Europe’s banking sector may be strong enough to withstand today’s geopolitical and financial shocks, but regulators are increasingly focused on a more complex threat landscape that extends well beyond market volatility and war-driven stress.
That was the central message from François-Louis Michaud, the newly appointed head of the European Banking Authority, who said lenders across the region currently hold sufficient capital and liquidity buffers to absorb the immediate fallout from the Middle East conflict, while warning that the next wave of risks could be fundamentally different in character and potentially more difficult to contain.
His remarks come at a delicate moment for global financial markets due to the ongoing U.S. and Israeli war with Iran, which has sharpened concerns about systemic stress, particularly through higher oil prices, tighter liquidity conditions, and renewed volatility across risk assets. Last month, the European Central Bank warned that markets may be underpricing the degree of financial-system strain that could emerge from geopolitical shocks, elevating geopolitical risk to the top of the central banking agenda.
Register for Tekedia Mini-MBA edition 20 (June 8 – Sept 5, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab.
Against that backdrop, the ECB has made banking-sector resilience one of its principal supervisory priorities for the year and is preparing to stress test the region’s largest lenders against a range of geopolitical and macro-financial scenarios.
Michaud, who formally took over leadership of Europe’s banking watchdog this week, struck a measured but cautionary tone. He said banks were “resilient enough” to withstand current geopolitical risks, pointing to the sector’s sizeable capital and liquidity cushions, which have been built up over years of post-financial-crisis regulatory tightening.
Yet his more consequential warning was forward-looking.
“We also know that what’s coming next will not be very much like what we’ve been seeing in the past, and we need to be prepared for that,” he said.
That observation is significant as it reflects the growing trend of supervisors shifting away from traditional credit and liquidity risk models toward operational, technological, and cyber resilience. The most urgent of those emerging concerns is cybersecurity, especially as artificial intelligence systems become more powerful and increasingly capable of automating offensive cyber activity.
A major supervisory focus now centers on Anthropic’s Mythos, a newly introduced AI model that cybersecurity experts say could materially enhance the sophistication and scale of cyberattacks, particularly against legacy financial infrastructure.
Banks are especially exposed because many large institutions still operate hybrid technology stacks that combine state-of-the-art digital platforms with decades-old core systems. This coexistence of new and legacy architecture creates multiple vulnerability points.
Asked specifically about Mythos, Michaud made clear that the issue sits at the center of the watchdog’s agenda.
“At every board meeting that we have, we have a very thorough discussion about risks, and we discuss precisely that type of thing: cyber threats, what we see from the different parts of the sector, et cetera. So it’s front and center. We’re constantly discussing it,” he said.
That language suggests regulators are treating AI-enabled cyber threats not as a peripheral technology issue, but as a core financial stability risk. This concern is seen spreading beyond the euro area. The ECB is reportedly preparing to question banks directly about their preparedness for risks associated with Mythos, following similar emergency consultations by U.S. authorities with major bank chief executives.
The Bank of England has also raised alarms, with Governor Andrew Bailey describing the potential cybersecurity implications as major and urgent. U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called top bank executives to an urgent closed-door meeting last week to alert them to the cybersecurity dangers posed by Mythosl.
For years, the primary concern surrounding AI in finance has centered on model risk, bias, and compliance. Now, regulators are increasingly worried about AI as an attack multiplier. Cybersecurity experts say advanced models may be able to autonomously identify software vulnerabilities, generate exploit pathways, and scale penetration attempts at speeds beyond human capability.
This risk is amplified by banks’ systemic importance and deep interconnectedness with payment systems, clearing houses, and capital markets infrastructure.
Michaud also addressed another area that has unsettled investors in recent months: private credit. Despite concerns about weak underwriting standards and opacity in the rapidly expanding private credit market, he said the sector does not currently pose a systemic issue for European banks.
That reassurance is important because regulators have been increasingly concerned about interlinkages between lightly regulated private lending vehicles and traditional banking institutions. Still, the broader message from Europe’s top banking watchdog is clear.
The immediate geopolitical shock from the Middle East may be manageable. The more consequential threat may come from the intersection of AI, cyber vulnerability, and operational resilience.
In other words, Europe’s banks may be adequately capitalized for today’s crisis, but supervisors are already preparing for a future in which the most dangerous shock may not come from markets, war, or credit losses, but from intelligent systems capable of exposing weaknesses embedded deep within the financial architecture itself.