IOSCO's AI supervisory toolkit for capital markets: a shared instrument for the world's securities regulators

On 25 May 2026 the International Organization of Securities Commissions (IOSCO) — the global standard-setter that brings together the securities and markets regulators responsible for the overwhelming majority of the world's capital markets — published its final report Supervisory Toolkit for AI Use in Capital Markets (FR/02/2026). It is the securities-markets counterpart to the prudential work that the Financial Stability Board has been doing on AI: where the FSB writes for banks, insurers and the institutions a prudential supervisor watches, IOSCO writes for the authorities that police exchanges, brokers, asset managers and investment advisers.

Like the FSB text, this is not law and not a standard. IOSCO is explicit that the report offers supervisors "practical, non-binding, non-prescriptive supervisory tools, applicable across regulatory models" — a flexible framework rather than a rulebook, deliberately written so that it works whether a member operates a principles-based or a rules-based system. IOSCO has no power to bind its members; its instruments work by becoming the common reference that national securities regulators converge on.

A toolkit, built on two earlier reports

The toolkit is the latest phase of work by IOSCO's Fintech Task Force (FTF). It rests on two predecessors: the 2021 AI Report on AI and machine learning use by market intermediaries and asset managers, and the 2025 AI Report, Artificial Intelligence in Capital Markets: Use Cases, Risks, and Challenges, which mapped where firms actually deploy AI — robo-advising, algorithmic trading, investment research, sentiment analysis, and AML/CFT transaction monitoring — and the risks that follow. The 2026 report turns that diagnosis into a supervisory instrument. Its organising frame is the three classic IOSCO objectives: investor protection, market integrity, and financial stability.

Three layers, four areas of focus

The toolkit is structured in three complementary layers:

1. Areas of supervisory consideration — a map of where AI use warrants closer

attention, so a regulator can decide where to deploy scarce supervisory resources.

1. Tools for oversight of key areas — the core of the report, with detailed

tools and example questions for supervisory dialogues and examinations across four areas of focus: (i) governance and risk management; (ii) third-party and outsourcing risk management; (iii) disclosure; and (iv) recordkeeping and reporting.

1. Indicators and data sources — suggested indicators for monitoring AI

adoption, alongside engagement methods (on-site inspections, targeted surveys, supervisory dialogue, documentation requests) to gather the information.

The tools are explicitly not exhaustive: a "structured starting point" rather than a checklist. IOSCO also published an accompanying standalone toolkit (OR/07/2026) — an extract of Chapter 3 stripped of the analysis, designed to be carried into an on-site examination.

Designed for GenAI and agentic AI, not just classic ML

What distinguishes the 2026 report from earlier supervisory guidance is the explicit reach into newer techniques. The toolkit "aims to cover the full lifecycle of a particular AI system and to apply to all" AI types — from traditional machine learning to Generative AI (GenAI) and emerging agentic AI. The report treats these as risk-amplifiers, not just new tools:

• Hallucinations — GenAI's probabilistic generation can yield outputs that

look plausible but are factually wrong or fabricated, which IOSCO flags as "a critical risk for financial services, where trust and credibility are paramount". It surveys mitigations such as retrieval-augmented generation (RAG) and chain-of-verification.

• Agentic AI — systems that can access sensitive data, ingest external

content and act autonomously raise the prospect of data exfiltration, emergent or collusive behaviour between components, and goal misalignment, with the potential for cascading failures across interconnected systems. IOSCO concedes agentic AI "may make supervisory oversight more challenging".

• Macro risk — echoing the FSB, IOSCO warns of the gap in measuring how

aggregate firm-level conduct translates into system-wide stability risk when many firms depend on the same small set of model and cloud providers.

Where it sits for a European firm

For an investment firm or asset manager inside the EU, the IOSCO toolkit lands on top of a binding stack, not instead of it. Conduct in investment services is governed by MiFID II, the real framework for robo-advice and automated advice; ICT and third-party risk by DORA; and high-risk AI uses such as credit scoring by the AI Act. IOSCO's four areas map closely onto these: its third-party tools rhyme with DORA's ICT-outsourcing regime, its governance tools with the AI Act's quality-management and human-oversight duties, and its disclosure tools with MiFID II conduct rules. The value of the toolkit is not a new obligation but a shared supervisory vocabulary — one a globally active firm can use to describe a single AI governance system to securities regulators in many jurisdictions at once, and one that lets those regulators compare notes.

It also slots into the thickening soft-law layer alongside the FSB's sound practices, the G7's Hiroshima reporting framework and the NIST risk-management approach. IOSCO says it will keep coordinating with the FSB and will move next to a review of emerging industry practices across the areas the toolkit identifies — the point at which a non-binding menu starts to harden into a supervisory expectation. The wider picture of international AI governance explains why bodies without rule-making power keep setting the terms anyway.