.png)

Indra is a Senior Industry Advisor in the BFSI unit at TCS, with three decades of experience in business strategy and IT consulting. He leads CXO advisory, and drives data and AI-led innovations.
July 6, 2026 at 5:02 AM IST
Amid the intensifying AI arms race, the development of frontier AI models with massively enhanced computational power has taken on an exponential trajectory. The recently launched frontier models exhibit autonomous capabilities to discover, chain, and exploit vulnerabilities. In April, Anthropic’s restricted release of Claude Mythos Preview, with exceptional capabilities to autonomously identify and exploit zero-day vulnerabilities across software and operating systems, sounded alarm bells among global regulators over its systemic implications.
More recently, access to Anthropic’s Mythos 5, Fable 5, and OpenAI’s GPT 5.6 was restricted to a small trusted group over strategic concerns and export control directives, adding a new layer of uncertainty.
Amid rising anxiety, global regulators, lacking access to evolving frontier models and cyber weakness findings, shift focus toward strengthening frameworks to enhance resilience and safeguard financial system stability. With rising AI adoption in the financial sector, the supervisory focus now extends beyond model risk management guidance , incorporating augmented principles of responsible AI.
In early June, the Financial Stability Board launched a consultation on ‘Sound practices for responsible adoption of Artificial Intelligence’. Meanwhile, IOSCO following its 2025 AI Report has come up with a more comprehensive ‘Supervisory toolkit for AI use in capital markets’.
These frameworks emphasise cyber and ICT risks, third-party AI oversight, model governance, agentic AI controls, misuse prevention, capability thresholds, and risks from concentration and dependency on AI service providers.
Finance Sector Regulation
Anchored by the 2018 National Strategy for Artificial Intelligence, India’s AI governance model has evolved through NITI Aayog’s 2021 approach papers and MeitY’s 2025 voluntary guidelines. This structure effectively enables innovation while mitigating risk.In the securities markets, SEBI’s oversight stance evolved from 2019 AI/ML applications reporting mandates to November 2024 to delineating responsibilities for AI usage for regulated entities. Its June 2025 consultation on principles for responsible AI/ML shows little progress. After Mythos Preview launch, its 5 May cyber-suraksha.ai task force advisory on emerging AI tools for vulnerability detection largely reiterated existing cybersecurity guidelines.
For banking, following the 2025 Framework for Responsible and Ethical Enablement of Artificial Intelligence , the RBIrecently issued draft guidance on regulatory principles for model risk management. While setting regulatory expectations across the model lifecycle, it emphasises risk management for third-party and AI/ML-driven models.
Supervisory Imperatives
As AI adoption accelerates in pace and scale, the maturity of supervisory oversight—its responsiveness and tool readiness—would increasingly determine the integrity and resilience of financial markets.
Safeguarding market integrity, financial stability and investor protection in unpredictable AI-driven ecosystems requires a nuanced, risk based supervisory approach addressing unknown-unknown factors.
Forward-looking supervisory oversight prioritises adopting unconventional stances beyond prescriptive guidelines to actionable frameworks to emphasise systemic focus through proactive identification and remediation of weak links.
This dual approach translates abstract principles in practice, strengthening monitoring, proactive risk management, capability building, and cross-sectoral knowledge sharing to balance innovation with systemic resilience while preserving human agency/
Unconventional Stance
Regulatory oversight should endeavour eliminating single points of failure, proactively identifying and addressing market or firm-level gaps in AI practices that could endanger the broader system.
A tiered or graded approach granting concessions by firm size or functional area conflicts with the zero-trust paradigm.
The critical areas of elevated regulatory oversight area :
Governance: Ensuring firm-wise policies, board and senior management accountability, comprehensive AI frameworks for development, testing, deployment, performance monitoring, data security and protection, risk controls and guardrails, documentation, and capabilities building is essential to prevent vulnerabilities.
Alacrity: Enhanced attentiveness to early signals of heightened volatility, swings, collusion, herding, and unexplainable activity or behaviour is crucial.
Transparency: Stipulating improved disclosure by regulated entities on third-party AI use, risks, incidents, reporting, coupled with enhanced information sharing with cross-sectoral regulators and nodal authorities strengthens transparency and boosts resiliency of interconnected financial markets.
Human agency: Human oversight and control levels across the AI lifecycle vary by system criticality, risk, legal and regulatory considerations, granting AI proportional autonomy to preserve accountability.
Ethical AI: Promoting ethical, fair, and trustworthy AI minimises biased and discriminatory outcomes, unsuitable recommendations, and less-understandable expressions.
Reconnaissance: Rapidly evolving AI-powered financial ecosystems require shifting from traditional surveillance monitoring, post-facto investigation and audits to proactive intelligence gathering.
Foundational Blocks: Amid evolving AI, regulators must frame nimble frameworks and standards enabling intermediaries, market infrastructure institutions, and participants to swiftly adapt their organisational oversight, governance, risk management practices, talent, and infrastructure capabilities.
Generative and agentic AI expand risk management beyond three-lines-of-defence.
Their dynamic nature demands rigorous risk-based model classification, validation, benchmarking, performance testing, inventory, documentation, and real-time monitoring across lifecycle.
Full explainability is idealistic, yet AI must demystify black-box outcomes for human comprehension.
Beyond the BCP/DR regime, firms must control third-party software risks and dependencies. Comprehensive AI due diligence, certification, regulatory obligation mapping, risk heatmaps, monitoring, and audits strengthen transparency and operational control.
The financial sector’s vulnerability to AI-driven cyber-threats demands secure-by-design and zero trust principles.
Augmenting resilience requires holistic reviews of software flaws, access privileges, identities, combined with cyber hygiene, AI-enabled threat detection, network security, and layered defences.
As firms advance on AI trajectories, massive data growth and dispersed capabilities across infrastructure platforms intensify techno-functional complexities.
Exponential change requires future-ready strategies anchored in scalability and adaptability to effectively integrate evolving AI capabilities and drive strategic outcomes, while preserving AI and data sovereignty.