BoE moves to test AI risks as regulators shift from warnings to live validation

Michiel Willems
April 20, 2026

Quality assurance teams in banks are being pushed into a far more central role as UK regulators move to test how artificial intelligence behaves under real-world conditions, not just in controlled environments.

The Bank of England’s latest move to simulate AI-driven market stress, including how trading agents could act in correlated ways, signals a clear shift: AI risk is now something that must be tested, evidenced and proven, not simply governed through policy.

In its response to MPs, the Bank confirmed it is running scenario analysis and simulations to assess how AI agents could behave in financial markets, with a focus on “herding” behaviour that could amplify volatility under stress.

For QA and software testing teams, that shift is critical. It aligns AI assurance with the same expectations already applied to operational resilience, cyber testing and system-wide failure scenarios.

As Ed Birchall, VP enterprise AI at Nuix, analysed the move on LinkedIn: “The Bank of England testing AI-driven systemic risk is a big signal, not just for regulators, but for every financial institution.”

“We’re moving from ‘AI experimentation’ to ‘AI as market infrastructure’,” he argued.

That framing captures the direction of travel. AI is no longer being treated as a discrete innovation problem, but as embedded infrastructure that must be validated, stress-tested and governed with the same rigour as core banking systems.

Regulatory gaps

The Bank’s move comes after sustained pressure from the Treasury Committee, which warned earlier this year that regulators risk exposing the financial system to harm by moving too slowly on AI.

Chair Dame Meg Hillier underlined the urgency, pointing to rapid advances in AI capability: “It has never been more important that those responsible for maintaining the UK’s financial stability take a proactive approach to understanding and mitigating the risks AI may pose to our financial system.”

While she acknowledged the Bank was “grasping the nettle to some extent”, she criticised the Treasury’s pace, saying she remained “perplexed at the apparent inertia shown by the Treasury.”

Her strongest criticism focused on the Critical Third Parties regime, designed to bring major cloud and technology providers under regulatory oversight.

“The powers offered by the Critical Third Parties Regime are sitting unused while we remain vulnerable. I simply cannot understand why this is taking so long.”

For QA teams, that is not a policy debate. It directly affects how testing is designed. If regulators see systemic risk in external providers, firms must be able to demonstrate resilience across third-party infrastructure, APIs and AI-driven dependencies they do not fully control.

The Bank’s focus on “herding” behaviour signals a broader shift in how AI risk is being framed. The concern is no longer limited to individual model failure, but to system-wide dynamics, where multiple AI systems act in similar ways and amplify stress across markets.

At the same time, cyber risk is converging with AI risk. Bank of England governor Andrew Bailey warned that Anthropic may have “found a way to crack the whole cyber risk world open”, reflecting fears that advanced models can both detect and exploit vulnerabilities across critical systems.

That concern has already triggered discussions between UK regulators and financial institutions after reports that Anthropic’s model identified “thousands of major vulnerabilities across operating systems, web browsers and other widely used software.”

For testing teams, this fundamentally expands scope. AI assurance now has to include adversarial testing, vulnerability validation, regression under attack conditions and the ability to prove that systems remain within tolerance even as threats evolve.

Live testing

The Financial Conduct Authority is reinforcing that shift through its AI Live Testing initiative, pushing firms beyond pilots into controlled real-world environments.

As Ed Towers, head of advanced analytics at the FCA, said earlier: “We’re providing a structured but flexible space where firms can test AI-driven services in real-world conditions, all with our regulatory support and oversight.”

He added that the goal is to move firms beyond “POC paralysis”.

More importantly, the FCA has redefined what must be tested. “We broadly define the AI system as: the actual AI model, information on the deployment context and core risks … governance and human in the loop considerations, evaluation techniques as well as the input and output controls.”

That definition pulls governance, controls and operational context directly into QA scope, turning testing into a full-system validation exercise.

The same approach is now being applied at the regulator level, with AI being tested on live financial crime data in what has been described as “production-style validation of AI systems, applying them directly to live intelligence workflows in a controlled test environment.”

This push toward evidence-based assurance aligns with the Bank of England’s broader resilience agenda.

Under frameworks such as STAR-FS and its cyber recovery guidance, regulators have made it clear that resilience must be “continuously tested, measured and evidenced.”

“Cyber-attacks remain a major threat to the financial sector,” the Bank said recently, adding that resilience “can no longer be assumed, it must be proven.”

For QA teams, that translates into a much broader remit. Testing must now simulate degraded conditions, validate recovery processes, test incident detection and escalation, and produce audit-ready evidence that systems can operate within defined tolerances.

Quality assurance is becoming a regulatory artefact in its own right.

“We are moving from ‘AI experimentation’ to ‘AI as market infrastructure’.”
– Ed Birchall

At the same time, regulators are hearing that traditional governance approaches are struggling to keep pace with AI.

Industry discussions with the Prudential Regulation Authority highlighted concerns that existing model risk frameworks may not be sustainable as AI systems become more dynamic and less transparent.

That creates a need for new validation approaches focused on “algorithmic performance, transparency and robustness in the face of evolving data inputs and decision logic.”

For QA teams, that means testing is no longer just about outputs, but about explainability, consistency and control effectiveness over time.

Global convergence

The UK’s direction mirrors a broader global shift toward operationalising AI governance.

In Singapore, regulators are pushing firms to move “from theory to practice”, embedding governance into lifecycle controls, monitoring and testing.

DBS’ Sameer Gupta framed it clearly: “To fully realise AI’s value, governance must be treated as a strategic imperative.”

Sam Burrett highlighted the execution gap: “Most organisations we work with have an AI policy. Very few have actually operationalised AI governance.”

That gap is increasingly being filled by testing functions.

As regulators begin to expect firms to classify AI use cases, validate controls across the lifecycle and prove governance in practice, QA becomes central to compliance delivery.

Across jurisdictions, the message is converging. Regulators are not just asking whether AI systems work. They are asking whether they can be trusted under stress, governed across their lifecycle and defended under scrutiny.

They are asking for evidence. For QA and software testing teams, that fundamentally changes their role.

They are now responsible for validating governance workflows, testing third-party dependencies, monitoring systems for drift, stress-testing integrations and ensuring that AI behaves predictably in real-world conditions.

As Birchall put it, the industry is entering a phase where “AI risk management becomes a competitive advantage, not just a compliance exercise.”

In that environment, testing is no longer a support function. It is how banks prove that their AI systems, and increasingly their entire technology stack, can be trusted.