In a keynote speech, Patrick Montagner of European Central Bank Banking Supervision outlined how supervisors intend to support banks’ digital transformation while tightening expectations around governance and risk controls. The approach frames innovation as necessary for competitiveness, but stresses that AI, tokenisation and new digital payment arrangements must be pursued in line with banks’ risk appetite and with a clear focus on financial stability and interconnected operational risks. The speech highlighted that over 85% of ECB-supervised banks already use artificial intelligence, with generative AI increasingly deployed in IT operations, legal and document analysis, and frontline applications. It flagged persistent shortcomings in AI-specific risk management, including data quality controls, explainability, model governance across the life cycle, clear accountability and the need for ongoing monitoring to address issues such as “reward hacking”. It also pointed to concentration risk from reliance on a small number of major non-EU AI providers and described coordination efforts building on the implementation of the Artificial Intelligence Act. On tokenisation, it stressed the need for comprehensive strategies and careful choices on in-house build versus partnerships, distinguishing tokenised deposits from stablecoins, which were described as inherently exposed to liquidity and operational risks including cyber risk and money laundering compliance risk. Regulation was presented as the common risk language for the sector, with the Digital Operational Resilience Act (applicable from January 2025) cited for unified incident reporting, ICT third-party contract registers and oversight of critical providers; payment fraud across the European Economic Area was cited at EUR 4.2 billion in 2024. Looking ahead, European Central Bank Banking Supervision plans in 2026 to continue monitoring AI with a focus on generative AI applications, deepen its assessment of third-party dependencies and concentration in critical service providers, and strengthen its work on operational resilience building on DORA.
European Central Bank - Banking Supervision 2026-02-03
European Central Bank Banking Supervision sets out 2026 supervisory priorities for AI governance, tokenisation and operational resilience
In a keynote speech, Patrick Montagner of European Central Bank Banking Supervision emphasized aligning digital transformation with governance and risk controls, particularly in AI and tokenisation. He highlighted AI-specific risk management shortcomings and concentration risks from non-EU providers, stressing the importance of the Digital Operational Resilience Act for unified incident reporting. The ECB plans to focus on generative AI, third-party dependencies, and operational resilience in 2026.