| Link(s): | FCA, Bank of England and Treasury joint statement on frontier AI models and cyber resilience | FCA |
Context
The FCA has published a joint statement it has issued with the PRA and the Bank of England. The statement relates to frontier AI models and cyber resilience. The statement points out that AI continues to evolve rapidly, and that ‘frontier’ AI models represent a step-change in capability, with significant implications for cyber security and operational resilience. ‘Frontier AI’ models are AI models that can perform a wide variety of tasks and match or exceed the capabilities present in today’s most advanced models.
The statement points out that this note is not intended to introduce new expectations; rather, it brings together and reinforces existing messages to support firms as the operating environment becomes more complex.
Key points to note and next actions
Under the heading ‘Why frontier AI matters for firms’, the statement explains that the cyber capabilities of current frontier AI models are already exceeding what a skilled practitioner could achieve, and at a significantly higher speed, greater scale, and lower cost.
Under the heading ‘What this means for regulated firms’, there is commentary under several sub-headings:
- Governance and strategy
- Identification and risk management of vulnerabilities
- Managing risks from third parties
- Protection
- Response and Recovery
The Government and UK financial authorities will continue to actively monitor frontier AI developments and engage with industry through the Cross Market Operational Resilience Group (CMORG).
Firms should keep up to date with relevant publications in this space by CMORG and the National Cyber Security Centre (NCSC), the UK’s technical cyber authority. For example, firms can watch CMORG’s Frontier AI Risk Mitigation Webinar from 14th May 2026. In addition, the NCSC continues to publish practical guidance on how firms should consider and manage the risks from frontier AI. This includes: