BoE, FCA and HMT joint statement on AI frontier models and cyber resilience

The Bank of England, UK Financial Conduct Authority (FCA) and HM Treasury have published a joint statement on frontier AI models and cyber resilience, addressed to regulated firms and financial market infrastructures. The statement notes that frontier AI models already exceed the capabilities of skilled practitioners and can amplify cyber threats to firms' safety and soundness, customers, market integrity and financial stability. This is particularly true in cases where firms have not invested sufficiently in core cyber security.

The joint statement calls on firms to mitigate risks proactively in relation to the following:

• Governance and strategy: ensuring boards and senior management sufficiently understand frontier AI risks to set strategic direction and oversee how control functions manage risks. Firms should also consider whether they have appropriate insurance in place.
• Identification and risk management of vulnerabilities: being able to triage, prioritise, risk assess, and remediate vulnerabilities more quickly, more frequently, and at scale, including through automation where appropriate, while mitigating the operational risks from doing so.
• Managing risks from third parties: effectively managing AI-related cyber risks arising from third parties, supply chains and open-source software, including the capability to monitor and remediate external vulnerabilities.
• Protection: strengthening access controls, network security and data protection, and considering AI-enabled defensive measures to keep pace with AI-driven threats.
• Response and recovery: ensuring the ability to respond to and recover from cyber incidents quickly, while considering the effective practices on cyber resilience published in October 2025.

The government and UK financial authorities will continue to monitor frontier AI developments and engage with industry through the Cross Market Operational Resilience Group.

Return to main website.