The Guernsey Financial Services Commission has issued a Dear CEO letter asking regulated firms to review their technology risk management arrangements in light of advances in artificial intelligence that can identify software vulnerabilities at much greater speed and scale. The Commission highlighted vulnerability management, patching processes and third-party oversight as key areas for attention, framing the issue as a change in the cyber risk environment rather than a new regulatory requirement. The letter says advanced AI tools can expose weaknesses across large, complex and legacy systems relied on by firms, customers and markets. While those tools can strengthen defensive capabilities, they also increase the need for continuous maintenance and monitoring of technology environments. Firms are expected to ensure technology risk is treated as an evolving exposure, that patching regimes remain appropriate if weaknesses need to be fixed in a significantly shorter timeframe, and that outsourced providers can meet the firm's needs in this changing environment. The Commission asked firms to bring the letter to the attention of their boards and senior management.
Guernsey Financial Services Commission2026-07-08
Guernsey Financial Services Commission tells firms to review technology risk controls as AI speeds vulnerability discovery
The Guernsey Financial Services Commission has asked regulated firms to review technology risk management as AI tools make vulnerability discovery faster and more scalable. It highlighted patching, vulnerability management and third-party oversight, and said firms should treat technology risk as an evolving exposure. Boards and senior management should be made aware of the letter.