AFM Raises the Bar on AI Oversight, Cyber Resilience, & Financial Crime in 2026

Key Takeaways

• AI Under the Microscope: The AFM will push firms to make AI use more transparent, controllable, and accountable, with stronger expectations around governance and incident reporting.
• Cyber Resilience in Practice: Supervision of DORA will intensify, focusing on incident handling, outsourcing risks, and resilience testing rather than box-ticking compliance.
• Sharper Financial Crime Focus: Investment fraud and money laundering will be addressed through targeted supervision, closer cooperation with banks, and alignment with EU-level AML reforms.

Deep Dive

In its Agenda 2026, the Dutch Authority for the Financial Markets signaled a tougher, more hands-on supervisory stance as technology reshapes financial markets and financial crime risks continue to evolve. The priorities include closer scrutiny of artificial intelligence, more intensive supervision of cyber resilience under EU rules, and a sharper, more targeted approach to investment fraud and money laundering.

Rather than announcing new rules, the agenda sets out how the AFM intends to apply existing frameworks in practice, pressing firms to demonstrate control, accountability, and resilience as innovation accelerates.

Bringing AI Out of the Black Box

Artificial intelligence is no longer experimental in many parts of the financial sector, and the AFM is making clear that its use must be explainable as well as innovative. The regulator points to risks ranging from opaque decision-making and bias to misleading information that can harm consumers and markets.

In response, the AFM plans to expand its supervision of AI applications, asking institutions to take a hard look at where AI is used, how decisions are made, and whether data quality and model governance are fit for purpose. Firms will be expected to document decision logic more clearly and to report incidents proactively, reflecting a shift toward treating AI risk as a core supervisory issue rather than a niche technology concern.

DORA Moves From Theory to Reality

Cyber resilience remains another pressure point, particularly as financial institutions rely ever more heavily on a small group of large IT providers. Against that backdrop, the AFM says it will intensify supervision of how firms are implementing the EU’s Digital Operational Resilience Act (DORA).

The emphasis for 2026 will be practical rather than abstract. Incident management, outsourcing arrangements, and digital resilience testing will be under closer review, as the regulator looks to reduce the risk that cyber incidents or third-party failures disrupt essential financial services. The underlying message is that resilience is no longer a back-office issue but a matter of market stability.

A More Targeted Fight Against Financial Crime

Financial crime rounds out the AFM’s priorities, with particular attention on investment fraud and money laundering risks that continue to erode confidence in markets. To tackle investment fraud, the regulator plans to deepen cooperation with banks, take action against firms and intermediaries that enable fraudulent schemes, and step up targeted public information campaigns.

On anti-money laundering, the AFM says it will apply a risk-based supervisory approach focused on clear and effective rules. It also confirmed that it is actively involved in shaping new EU-level requirements being developed by the European Anti-Money Laundering Authority, underscoring how national supervision is increasingly tied into a broader European framework.

Summing up the agenda, AFM Executive Board Chair Laura van Geest said trust in financial markets “cannot be taken for granted,” framing the 2026 priorities as an effort to protect consumers, support responsible innovation, and safeguard the integrity of the sector.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.