On May 12, 2026, at its annual press conference, BaFin joined the international financial regulators that have begun to formally warn about the risks that advanced artificial intelligence models pose to the financial sector. The line from its president, Mark Branson, says a lot in a few words. “These new AI models can identify many vulnerabilities in both new and existing IT systems with remarkable speed. They will be able to exploit the vulnerabilities they find ever more rapidly.”
What that paragraph says, soberly, in regulatory language, is that the clock has changed. Where vulnerability response time used to be measured in months, it is now measured in hours. That forces a rethink of where we put our attention when we talk about banking cybersecurity.
What did Germany say and why does it matter to the rest of Europe?
The German authority announced two things at once. One was predictable and already known; cyber risks are “growing and consistent.” The other is more interesting. It will create a new division dedicated to shorter, more frequent technical inspections on specific financial institutions. It calls them “IT spotlight.”
The reasoning behind it is straightforward. If attackers can find and exploit flaws within hours, annual or quarterly audits arrive late. Branson said it bluntly. “In the past, patch management cycles could be measured in months. In the future, they will have to be completed within a few days, if not hours.” An inspection that takes six months to close its report no longer inspects the present. It inspects a past that the market has already moved on from.
That same logic is moving across the rest of Europe. The industry expects the UK’s FCA and PRA to publish a coordinated framework on AI-driven cyber risk in finance in the coming months, modeled largely on BaFin. Italy and Spain, already subject to DORA and to the NIS2 Directive, will see similar pressure from Banca d’Italia and Banco de España. Latin America, with the BCRA in Argentina and CNBV in Mexico as benchmarks, doesn’t live on another planet. European parent companies and cross-audit processes will push the same requirement.
What “IT spotlight” inspections solve and what they leave out
An “IT spotlight” inspection is a technical review narrow in scope, designed to close in weeks rather than months. It does not replace traditional audits; it complements them with a more reactive layer. The idea is to respond better to what is happening right now.
It’s a step in the right direction. It’s also a partial step.
The reach of an inspection stays within what can be measured from outside the user. A technical review checks configurations, patches, network segmentation, identity management, cryptographic controls. It can confirm that the entire technical perimeter is up to date. It cannot confirm that the employee who will receive a phishing email on Tuesday at 11:10 knows how to recognize it, hesitate, report it, not click.
The “spotlight” metaphor is telling without meaning to. The spotlight lights up one part of the stage very brightly. Whatever falls outside the beam stays dark.
Where regulators look and where attackers strike
The Verizon Data Breach Investigations Report 2025 keeps reporting the same figure, year after year, with minor variations. Around 60% of confirmed breaches involve a human element: error, social engineering, internal misuse. The number doesn’t change much because the vector hasn’t changed. What changes is the sophistication with which each attempt is executed.
That’s what generative AI adds. Until two years ago, a phishing email targeted at a specific employee required research time, careful spelling, and knowledge of the company’s context. Today a language model produces that email in seconds, with the right tone for the industry, the correct title for the recipient, referencing a real meeting visible on LinkedIn, in the exact internal communication format the entity uses.
The employee receives an email that looks like it was written for them. If they have never practiced deciding under pressure in a realistic scenario, the firewalls behind them won’t save them from the click. The door opens from the inside, without anyone needing to break it.
A while ago we wrote on this blog about why AI cannot replace human guidance in awareness programs, and also about how to integrate human behavior into detection strategies. What we flagged then accelerates with every new model. SIEMs don’t see what happens in the employee’s head in the seconds before the click.
What can financial institutions in Italy, Spain and Latin America do today?
The answer is to build a program that trains people with the same frequency and specificity with which attackers target them. Doubling the technical budget is not enough.
For each market’s regulatory reality, practical steps vary. The principle is the same.
In Italy, where Banca d’Italia and IVASS supervise DORA compliance along with European Central Bank guidance on operational risk, the human factor is already named in the regulatory texts. It’s named as one more data point, not as the core. Building a measurable awareness program, segmented by critical roles and connected to the risk management framework, is what closes the loop between audit and actual operations.
In Spain, where Banco de España and the CNMV replicate the DORA framework with their own inspections, recurring findings point to three repeated gaps. Internal simulations exist but they are annual, reports exist but stay at aggregate level, and higher-risk segments are identified too late. A realistic simulation layer, distributed across time, translates those findings into metrics a supervisor can actually read.
In Latin America, where the BCRA in Argentina and the CNBV in Mexico maintain specific requirements for financial institutions, the logic is the same with less prior infrastructure. The space to build a modern human-risk defense program from scratch is more open than in Europe.
At SMARTFENSE we support financial institutions across Latin America, Spain and Italy with simulations contextualized by sector, training modules in the local language and reports that connect campaign results to individual risk profiles. The platform was designed so that a security team can keep pace with the cadence that an attentive regulator is starting to require.
The new rule. Measure human resilience at the speed of AI
Branson closed with a line that will be quoted often. In the past, patch cycles were measured in months; in the future, in hours. All the media attention goes to the speed of the technical response, and rightly so.
There’s a corollary that gets less airtime. If the patch cycle went from months to hours, the cycle for measuring the human factor has to move in the same direction. An annual phishing simulation works as an isolated event. It arrives late to the very risk it claims to control.
What changes, then, goes beyond what regulators do. It changes the clock against which security teams measure their own people. Regulation is the external signal. The internal question is different. How often can you tell your CEO how much each team’s resilience went up or down against the latest generation of attacks, instead of showing a half-yearly figure?
That question has been around for a while. The difference is that the answer matters more now, and the technology to answer it is available. Active defense against human risk works as a concrete operational surface. It’s where a well-designed program can produce visible improvement between one inspection and the next.
Leave a Reply