The Autorité des marchés financiers has identified operational resilience and cyber risk as key priorities in its 2026 action plan. It said financial firms must be better prepared for rapidly evolving digital threats, particularly those linked to artificial intelligence.

AMF Warns AI Accelerates Cyber Threats

The regulator warned that new AI models could accelerate the discovery of system vulnerabilities and make cyberattacks more efficient. It added that AI tools may also contribute to the “industrialisation of malicious campaigns”. At the same time, it noted AI can improve detection and response capabilities, but stressed that firms must adapt their risk management frameworks accordingly.

The AMF said it will remain active in international coordination through IOSCO, the Financial Stability Board, the European Systemic Risk Board, and the G7 Cyber Expert Group. It also co-chairs IOSCO’s Financial Stability Engagement Group with the UK Financial Conduct Authority.

On supervision, the AMF is enforcing the Digital Operational Resilience Act, in force since January 2025. The regulation sets requirements for cyber risk management, incident reporting, resilience testing, and third-party oversight.

Firms Face Stricter AI Cyber Controls

The AMF will later publish its own assessment focused on French supervised firms, highlighting key lessons and areas for improvement.

In 2026, the regulator will expand outreach and monitoring, including a webinar on 1 July and a survey on how firms are managing AI-related cyber risks. Results are expected in the autumn.

It will also continue cybersecurity inspections covering data protection, incident response, and resilience controls, with a focus on AI-driven threats.

The AMF urged senior management to ensure cyber risks are properly identified, monitored, and tested. It recommended alignment with ANSSI best practices, DORA requirements, and European supervisory guidance.

Key measures include maintaining inventories of critical systems, strengthening encryption, faster patching, regular backups, staff training, incident testing, technical audits, crisis simulations, and integrating AI-related scenarios into cyber risk planning.

EU Reports Rising Cross-Border ICT Risk

Meanwhile, the European Supervisory Authorities published their first annual overview of major ICT-related incidents under the Digital Operational Resilience Act. Issued by the EBA, EIOPA, and ESMA, the report recorded 3,383 incidents, with around one third showing cross-border impact.

It said ICT risks are increasingly “borderless and interconnected” due to shared infrastructure and outsourcing. Cybersecurity incidents accounted for about 10% of cases. The authorities also noted that AI-driven tools could increase future operational risk in financial systems.

This article was written by Tareq Sikder at www.financemagnates.com.Retail FXRead More

You might also be interested in reading Car tax: green motoring just got more expensive as EVs lose exemption.