Global Trustee and Fiduciary Services Bite-Sized Issue 6 2026

10 AIFMD CRYPTOASSETS FINTECH FSB IOSCO MIFID II/MIFIR MONEY MARKET FUNDS OPERATIONAL RESILIENCE SUSTAINABLE FINANCE/ESG T+1 ASIA PACIFIC EUROPE LUXEMBOURG NORTH AMERICA UNITED KINGDOM Global Trustee and Fiduciary Services Bite-Sized | Issue 6 | 2026 Quick LInks OPERATIONAL RESILIENCE Joint Statement on Frontier AI Models and Cyber Resilience On 15 May 2026, the Financial Conduct Authority (FCA), Bank of England, and HM Treasury (together, the regulators) issued a joint statement on frontier artificial intelligence (AI) models and cyber resilience. In the statement the regulators note that AI continues to evolve rapidly and that frontier AI models represent a step-change in capability, with significant implications for cyber security and operational resilience meaning that they are already exceeding what a skilled practitioner could achieve, and at a significantly higher speed, greater scale, and lower cost. The regulators say these capabilities, if used maliciously, amplify cyber threats to firms’ safety and soundness, customers, market integrity, and financial stability. As more advanced models become available, these risks are expected to increase. Firms that have underinvested in core cyber security fundamentals are likely to become progressively more exposed. The regulators say that it is essential that firms have effective protective, detective, threat containment and cyber response capabilities including to address faster and more disruptive frontier AI-driven attacks and that they should be taking steps across the following areas: • Governance and strategy : Firms should ensure their boards and senior management have sufficient understanding of frontier AI risks. This is important to set strategic direction and oversee how control functions manage risks. Investment and resourcing decisions should reflect the emerging threat, including increased exposure from end-of-life systems or those out of vendor support. Firms should also consider whether they have appropriate insurance in place. • Identification and risk management of vulnerabilities : Frontier AI models can rapidly identify and enable exploitation of a potentially large number of vulnerabilities across firms’ technology estates. Firms should be able to triage, prioritise, risk assess, and remediate vulnerabilities more quickly, more frequently, and at scale, including through automation where appropriate, while mitigating the operational risks from doing so. • Managing risks from third parties : Firms should effectively manage frontier AI cyber risks from third parties and supply chains, including open-source software. This means firms should have the capabilities to identify, monitor, and manage external applications, libraries, and services integrated into their networks. Firms should be prepared to address and remediate vulnerabilities identified by third parties at scale. • Protection : Effective access management, network security, and data protection should enable firms to reduce the attack surface a frontier AI model might access and limit the likelihood and impact of such attacks. Firms should consider adopting automated and AI-enabled defences to operate at comparable speed to AI-driven attacks. • Response and Recovery : Firms should be able to respond to and recover from disruption quickly. Firms should read and consider the effective practices on cyber resilience published by the Bank of England, Prudential Regulation Authority and FCA in October 2025. The regulators say that they will continue to actively monitor frontier AI developments and engage with industry through the Cross Market Operational Resilience Group. Link to Statement here ASIC Calls for Urgent Cyber Uplift as AI Accelerates Cyber Threats On 8 May 2026, the Australian Securities & Investments Commission (ASIC) published an open letter calling on all licensees and market participants to urgently strengthen their cyber resilience measures, as frontier AI intensifies the global cyber risk environment. ASIC says that while cyber risk has always existed, misuse of frontier AI models could expose cyber security vulnerabilities at an unprecedented speed, scale, and sophistication.