation, independent controls, recovery mechanisms and clear legal accountability.
Agentic AI could strengthen cyber defence and improve financial services. It could also extend cyberattacks, intensify market herding and blur consent and liability.
Financial regulation was built for institutions using machines as tools. It is now preparing for machines acting as delegated operators. As finance becomes more autonomous, accountability, resilience and public trust cannot become weaker.

