What role will AI play in the next crisis? The one the authorities think?
AI Systemic risk Regulations
We have been seeing a lot of official discussion on how artificial intelligence might affect financial stability, giving the impression the financial authorities are on top of the risk emanating from AI. Distilling what the various policy reports, policymakers' speeches and financial stability reports say about the topic, a fairly consistent list of financial stability concerns emerges.
Dependence on a small number of third-party providers. Correlated positions arising from firms using the same models. Cyber attacks made cheaper and more capable. Model risk, and the overreliance that follows when the models perform well. Speed and volatility in markets under stress. A fall in AI asset prices, which would threaten stability if the buildout comes to be financed by debt.
Others come up as well, real but not systemic in themselves. Fraud and scams made cheaper and more convincing. Bias and data privacy. Consumer protection. A runaway algorithm or a trading outage.
It is certainly worthwhile to discuss all these concerns, but they are more focused on what could go wrong than on how the financial system is affected. In other words, more on the triggers and less on the consequences. And that is important, because resilience has to be built against the ultimate consequence, not the trigger that leads to it.
Before getting into the actual AI financial stability concerns, there are three dimensions worth discussing. The first is what I called double coincidence a decade ago. Suppose a serious cyber attack on the financial system lands today. There are no liquidity tensions, so the private and the public sector can absorb it, and it remains what it is, a costly operational incident. Now suppose the same attack had landed on 16 March 2020, at the height of the Covid dash for cash, or on 1 October 2008, after Lehman failed. The attack and the liquidity crisis would have viciously amplified each other, all while draining the credibility of the very institutions charged with containing them, just when that credibility mattered most.
The second idea is monoculture, a problem I have written about since 2001, and in the AI context since 2017. Only a handful of vendors operate at the frontier of AI, joined by open-source suppliers whose models are trained on much the same data. Most institutions, private and public alike, will end up running the same few models, seeing risk the same way and reacting to it the same way. The models do not have to be identical. Common suppliers, common data and common objectives are enough. A diverse system absorbs shocks because its participants respond differently, some buying while others sell. A monoculture has no such shock absorbers when everyone heads for the same exit at the same time.
The third is AI wrong-way risk, where the trust we place in AI grows with its performance in normal times, just as its reliability falls in times of stress.
The three work together. The double coincidence makes instability depend on the state of the system, the monoculture makes everyone respond to that state in the same way, and wrong-way risk means the shared engines are least reliable in precisely the state where their sameness is most dangerous.
AI undermines supervision
As far as I can tell, no official document or speech takes seriously the threat of AI being used to optimise against the rulebook. However, I see that as a core threat. Optimisation against the rulebook is what is often called in the AI literature adversarial compliance, where firms use AI to shape reported risk, capital, liquidity and leverage so that the rulebook sees less than the firm is really doing.
Supervision is undermined because the private sector is adopting AI far faster than the authorities, as I first argued in 2023. The concern is that firms will use AI to optimise reporting and compliance, in effect optimising against the rulebook, as Andreas Uthemann and I have argued. A regulated firm might use AI to find leverage that does not show up as leverage. Or it might optimise its way through a stress test, presenting positions that pass while the underlying risk stays put, disclosure that is formally compliant and economically misleading.
How common is this? Hard to gauge. My anecdotal evidence is that plenty of old-style human reporting is still being done, but institutions are actively studying the area and seem intent on expanding AI use in reporting, for cost reasons if nothing else.
The authorities cannot keep up. They have limited AI resources and find it hard, both financially and structurally, to acquire more. Their approach to supervision is still built on PDF reports, database dumps and inspections, with humans analysing reports the machines wrote. And when the authorities do adopt AI, tight budgets mean they will buy the same vendor models as the firms they supervise, bringing the monoculture into supervision itself.
Why is the private sector so much quicker to adopt AI? Competition. A firm that shuns AI in a fiercely competitive financial system earns lower profits, and its decision-makers earn lower compensation. No such pressure bears on supervisors. Legacy practices, and the restrictions under which public sector organisations operate, hold back adoption even when it would cut costs. AI is a new way of getting things done, and that is hard for them.
The supervisor inside the monoculture
The public sector's place in the monoculture matters as much as the private sector's, because the same engines that shape how banks take risk will shape how the authorities identify it and react to it. A supervisor running the model its banks run will miss what they miss.
No official report says the supervisor is inside the monoculture. On the contrary, they all seem to assume that the supervisor is an outside observer, as if the authorities were monitors with better tools than the private sector. They do not ask whether supervisors themselves become part of the same model monoculture they are meant to oversee.
The exception seems the one central bank, the Bank of Korea that runs its own model, giving it advantages the rest do not have.
When stress hits, it hits in minutes
Some official documents have mentioned the speed of AI, but as far as I can tell, none of them has outlined the actual mechanism of how AI affects crises. That is a topic Andreas Uthemann and I first discussed in a 2024 column and then analysed in the Journal of Financial Stability last year.
Most of the time, financial institutions maximise profit and treat risk and regulation as an irritant. In crisis, everything changes. When a shock hits, the first to act is the best placed to survive it. When Archegos collapsed in 2021, the banks that moved first, Goldman Sachs and Deutsche Bank, came off best, followed by Morgan Stanley. Credit Suisse and Nomura, the slowest to react, lost $5.5 billion and $2.85 billion respectively. I have called this the one-in-a-thousand-day problem. For 999 days out of a thousand, banks compete for profit. On the thousandth day, survival is all that matters.
Survival in crisis has always meant withdrawing liquidity wherever one can. In times past that meant buying gold. Today it means banks parking money in their reserve accounts at the central bank, and funds, insurers and dealers running to Treasuries, repos and whatever else is closest to cash. That rapid withdrawal of liquidity is the main damage a crisis does, and the reason central banks inject liquidity.
No dataset covers how such an event plays out. A crisis is collective behaviour, driven by what we economists call strategic complementarities.
Those who hold endless meetings and hope for the best fail.
AI amplifies this. The treasury function, in charge of liquidity, is already one of the largest users of AI in banks. Markets have run at machine speed for years. What is new is autonomous decision-making spreading beyond the trading floor, into treasury, collateral, credit and the interpretation of what other institutions are doing.
There are two ways AI accelerates and intensifies crises.
The first is that the engines are good at coordinating, because of those strategic complementarities, in ways nobody can detect. The engines do not need to communicate. One withdraws liquidity, its action moves prices and funding flows, the other engines read those moves as information, and their response validates the first decision. Every institution then has a reason to move faster still. Engines in different institutions can thus rapidly converge on either a crisis equilibrium or a non-crisis one. They collectively absorb a shock or collectively amplify it. The monoculture makes such convergence all the more likely.
The second is the desire to be first. AI is good at analysing and deciding, so it speeds up the decision to run or to stay.
What this means in practice is that a crisis that once took days or weeks might now take minutes or hours. Our defences — emergency meetings, liquidity facilities, the time to think — are built for human speed. They will not keep up.
AI wrong-way risk
A key concern in AI is what the official reports call overreliance, explainability or model-risk governance.
That understates the actual risk, and there is a subtler problem, AI wrong-way risk. As AI proves itself on ever harder tasks, we trust it with more, until it is making the decisions that matter most. But AI, like the statistical models before it, learns from the past, and a crisis is precisely the moment the past stops being a reliable guide. It is a version of the Peter principle. The machine is promoted until it reaches a task it cannot do, and in finance that task is the crisis.
AI is least reliable exactly when the stakes are highest, when an unprecedented event arrives and there is no relevant data to have learned from.
The same applies to the authorities. They adopt AI to close the capability gap, learn to trust it after years of normal performance, and then meet the regime change with the same blind spots as the firms they supervise.
AI makes the system easier to attack
Plenty of official discussion mentions cyber attacks, and with Anthropic's Mythos 5 emerging earlier this year, those mentions have only grown louder. However, there is less discussion on how such attacks might actually play out, and there is an important additional dimension the official discussion leaves out. And that is the double coincidence.
I first argued in 2016 that cyber risk becomes systemic only in combination with other stresses. We can view AI cyber risk in the same way. It lowers the cost of attacking the financial system, helping criminals find loopholes, letting terrorist groups orchestrate synchronised attacks on financial infrastructure, and allowing nation states to target the vulnerabilities of an adversary's financial system while keeping plausible deniability.
The advantage runs to the attacker. A defender has to protect the whole system. An attacker needs only to find a single weak point, and finding weak points is exactly what AI is good at.
The most dangerous targets are not individual banks but the plumbing that connects them — the payment systems, the clearing houses, the custodian banks through which ownership of vast quantities of assets is recorded. Concentrating transactions in a central counterparty concentrates cyber risk along with them.
The real danger is the double coincidence. The damage is worst when a cyber incident lands on an already fragile system. Almost all of the time, even a severe incident would be a local problem, but strike when markets are already in turmoil, when trust is draining and everyone's instinct is to protect themselves, and even a mild attack can tip the system into crisis. The usual remedy does not help, because liquidity is of little use when the pipes meant to carry it are broken — and that is precisely the moment an intelligent attacker would choose.
Nor does the attack even have to be real. In the Great Stock Exchange Fraud of 1814, a man in uniform appeared at an inn in Dover with false news that Napoleon was dead, and the London market rallied before the hoax unravelled and the conspirators were convicted. A convincing deepfake that a bank is failing can now do the same at global scale and in seconds, triggering a run before anyone has established whether it is true. AI helps those who would cause harm at least as much as those who would prevent it.
Conclusion
While AI does not create a new fundamental channel for financial instability, it amplifies the existing ones, changing the speed, scale and correlation of crises.
So what role will AI play? It conceals fragility before the crisis, as firms optimise against the rulebook. It accelerates the crisis when it comes, as the shared engines converge and race to be first. And it weakens the response, because the authorities' own tools carry the same blind spots and perform worst when needed most.
The trigger might be a cyber attack, a fraud, a fall in AI asset prices or something unrelated to AI altogether. AI's role will be to decide whether that trigger stays contained.
In identifying what matters, one can focus either on the triggers or on the fundamentals. My reading of official reports, speeches and the like suggests that most of the emphasis is on the triggers, not on the fundamentals.
That is a concern because it might suggest that we are in better shape than we are, leading to an illusion of control.