On July 14, 2025, in my role as Commissioner of the Commodity Futures Trading Commission (CFTC or the Commission), I convened a roundtable of market and prudential regulators including central bankers and consumer protection authorities from the United States, United Kingdom, and Europe in London, England – the 2025 Regulators Roundtable on Financial Markets Innovation and Supervision of Emergent Technology (Regulators Roundtable).
The Regulators Roundtable was followed by a separate Public-Private Roundtable on Surveillance and Supervision in the Age of AI and Digital Assets moderated by Bénédicte Nolens, Head of BIS Innovation Hub Hong Kong Centre, which I attended alongside regulators, market participants, and technology experts. Both events were held under the Chatham House Rule. The following summary offers key themes and takeaways from the roundtables as well as other recent convenings where participants discussed similar themes.[1]
I. 2025 Regulators Roundtable on Financial Markets Innovation and Supervision of Emergent Technology
At the Regulators Roundtable, participants examined the integration of artificial intelligence (AI), cyber risk and operational resilience, oversight of third-party service providers, the increasing adoption of digital assets, and transformations in market structure. The Regulators Roundtable further developed themes explored by Commission staff requests for information and advisories on the integration of AI as well as robust governance frameworks and recent recommendations by the advisory committee that I have sponsored for the last three years – the CFTC’s Market Risk Advisory Committee (MRAC).
Key Themes and Takeaways
1. Artificial Intelligence and Regulatory Oversight
Participants discussed the growing adoption of AI in trading, risk management, surveillance, and compliance. The use of AI tools, particularly through third-party vendors, has increased efficiency and, in some contexts, accessibility, but also introduced novel risks related to explainability, bias, and governance.
During the roundtables, I emphasized the need for fit-for-purpose regulatory frameworks that account for AI’s systemic implications. I highlighted the importance of international alignment, referencing standards such as the CPMI-IOSCO Principles for Financial Market Infrastructures (PFMIs). Participants supported enhancing supervisory visibility in AI applications and encouraged post-deployment monitoring and scenario-based testing.
2. Cybersecurity and Operational Resilience
Cyber risk remains a top concern. Recent high-profile disruptions include:
The 2023 ransomware attack on ION Derivatives, which impacted global derivatives clearing and risk reporting; the 2024 CrowdStrike software failure, which caused global outages across banking, aviation, and healthcare sectors; and the 2025 Bybit cyberattack on a third-party infrastructure vulnerability resulting in over $1.5 billion in digital asset losses.
I emphasized the importance of cyber resilience, which must address both external attacks and internal technology failures. Participants agreed that supervisory frameworks should incorporate continuous testing, incident response planning, and firm-level accountability.
3. Proposed CFTC Operational Resilience Framework
In December 2023, the CFTC unanimously approved a rule proposal requiring that futures commission merchants, swap dealers, and major swap participants implement an Operational Resilience Framework designed to address risks relating to information and technology security, third-party relationships, and preventing disruptions to business operations.
I provided an update on the proposed rule, which would require futures commission merchants, swap dealers, and major swap participants to implement a technology and information security program; a third-party relationship management program; and a business continuity and disaster recovery plan.
The proposed rule seeks to ensure that critical operations continue in the face of disruptions. I also highlighted the MRAC Central Counterparty (CCP) Risk & Governance Subcommittee’s recommendations to expand operational safeguards to derivatives clearing organizations (DCOs), including enhanced oversight of critical third-party service providers and a requirement for third-party providers to comply with the PFMIs. The Subcommittee’s December 2024 report, Recommendations on DCO System Safeguards Standards for Third-Party Service Providers, proposes modernizing CFTC Rule 39.18 by requiring DCOs to establish a Third-Party Relationship Management Program. The updated rule would require DCOs to implement lifecycle vendor oversight policies, conduct pre-selection resilience assessments, and identify and monitor critical third-party service providers.[2]
4. Third-Party Risk Management and Infrastructure Concentration
Participants agreed that growing reliance on cloud, cybersecurity, and AI service providers may introduce new risk management concerns. For several critical infrastructure services, there are a limited number of third-party providers capable of supporting the volume and scale of transactions for many registered market participants. Attendees emphasized that traditional risk management practices must be updated to address growing reliance on technology infrastructure. Some attendees raised questions regarding the potential for service provider disruptions, e.g., cyber threats, to create systemic risk concerns.
Participants shared insights from the ongoing implementation of the Digital Operational Resilience Act (DORA), highlighting efforts to establish regulatory oversight of critical information and communication technology (ICT) service providers.[3]
5. Digital Assets, Stablecoins, and Market Structure
The discussion explored how tokenization, stablecoins, and distributed ledger technology (DLT) are transforming financial markets. Participants emphasized that innovation should not compromise core market protections, such as customer protection, segregation of customer assets, settlement finality, and netting.
Participants noted stablecoin usage in cross-border payments, particularly in emerging markets, may present an area of growing systemic interest. Participants suggested U.S. dollar-denominated stablecoins may increase efficiency and financial inclusion. Participants noted, however, several concerns and outlined potential challenges. Participants emphasized the importance of international coordination to balance innovation with macroeconomic and financial stability objectives.
6. Incident Response, Testing, and Information Sharing
Participants stressed that risk is dynamic, requiring ongoing testing, reporting, and scenario planning. Effective operational resilience depends on comprehensive business continuity plans, simulation exercises, and timely cross-border communication.
Participants also discussed the development of standardized information-sharing protocols between regulators and technology providers. Collaborative incident response playbooks and shared threat intelligence were cited as essential tools in responding to future disruptions.
Conclusion of the 2025 Regulators Roundtable
The Regulators Roundtable underscored the need for coordinated, forward-looking regulatory frameworks that keep pace with technological change. Participants reached broad consensus on the importance of embedding AI governance and transparency into supervisory models; addressing cyber risk as a systemic concern; examining operational resilience requirements to address disruptions of critical third-party providers; and harmonizing oversight across borders, especially in digital assets and infrastructure.
The Regulators Roundtable discussions and dialogue at other events have reaffirmed my commitment to international engagement, proactive supervision, and safeguarding market integrity in a rapidly evolving environment.
II. Summary of Surveillance and Supervision in the Age of AI and Digital Assets Public-Private Roundtable and Other Recent Public-Private Conference Commentary
Bénédicte Nolens moderated a public–private roundtable on July 14, 2025 exploring how AI and digital assets are reshaping financial surveillance, compliance, and supervision. The roundtable convened global market participants, technology providers, and regulators to discuss the challenges and opportunities emerging from the growth in AI-enabled crime and evolving market infrastructures. The public-private roundtable was conducted under the Chatham House Rule.
Below, find several key themes and insights from the roundtables and recent conference commentaries.
Key Themes and Takeaways
1. AI and the Evolution of Financial Crime
Advanced AI surveillance tools may be deployed to detect market abuse, including market manipulation (e.g., spoofing, wash trading), supervise trading activity in real time, reduce false positives and investigative workloads, and provide auditable and explainable alerts using Large Language Models (LLMs), including multilingual data analysis. AI may also prove instrumental in identifying broader risks, such as sanctions evasion, fraud, and geopolitical threats.
Attendees at the roundtable highlighted that AI is rapidly accelerating the speed and sophistication of financial crime. The transition from human-led schemes to AI-driven threats has transformed the compliance landscape. Participants outlined a progression from manual, traceable crypto crimes in the early 2010s to today’s AI-powered laundering, synthetic identities, and multi-chain hacks.
Compliance professionals are increasingly turning to AI to keep pace with this threat environment. Platforms leveraging behavioral detection, obfuscation analysis, and on-chain intelligence are being deployed to improve disruption and attribution. However, surveillance systems remain challenged by fragmented data sources and limited interconnectivity between on-chain and off-chain trading venues.
2. Bridging Surveillance Gaps in Crypto Markets
Participants noted structural disconnects in crypto market oversight, pointing out that while the industry often references the transparency of blockchain data as a safety and supervision mechanism, historically a significant percentage of trading occurs off-chain. A significant percentage of crypto trading activity occurs within centralized exchanges, which in some cases manage customer transactions internally without recording each trade on a public blockchain. Additionally, some operational processes, such as order matching, custody, and margining, may be conducted off-chain for speed, cost-efficiency, or business confidentiality, resulting in limited transparency for regulators and market observers.[4]
The discussion also examined forms of manipulation and fraud — such as wash trading (a form of trading in which trading activity or rumors are designed to artificially inflate the price of an asset). Participants discussed the potential for AI-generated content on social media to amplify the effects of wash trading and expressed concerns regarding hard coded smart contract rug pulls (where the developers of a project implant code within the smart contract underlying a digital asset that allows them to lure investors to deposit funds they can never withdraw, as well as back doors that suddenly disappear, taking all investor funds with them).
Participants shared examples from recent enforcement investigations and emphasized the threat of new and more complex forms of market manipulation in traditional securities and derivatives markets as well as crypto markets, particularly in markets servicing retail investors.
A participant cited a recent example of market manipulation in an account takeover in Japan involving over $700 million. Perpetrators hacked thousands of individual accounts, but instead of trying to empty the accounts (which would have likely triggered fraud monitoring systems), the fraudsters used the accounts to trade and inflate prices of illiquid assets, then captured profits by selling preemptively established long positions on the same assets via legitimate accounts.[5]
3. Enhancing Supervision with Explainable AI
Participants emphasized the value of using LLMs for cross-lingual monitoring and pre-trade communications surveillance. Participants noted that the tension between model performance and explainability remains. Governance frameworks and human-in-the-loop systems were emphasized as essential to building trust in AI-generated alerts and compliance outcomes.
4. AI Governance and Data Infrastructure Challenges
Discussions explored various legal and regulatory frameworks to address the evidentiary and technical challenges posed by AI-driven compliance systems. Some proposed co-designed models with regulators, while others suggested the establishment of centralized public sector data hubs to integrate fragmented market surveillance.
5. Risks and Responsibilities in a Fragmented Ecosystem
The discussions underscored concerns over the delegation of supervisory responsibility to private vendors. Participants cautioned against overreliance on proprietary solutions without corresponding public oversight and technical capacity. A number of commentators emphasized enhancing regulators’ expertise and skills in supervising innovation in financial markets, cross-sector coordination, and accountability for AI deployment in sensitive financial market infrastructures.
Looking Ahead
While AI’s capacity for pattern detection and surveillance continues to advance, there appears to be consensus that gaps in model transparency, data integration, and supervisory readiness must be addressed in tandem. Explainability, governance, and modernized regulatory design were identified as cornerstones of safe innovation in the digital era.
III. Takeaways from the Roundtable and Recent Conference Commentary
The Role of Collaboration
Collaboration was a frequent theme mentioned by participants at roundtables and commentators at recent conferences. Cross-border coordination can help ensure consistency in supervisory expectations, while collaboration between public and private sectors can accelerate adoption of robust surveillance tools and practices. Periodic convenings such as the Regulators Roundtable provide valuable opportunities for regulators to share emerging risks, coordinate responses, and align on international standards. Meanwhile, engagement with market participants, particularly those obligated to perform surveillance under registration requirements, can foster innovation and improve supervisory outcomes. Surveillance technology offers a particularly promising area for collaboration, as co-designed frameworks may yield tools that are both effective and acceptable to regulators.
Conclusion
The Regulators Roundtable and recent conference commentary offer a timely and productive forum for exploring the technological, operational, and regulatory shifts shaping global financial markets. Participants reaffirmed the shared responsibility to adapt supervisory frameworks to evolving risks while preserving financial stability and market integrity. As the financial sector continues its digital transformation, a foundation of international cooperation, regulatory clarity, and public-private dialogue will be essential. Continued engagement on emerging technologies, operational resilience, and surveillance innovations will help ensure that markets remain fair, transparent, and resilient in the digital age.
***
For more information on the CFTC’s Market Risk Advisory Committee (MRAC), including committee reports, meeting agendas and recordings, membership and subcommittee details, please visit:
https://www.cftc.gov/About/AdvisoryCommittees/MRAC
Commissioner Kristin N. Johnson sponsors the MRAC. MRAC advises the Commission on matters relating to evolving market structures and risks affecting market infrastructure, including s clearinghouses, exchanges, intermediaries, market makers and end-users. Members include representatives of clearinghouses, exchanges, intermediaries, market makers, end-users, academia, and regulators.
[1] The Regulators Roundtable and the development of this summary benefitted significantly from the contributions of Alessandro Cocco, Senior Policy Advisor at the Federal Reserve Bank of Chicago; Bénédicte Nolens, Head of BIS Innovation Hub Hong Kong Centre; and Danielle Abada and Christopher Lamb, Senior Counsel to Commissioner Johnson. The summaries integrate observations from domestic and international market and prudential regulators and market participants at several recent conferences including TradingHub’s RegHub Summit London 2025 and the DigiAssets 2025 Conference, among others. The summaries of views expressed by moderators or attendees do not necessarily reflect the views of or endorsement by the Commission, Commissioner Kristin Johnson, other domestic or federal affiliated regulatory authorities, or firms.
[2] Recommendations on DCO System Safeguards Standards for Third Party Service Providers, Market Risk Advisory Committee of the U.S. CFTC (Dec. 2024) (available at https://www.cftc.gov/media/11666/mrac121024_DCOThirdPartySystemSafeguards/download).
[3] The European Supervisory Authorities (EBA, EIOPA, and ESMA) are advancing a European oversight framework for critical ICT third-party service providers (CTPPs), with the aim of designating these providers and initiating formal supervisory engagement by the end of 2025. See The ESAs provide a roadmap towards the designation of CTPPs under DORA, European Insurance and Occupational Pensions Authority (Feb. 18, 2025), https://www.eiopa.europa.eu/esas-provide-roadmap-towards-designation-ctpps-under-dora-2025-02-18_en.
[4] Report of FSA’s Joint Research on Analyzing Decentralized Financial System using On-Chain and Off-Chain Data, QUNIE Corporation (June 2023),
https://www.fsa.go.jp/policy/bgin/Research_Paper_QUNIE_en.pdf; The crypto ecosystem: key elements and risks, Bank for International Settlements (July 2023), https://www.bis.org/publ/othp72.pdf; Report on Digital Asset Financial Stability Risks and Regulation, Financial Stability Oversight Council (2022);
https://home.treasury.gov/system/files/261/FSOC-Digital-Assets-Report-2022.pdf.
[5] Aya Wagatsuma et al., Hackers Manipulate Markets in $700 Million Illicit Trading Spree, Bloomberg (Apr. 23, 2025),
https://www.bloomberg.com/news/articles/2025-04-23/hackers-manipulate-markets-in-700-million-illicit-trading-spree?.
