INTRODUCTION Contributed by: Adrian Ang, Allen & Gledhill
led penetration testing” exercises. For example, the Digital Operational Resilience Act (DORA) entered into force in the EU in January 2025, and aims to ensure that financial entities can withstand, respond to, and recover from information and communication technol - ogy (ICT) disruptions, such as cyber-attacks or system failures. While the management of ICT risks is not nec - essarily something new (eg, for several years Singa - pore’s regulator has required financial institutions to adhere to, where relevant, Guidelines on Technology Risk Management and the Notice on Cyber Hygiene), we would expect regulators’ increased focus on the management and oversight of technology risks to cre - ate a demand for solutions that map critical functions, conduct threat-led penetration testing, and manage third-party risk concentration. Agentic AI The evolution of the fintech market over the past 12 months has been defined by the rapid industrialisa - tion of AI. 2024 and 2025 focused on large language models (LLMs) that could generate text or code, and thereby served as tools assisting human workers. 2026 would appear to be the year of widespread adoption of agentic AI. Unlike passive chatbots, these agents possess the ability to perceive their environ - ment, form intent and act. Unlike traditional robotic process automation, which follows rigid rules, AI agents can handle exceptions, interpret unstructured data, and orchestrate actions across disparate sys - tems. Agentic AI systems can therefore be thought of as systems that are capable of reasoning, planning and executing multi-step financial workflows without human intervention. Naturally, we can expect financial institutions to deploy agentic systems to automate or enhance complex, multi-step workflows. We would also expect fintech businesses to capital - ise on agentic AI to introduce various types of busi - nesses. For example, “agentic commerce” can allow consumer-authorised bots to negotiate prices, renew subscriptions and execute payments, creating a new layer of “machine-to-machine” economic activity. In the realm of “agentic finance”, while legacy robo-advisers offered static exchange-traded fund (ETF) allocations on the basis of predetermined risk tolerances, agen - tic AI can be used to actively manage a user’s entire
balance sheet (eg, moving excess cash to high-yield accounts) in real time. Agents authorised by consum - ers can negotiate purchases, book travel and execute payments. In the back office, AI agents can execute customer due diligence and know-your-customer pro - cesses, analyse transactions as part of transaction monitoring alerts, and draft any required activity reports (eg, on suspicious activity) for human review. Lenders can utilise “agentic underwriting”, analysing alternative data points (telco data, rental payments, open banking data) to score “thin-file” borrowers, and even leverage real-time access to accounting software via APIs to offer dynamic credit lines based on actual cash flow rather than static credit scores. This technological leap creates some legal uncer - tainty. One issue impacting the market in 2026 is the attribution of liability for autonomous actions. If an AI agent executes a trade that results in significant loss, or denies a loan application based on opaque criteria, the question of attribution (ie, whether the act is that of the developer, the deployer or the user) becomes critical. In 2026, we see the crystallisation of liability frameworks that may, among other things, attribute responsibility to the deployer of the high-risk system, treat high-risk AI agents as an extension of their prin - cipal, and necessitate robust “human-in-the-loop” oversight mechanisms. A secondary issue is that of explainability. The “black box” nature of these models poses risks if a deci - sion is required to be justified. It may be the case that regulators may increasingly require financial institu - tions to provide specific reasons for certain actions, even when decisions are made by complex neural networks. Consistent with the idea of AI agents being an exten - sion of their principal (whose actions must be explain - able), the implications are, among other things, the necessity of “proof of authority” guardrails. A new “AI assurance” industry has emerged to audit these agents, ensuring they operate within defined risk parameters and do not hallucinate or exhibit bias in credit scoring or claims processing.
8 CHAMBERS.COM
Powered by FlippingBook