X

CFTC Commissioner Warns of Agentic AI Risks

"Properly architected agentic AI systems can produce robust compliance and fraud prevention systems ... But with every great opportunity comes risk."
Kristin N. Johnson, CFTC Commissioner
"Properly architected agentic AI systems can produce robust compliance and fraud prevention systems ... But with every great opportunity comes risk."
Kristin N. Johnson, CFTC Commissioner

CFTC Commissioner Kristin N. Johnson called for stronger third-party risk management and cyber preparedness as advances in AI pose increasing risks.

At a symposium on "AI Risks and Opportunities Across the Digital and Cyber Landscape" sponsored by the Federal Reserve Bank of Dallas, Ms. Johnson described the shift from generative AI to "agentic AI" - a model that goes beyond content generation toward independently completing tasks, making decisions and adapting in real time. She reiterated the potential of GenAI "to facilitate execution of regulatory reporting and compliance obligations," including for supervision over know-your-customer and anti-money laundering compliance, and "to expedite routine reporting and to enable efficient review of responses and comment letters." She highlighted possible applications for agentic AI across the financial sector, including continuous credit monitoring, automated auditing, fraud detection and real-time market intelligence.

She warned, however, that increasing autonomy introduces risks. She noted that "agentic AI models [that] are integrated into our markets include the limitations of synthetic data, data leakages, data integrity, data security, data privacy, ethical concerns, the absence of a human in the loop, security vulnerabilities (hijacking or exploitation), and accountability among others."

On cybersecurity, Ms. Johnson reminded the assembled stakeholders that the same technologies that can improve oversight can be leveraged by malicious actors. She pointed to Treasury and FSOC reports warning that generative AI could accelerate phishing, malware development and disinformation campaigns—especially among less sophisticated adversaries.

Ms. Johnson also highlighted third-party risk management as a vulnerability given the increasing reliance on a small number of AI vendors, cloud providers and data infrastructure partners. She endorsed recommendations from the CFTC's Market Risk Advisory Committee to expand operational resilience requirements for derivatives clearing organizations, including mandates for comprehensive third-party risk programs. She said these proposals would build on CFTC Rule 39.18 ("System Safeguards") and align US oversight more closely with international standards.

Primary Sources

  1. CFTC: Public Statements & Remarks: Keynote Remarks of Commissioner Kristin Johnson at the Federal Reserve Bank of Dallas

Related Articles

Premium Content

Available only to Premium subscribers.

 

Join Premium

US Regulatory Intelligence combines regulatory and enforcement news, analysis, and practical work tools on an easy-to-use digital platform.

Request a Free Trial

Tags

Individuals
Kristin N. Johnson
Regulated Activities
Fintech
Sub-Activity
AI / Machine Learning
Body of Law
CEA Regulation
Jurisdiction
US - Federal
Organization
CFTC, NFA, CFTC Markets
Sub-Author
CFTC