France's financial regulator, the ACPR, has fined Société Générale 20 million euros ($23.31 million) for withholding key information from retail customers.
The ACPR found that in 2018, the bank automatically bundled an insurance contract with the opening of a new account type called "Sobrio" without informing customers. The bank failed to provide required pre-contract disclosures and did not fulfill its duty to act in clients' best interests in its capacity as an insurance broker.
Société Générale said it acknowledged the decision, took corrective action after the ACPR raised concerns during its 2024 investigation, and reimbursed affected customers. The bank also noted that its reading of the law governing combined banking and insurance products differed from the regulator's. It said it was considering an appeal to the Council of State.
The European Central Bank has called banks to an urgent meeting to discuss cybersecurity risks uncovered by the latest AI models, pressing lenders to accelerate efforts to protect their IT infrastructure.
At the meeting, the ECB planned to highlight the severity of threats to the financial system revealed by Anthropic's Claude Mythos Preview and comparable AI models. The regulator also urged US banks with access to the latest technology to share findings with European counterparts that have been denied access.
The hastily arranged meeting reflects how regulators worldwide are scrambling to address risks that advanced AI models like Mythos could pose to the banking system by exposing weaknesses in lenders' technology. European banks and regulators are in a particularly vulnerable position, as Anthropic has restricted access to Mythos to a limited set of organizations, mostly in the US, through its Project Glasswing program.
Anthropic said last month that Mythos had found thousands of high-severity vulnerabilities, including some in every major operating system and web browser, warning that the fallout for economies, public safety, and national security could be severe.