Summary
- Bank of England deputy governor Sarah Breeden said agentic AI is changing cyber risk, markets, and payments.
- The speech raised concerns about AI-enabled cyber capability, market disruption, payments liability, and operational recovery.
- Financial institutions face growing pressure to treat autonomous AI as a resilience and accountability issue, not only an innovation tool.
The Bank of England has warned that agentic artificial intelligence could create new financial stability and operational resilience risks across cyber security, markets, and payments.
Sarah Breeden, deputy governor for financial stability, used a speech at the European Central Bank Forum on Central Banking to describe how AI is reshaping finance at speed. The speech, titled Agents of change, said central banks need to adapt quickly, strengthen resilience, and cooperate globally as more autonomous systems enter financial activity.
The focus on agentic AI moves the debate beyond familiar concerns about model risk, explainability, and bias. Agentic systems are designed to plan, act, and adapt toward a goal with limited human intervention. In finance, that creates a different risk profile when systems are connected to trading, payments, operations, fraud controls, customer interaction, software development, and cyber defence.
Breeden’s speech links agentic AI to several pressure points. In cyber security, more capable AI agents could lower the cost of reconnaissance, social engineering, vulnerability exploitation, and attack adaptation. In markets, similar models acting at speed could amplify herd behaviour or volatility if their objectives, data sources, or guardrails interact in unexpected ways. In payments, autonomous agents acting on behalf of customers create questions around consent, liability, authentication, and transaction control.
The operational resilience element is especially important for UK financial services. If AI systems become embedded in important business services, institutions will need to know whether those systems can be stopped, isolated, recovered, overridden, and audited during stress. The speech refers to safeguards such as circuit breakers and kill switches, alongside wider recovery capability.
Boards, technology owners, and risk committees will have to distinguish between models that recommend decisions and agents that initiate them. Once an AI system can execute tasks, call tools, alter workflows, or interact with financial infrastructure, governance has to cover authority, monitoring, rollback, access control, logging, and human accountability.
The Bank’s intervention comes as financial services organisations increase use of AI across back-office operations, customer service, compliance, engineering, fraud detection, and market analysis. Many deployments may begin as low-risk productivity tools, but the line between assistance and operational dependency can move quickly when systems are connected to live data and business processes.
Third-party concentration will add to the challenge. Banks and insurers may rely on the same model providers, cloud platforms, orchestration tools, data pipelines, and specialist vendors. A defect, outage, policy change, security failure, or unexpected agent behaviour in a shared dependency could create correlated disruption across several firms.
The regulatory response is still developing. UK financial services already operate under operational resilience rules, outsourcing expectations, cyber supervision, and model risk frameworks. Agentic AI cuts across all of them, because the risk is not confined to the model itself. It sits in how the model is connected, authorised, observed, and constrained.
Breeden’s warning does not call for financial institutions to stop using AI. It sets a higher bar for deployment discipline, with autonomous systems governed as part of the control environment before they are allowed to act at scale.





