marco - stock.adobe.com

Bank of England explores trading ‘kill switches’ to contain AI meltdowns

UK central bank’s deputy governor outlines challenges facing regulators as artificial intelligence reshapes the finance sector

The Bank of England is exploring the use of kill switches that could halt trading in the event of artificial intelligence (AI) models going astray, as it accepts existing regulatory frameworks may not be adequate.

Speaking at the European Central Bank’s (ECB’s) annual Sintra Forum on central banking, the Bank of England’s deputy governor, Sarah Breeden, said the use of AI in commerce and trading means regulation must change.

“What these two examples – agentic commerce and agentic trading – both highlight is that, as AI capabilities increase, we must keep asking whether existing, technology-agnostic regulatory frameworks remain sufficient,” she told the audience.

Breedon said financial firms will not be able to rely on a guarantee of human oversight. “Our frameworks were not built to contemplate autonomous agents, and relying on a human in the loop for all agent actions is unlikely to be realistic. More sophisticated governance and accountability frameworks may be needed,” she added.

Breeden said that, from late 2024, AI systems were trained to reason through requests, but today they can autonomously chain together sequences of actions.

This has huge implications for regulating trading and commerce, and protecting against cyber attacks. “The financial system looks likely, therefore, to evolve quickly into one that operates more autonomously, at scale and speed: AI agents transacting on behalf of consumers and merchants; devising and executing trading strategies in financial markets; and identifying and chaining together cyber vulnerabilities,” she said.

What if autonomous agents go rogue?

In trading, Breeden said firms currently use autonomous AI for lower-risk operational tasks, such as research, but added that this could change quickly.

In a financial system that operates more autonomously, at scale and speed, she said AI agents could devise and execute trading strategies.

Our frameworks were not built to contemplate autonomous agents, and relying on a human in the loop for all agent actions is unlikely to be realistic. More sophisticated governance and accountability frameworks may be needed
Sarah Breeden, Bank of England

“If AI agents respond similarly to the same prompts or triggers, they could amplify volatility in stress – especially if their objectives drift from original goals or public policy objectives, in a manifestation of the misalignment problem that can arise with some AI models.

She asked whether firms can “observe and contain their resulting behaviours”.

“We are experimenting with the Bank of International Settlement Innovation Hub and the Bundesbank on simulation methods to understand which aspects of agent design could drive herding behaviour,” she added.

Breeden said the organisations are also considering whether there is a need for guardrails, similar to circuitbreakers or kill switches, that would limit or stop trading market-wide if faulty AI models cause market meltdown.

In April, the Bank of England and the Financial Conduct Authority (FCA) agreed to take steps following criticism from MPs on the Treasury Committee. In a January report, committee chair Meg Hillier said she did not believe the finance sector is prepared for a major AI-related incident.

MPs on the Treasury Committee reported that the position adopted by the Bank of England and the FCA, which they described as a “wait-and-see approach”, was exposing the public to “potential serious harm”.

Cyber weakness a pressing concern

Breeden’s most pressing stability concern is a step change in agentic AI’s cyber capabilities, which includes the ability to identify cyber vulnerabilities en masse.

In April, major UK banks entered discussions with regulators as the latest Anthropic AI unearthed decades-old vulnerabilities.

“In the hands of defenders, these tools strengthen cyber resilience. But in malicious hands, they materially increase the chance of attacks that could harm financial stability,” Breeden warned.

She said the main challenge for regulators is maintaining the advantage of cyber defenders as malicious actor capabilities evolve. She added that this is particularly the case “in an increasingly severe cyber threat environment, including from geopolitics and ransomware”.

Breeden added that for financial stability, vulnerability patching must happen quickly – across the financial sector, key third-party technology providers and the wider national infrastructure.

What disruption response might look like

With the increased risk of mass disruption in the sector, Breeden said the regulators should consider whether the firms they regulate require “enhanced recovery options for core systems”.

She said cooperation between financial services firms could be an option, with, for example, other banks providing basic functions to the customers of banks that are unable to provide them. “In a cyber context, do we need systems that allow one institution to pick up another’s basic functions during disruption, as in Ukraine’s Power Banking programme launched in 2022?” This initiative was created to guarantee financial resilience during blackouts and grid disruptions.

Breeden added that another consideration is whether “key firms” could be made to have completely separate failover capabilities, or to be able to rebuild compromised core systems quickly from “bare metal”.

Read more about AI regulation

Read more on IT for financial services