Financial regulators around the world appear to be trailing the institutions they oversee in adopting artificial intelligence, and many lack the data needed to understand how advanced models are being used inside the financial system, according to research published by the Cambridge Centre for Alternative Finance on Tuesday.
The report, prepared with input from the Bank for International Settlements, the International Monetary Fund and other multilateral bodies, is based on a broad survey that included 350 traditional banks and fintech firms, more than 140 AI vendors and roughly 130 central banks and financial authorities covering 151 countries.
Findings indicate that financial institutions are implementing AI at more than twice the rate seen among supervisors. Only two in 10 regulators reported what the study classifies as "advanced AI adoption." The survey also found that just 24% of authorities collect data on AI adoption within the industry, while 43% of those surveyed said they had no plans to begin collecting such data within the next two years.
"This empirical blind spot may undermine the prevailing optimism [on AI]. Authorities cannot successfully harness or oversee AI if they are navigating its adoption and risks without hard data," the report said.
Regulators and global standard-setting bodies have increased their warnings about risks linked to the financial sector's adoption of AI. The report highlights Anthropic's Mythos, released earlier in April, as an example of a next-generation system that could present new challenges for banks and their legacy technology stacks.
The authors note that models like Mythos could be capable of exploiting software vulnerabilities at scale, which may limit the effectiveness of current human-led governance and oversight mechanisms. The report emphasizes that, while regulators generally uphold the principle that financial firms remain accountable for harms including cyberattacks regardless of whether AI is developed in-house or by third parties, that accountability framework becomes more difficult to apply if systems are highly autonomous and managed by external vendors.
Reflecting on the implications for supervisory practice, the report warns that traditional oversight approaches may no longer suffice. It calls for regulators to consider adopting agentic AI capabilities - defined in the report as systems that can take actions without direct human oversight - to better align regulatory tools with the level of autonomy in the technologies they oversee.
The research paints a picture of a regulatory community aware of AI risks but constrained by limited data and slower adoption. The authors argue that without more systematic data collection and capability upgrades, authorities may struggle to keep pace with rapid technological change inside the sector.
Summary
The Cambridge Centre for Alternative Finance, in collaboration with multilateral institutions, surveyed hundreds of financial firms, AI vendors and global authorities and found a significant gap between industry and regulator AI adoption. Only a minority of regulators report advanced AI use or collect data on industry AI deployment, while next-generation models such as Anthropic's Mythos raise questions about whether existing oversight frameworks remain adequate.