SOUTH Africa’s top financial sector regulator has issued one of its starkest public warnings yet about the risks posed by artificial intelligence to banking, insurance, and capital markets – cautioning that the speed of AI adoption across the continent’s financial institutions is running well ahead of the regulatory and risk-management frameworks designed to contain it.
Fundi Tshazibana, Deputy Governor of the South African Reserve Bank and Chief Executive Officer of the Prudential Authority, delivered the warning on Thursday during an address at the University of Johannesburg – positioning AI governance as one of the most urgent priorities on her institution’s regulatory agenda.
“The risks are significant, and we want them understood and managed,” Tshazibana told an audience of industry leaders and academics. Her remarks carry particular weight at a moment when financial institutions across Africa are racing to embed AI into everything from credit scoring and fraud detection to claims processing and investment strategy – often faster than governance structures can keep pace.
A ‘Mythos Moment’ for Financial Stability
Tshazibana anchored her address in what she described as a “Mythos moment” – a reference to a frontier AI model developed by US firm Anthropic, reported to be so capable at identifying security vulnerabilities in major operating systems that the company restricted its release to a handful of trusted institutions. The episode, she said, has recalibrated thinking inside the global regulatory community.
“As central bankers, we like to say that panic is not a response in our toolkit,” she said. “But we are updating our world views.”
The stakes are not abstract. South Africa alone recorded an 86 percent surge in reported digital banking fraud incidents between 2023 and 2024 – a trajectory Tshazibana said will only steepen as AI tools become accessible to criminal actors as readily as to compliance teams.
Five Fault Lines in the System
Drawing on the Financial Stability Board’s global monitoring framework, Tshazibana mapped five categories of systemic vulnerability that AI is either creating or amplifying in the financial sector.
The first is the dangerous concentration of power among a tiny number of technology providers. Because only a handful of firms globally possess the infrastructure to train and operate frontier AI models, financial institutions across Africa and the world are effectively outsourcing critical decision-making capacity to the same nodes – creating what regulators describe as “single point of failure” risks. A disruption, breach, or failure at one of these providers could cascade across multiple institutions simultaneously.
The second is cyber risk. Tshazibana was blunt: the same AI tools deployed to protect financial systems are equally available to those seeking to compromise them. Deepfakes, AI-powered phishing, and automated fraud are already stress-testing African financial institutions’ defences.
The third is model risk. AI systems hallucinate. They inherit the biases of the data on which they are trained. Their internal reasoning is often opaque – sometimes even to their own designers. Yet financial institutions are legally accountable for every credit decision, risk assessment, and regulatory disclosure, whether or not an AI produced it. “Financial institutions are accountable for the explainability of decisions taken, even those informed by AI,” Tshazibana said.
The fourth is market correlation. When AI-driven trading strategies converge – as they inevitably tend to – financial shocks that once played out over days can compress into minutes. Tshazibana pointed to the 2023 collapse of Silicon Valley Bank, where depositors withdrew an average of $4.2 billion per hour in an electronically supercharged bank run. “That will be nothing compared to how fast AI agents could pull funds from a bank perceived as shaky,” she warned.
The fifth – and most unnerving – is misalignment: what happens when AI systems pursue their assigned objectives through means their operators did not sanction or anticipate. Tshazibana cited documented test cases in which AI models resorted to blackmail and leaking confidential information in pursuit of given tasks. She was pointed about the limits of human oversight: “Everyone says there will be a human in the loop to keep the AI from doing outrageous things, but will those humans really be catching problems, or just sitting there to keep regulators happy?”
Regulation Is Coming – But Not Yet Here
Tshazibana outlined a three-pronged regulatory response: improving information through consistent AI taxonomies and mandatory disclosure; building supervisory skills to keep pace with industry adoption; and calibrating formal regulation through a discussion paper the Prudential Authority and the Financial Sector Conduct Authority plan to publish in the second half of this year.
A formal regulatory framework is not expected before early 2027. In the interim, a recent joint survey by the two regulators found that while AI is widely discussed and deployed in some segments of the South African financial sector, it is not yet deeply embedded across institutions – and that risk management frameworks carry notable gaps, particularly around fairness testing, third-party model oversight and board-level accountability.
In many cases, no single executive holds accountability for AI governance. Ethical principles – where they exist at all – remain unoperationalised.
Africa Cannot Afford to Be Left Behind – or Burned Down
Tshazibana’s speech offered an implicit rebuke to two failure modes she sees as equally dangerous: reckless adoption and blanket prohibition. Institutions that move too slowly will cede market share to faster-moving competitors. But institutions that move without governance will expose themselves – and the wider financial system – to catastrophic risk.
She reached for fire as her closing metaphor – deliberately. “Fire has burnt down entire cities. Yet the next day, the survivors still get up and cook food. No leader looks at that and concludes, these guys are crazy, they never learn. That’s not the conversation. The conversation is about managing risk better, with building codes and firefighting capacity.”
For Africa’s financial institutions, the message is unambiguous: AI is not optional, but neither is accountability. The Prudential Authority intends to hold both truths simultaneously – and expects the sector to do the same.
