Chile’s financial supervisor is not waiting for a standalone AI rulebook before putting AI into supervision.
That is the useful read from the Comisión para el Mercado Financiero’s latest public-account messaging. The signal is not a hard rule. It is a risk-map change.
CMF President Catherine Tornel said in the 2025 public account that artificial-intelligence applications and developments may reconfigure the map of existing financial-market risks, requiring the supervisor to continually monitor their effects. The same account links AI opportunities and risks with other major risks, including cybersecurity, while setting the agency’s work inside a broader mandate covering prudential supervision, market conduct and market development (CMF).
That framing matters for Latin America.
It suggests financial AI supervision may arrive first as a cross-cutting risk discipline: data governance, cyber resilience, conduct, operational controls and prudential monitoring. Not as a shiny AI statute dropped from orbit. Regulators rarely get that kind of cinematic budget.
AI Is Becoming A Cross-Mandate Risk
The important phrase is risk map.
If AI reconfigures existing risks, then the supervisor does not need to wait for AI-specific regulation to act. It can ask how AI changes credit risk, fraud risk, operational risk, cybersecurity, outsourcing, model governance, consumer disclosures and market conduct. That is a more flexible posture than treating AI as a separate innovation file.
For banks, insurers, asset managers and market infrastructure, this matters because supervisory questions will not stay inside the data-science team.
Who owns the training data? How is customer data protected? What happens when an AI tool changes a complaint response, fraud alert or credit workflow? How does a firm know a vendor model is not creating conduct risk? Can a board explain the control environment? Does the cyber team know which AI tools touch sensitive systems?
Those are ordinary supervisory questions with AI attached.
CMF’s posture is also consistent with its institutional mandate. The public account frames the agency across prudential supervision, market conduct and market development. AI can hit all three. A model can affect solvency through risk measurement. It can affect conduct through customer-facing decisions. It can affect market development by changing how firms compete, automate and distribute financial products.
That makes AI a horizontal issue.
The Cyber Link Is Not Cosmetic
The AI-cyber pairing is the part worth watching.
Supervisors often talk about AI as ethics, transparency or innovation. CMF’s public-account language places AI alongside cybersecurity and other major risks. That is a different control shape.
Financial AI depends on data pipelines, cloud services, APIs, vendors, identity systems and model operations. Those are also cyber and operational-resilience surfaces. A weak access-control model can become an AI data leak. A compromised vendor can become a model-risk event. A poisoned data source can become a conduct issue. A generative tool connected to customer records can become a privacy and fraud problem at the same time.
The categories blur. That is the point.
For firms, the practical implication is that AI governance cannot sit in an innovation committee that meets quarterly and produces polite diagrams. It has to connect to cyber inventory, incident response, vendor oversight, data classification and business-line controls.
If CMF follows this path, firms should expect AI questions to show up inside existing supervisory conversations rather than as a separate AI-themed exam.
The Strategic Plan Already Points There
This is not only speech language.
CMF’s 2023-2026 strategic materials include a line of work on data, digital transformation and cybersecurity, including data-governance policies, innovation and AI policy, cybersecurity policy and information-security policy. The strategy also places digital transformation alongside institutional capability, regulatory development and risk-based supervision (CMF strategy).
That is dry, but it is useful.
It shows the agency had already organized the ingredients before the 2025 public account elevated AI as a risk-map issue. Data governance, cyber policy and innovation policy are not separate boxes if AI systems depend on all three.
For financial firms, this means the supervisor’s likely first question is not “which AI model are you using?” It is “how does this AI use case fit into your existing governance, data, security and supervisory controls?”
That is a harder question to bluff.
Why This Is A LatAm Signal
Chile is not the only Latin American market thinking about AI in finance. But CMF’s framing is useful because it points to a pragmatic regional path.
Many supervisors will not start with a full AI Act-style regime. They will start by mapping AI onto mandates they already have: prudential safety, consumer protection, market integrity, operational resilience and cyber risk. That is less dramatic than a statute. It may be faster.
The advantage is speed. Supervisors can ask firms to inventory AI uses, explain controls, protect data, document vendor dependencies and monitor customer impact without waiting years for AI-specific legislation.
The risk is inconsistency. If every AI question is folded into existing supervision, firms may face uneven expectations across business lines and agencies. One team may treat AI as a cyber issue. Another may treat it as conduct. Another may treat it as model risk. All can be true. That does not make coordination optional.
This is where CMF’s risk-map language is stronger than a generic innovation posture. A map implies relationships. AI is not the territory. It changes the shape of the territory.
The Implication
The first wave of financial AI supervision in Latin America may look less like new AI law and more like upgraded supervisory grammar.
Data governance becomes AI governance. Cyber resilience becomes AI resilience. Vendor oversight becomes model oversight. Conduct monitoring becomes AI-output monitoring. Prudential supervision starts asking whether automation changes the firm’s risk profile.
That is not soft regulation. It is existing regulation learning a new interface.
For firms operating in Chile, the useful move is to build an AI inventory that maps use cases to data sources, vendors, cyber controls, customer impact and accountable owners. Do not wait for a dedicated AI circular before doing the obvious work. Supervisors can ask old questions in new places.
CMF’s message is not that AI requires panic. It is that AI belongs on the same map as the risks financial supervisors already care about.
That is how AI supervision often starts: not with a new perimeter, but with a sharper map.
Discussion
Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.