The Indian Banks’ Association (IBA) is developing a structured checklist to help banks mitigate risks from autonomous and adversarial AI systems.
Indian Banks to Get AI Risk Checklist: IBA Consults Tech Firms to Counter Adversarial Threats Like Claude Mythos
The Indian Bank‘s Association (IBA) has initiated consultations with payment technology and infrastructure providers to develop a structured checklist aimed at helping banks assess and mitigate emerging risks from artificial intelligence-driven systems.
The move follows a recent meeting chaired by Nirmala Sitharaman with senior bankers and the IBA to review preparedness against potential AI-led threats. The Finance Minister has asked the industry body to establish a coordinated institutional mechanism to enable swift responses to such risks.
Beyond Traditional Cyber-Defense
The banking ecosystem is increasingly grappling with adversarial AI systems capable of operating at machine speed, with models such as Claude Mythos emerging as a key point of discussion among industry participants. Concerns centre on whether existing cybersecurity frameworks are adequately equipped to counter such threats.
People familiar with the discussions said the proposed checklist is expected to guide banks on classifying AI systems based on levels of autonomy, strengthening audit standards, assessing vendor-level safeguards and reinforcing internal controls around multi-agent deployments.
“AI risk is not confined to one institution. Banks operate in an interconnected ecosystem; a vulnerability in a third-party platform can have cascading implications. A structured checklist helps standardise how that risk is evaluated,” said a senior payments industry executive. While there have been no confirmed breaches of core banking infrastructure in India involving such systems, executives noted that the pace of technological evolution has necessitated preventive coordination.
Operationalizing Governance
Banks already operate under strict cybersecurity norms, including periodic vulnerability assessments and penetration testing. However, their digital infrastructure is deeply integrated with external technology providers—ranging from payment gateways and card management platforms to API aggregators and reconciliation engines—expanding the potential attack surface and elevating third-party risk governance as a critical priority.
The initiative comes even as banks are guided by the FREE-AI framework of the Reserve Bank of India, which lays down principles around fairness, accountability, transparency and responsible deployment of AI. Industry executives noted that while these guidelines address governance of AI usage, the emerging challenge lies in defending against adversarial and autonomous AI systems. The checklist exercise is therefore seen as complementing existing regulatory principles with operational risk preparedness.
The discussions are also aligned with broader coordination between banks, cybersecurity agencies and regulators to enhance threat intelligence sharing and resilience planning. With digital transaction volumes rising and banks deepening reliance on fintech partnerships, strengthening the resilience of integrated payment systems has become central to financial stability.
aniltikotekar4sme.com 