Industry Outlook: Banking & Financial Services — Week of March 30, 2026

Market Outlook

• Real-time payments and T+1 move center stage. Citi is publicly framing real-time payments, agentic commerce, and stablecoins as core client conversations, while the EU, UK and Switzerland have published a coordinated T+1 testing roadmap ahead of their 2027 go‑live. This locks in a multi‑year execution window where intraday liquidity, collateral, and post‑trade processes must be re‑engineered for near‑real‑time operation.
• Fraud losses and consumer trust under mounting strain. The US FTC reported $15.9 billion in consumer fraud losses in 2025, and the UK’s Lloyds disclosed that an app glitch exposed data for almost half a million customers. As fraud volumes and data‑exposure incidents climb, regulators and customers will expect materially better controls and transparency from banks and payments providers.
• Digital challengers scale while incumbents double down. Monzo has crossed 15 million customers and is expanding across savings, investing, insurance and retirement, while Revolut is planning to place 40% of its workforce in India, signaling aggressive cost and talent arbitrage. Incumbents like Bank of America and Citi are responding with targeted business‑banking pushes and payments innovation, intensifying competition for deposits and fee income.

Discussion: This week reinforces that settlement acceleration, real‑time money movement, and rising fraud losses are structural, not cyclical. CTOs should pressure‑test their payments, post‑trade, and fraud stacks against 24x7x365 operation and regulatory‑grade auditability.

Headwinds

• Operational and security failures erode digital trust. Lloyds’ mobile app glitch that exposed other customers’ account details to nearly 500,000 users highlights the systemic risk of brittle mobile and API integration layers. Combined with the FTC’s fraud statistics, this underscores that any visible lapse in access control, data segregation, or incident response will carry outsized reputational and regulatory consequences.
• Regulatory scrutiny on payments conduct intensifies. The UK Payment Systems Regulator is targeting high card fees and APP fraud protections in its 2026/27 workplan, while the US FTC has warned Visa, Mastercard, PayPal and Stripe over politically motivated debanking. Governance, pricing transparency, and customer‑access decisions around payments are becoming enforcement topics, not just PR issues.
• AI cybersecurity and model risk concerns escalate. A leaked Anthropic draft describing "unprecedented cybersecurity risks" from an experimental AI model triggered a sell‑off in cybersecurity stocks, and a US judge rejected the Pentagon’s attempt to immediately restrict Anthropic’s tools. The narrative is shifting toward systemic AI risk, meaning banks deploying advanced models will face tougher questions on red‑teaming, containment and kill‑switch capabilities.

Discussion: Defensive priorities this week are hardening mobile and API layers, tightening model‑risk governance for AI, and ensuring payments and debanking policies can withstand regulatory discovery. CTOs should revisit incident‑response runbooks and board‑level risk reporting around AI and payments conduct.

Tailwinds

• AI-native banking emerges as strategic direction. Solaris is cutting 20% of staff as it pivots to become an “AI‑native bank,” and Citizens’ leadership describes AI’s pace of change as “overwhelming” but central to its Reimagine the Bank program. Bank of America’s wealth units are rolling out an AI‑Powered Meeting Journey tool on top of Salesforce data, showing that front‑office AI augmentation is moving from pilots to scaled deployment.
• Open banking and real-time rails expand globally. Saudi Arabia’s central bank has issued its first Major Payment Institution license for open banking services to Lean Technologies, signaling regulatory endorsement of API‑driven ecosystems in the Gulf. Visa Direct’s tie‑up with Moonrise/Lunar to expand instant payments across the Nordics and Nexi’s SEPA Direct Debit expansion into Denmark both widen the addressable footprint for instant and automated payments propositions.
• Digital onboarding and subscription management mature. Rhinebeck Bank’s partnership with MANTL to modernize loan and deposit account opening across channels, alongside Visa’s new subscription management service for issuers, show growing demand for embedded, lifecycle‑aware digital journeys. These capabilities directly support deposit growth, reduce churn, and create new data exhaust for personalization and risk analytics.

Discussion: Opportunities are clustering around AI‑augmented front‑office tooling, API‑based open banking in new regions, and richer digital journeys for onboarding and subscriptions. CTOs should prioritize platforms that expose reusable AI and payments capabilities across business lines rather than isolated experiments.

Tech Implications

• Core and post-trade systems must go near real-time. The EU/UK/Swiss T+1 testing plan and Citi’s client focus on real‑time payments and stablecoins both assume intraday, event‑driven operations instead of batch windows. Legacy cores, reconciliation engines, and collateral systems that cannot support continuous processing, real‑time exception handling, and fine‑grained timestamping will become bottlenecks for both compliance and client experience.
• Enterprise AI platforms need governance baked in. Solaris’ AI‑native strategy, Citizens’ bank‑wide AI transformation, and BofA’s adviser tools all depend on governed access to CRM and banking data, reproducible model lifecycles, and clear human‑in‑the‑loop controls. With public concerns around AI cybersecurity risks, banks must treat model deployment pipelines, prompt management, and output monitoring as regulated infrastructure, not experimental tooling.
• Fraud, risk, and access control require modernization. Record fraud losses, Lloyds’ data‑exposure incident, and the FTC’s broad enforcement posture argue for unified identity, fraud, and access‑management architectures. This implies consolidating point solutions into shared services that span card, RTP, open‑banking APIs, and digital channels, with streaming analytics and behavioral biometrics feeding AI‑driven risk engines in real time.

Discussion: Engineering roadmaps should emphasize event‑driven architectures for payments and settlement, a standardized AI platform layer with strong governance, and converged fraud/identity services. CTOs should be explicit about which legacy cores and batch processes must be retired or wrapped to meet T+1 and 24x7 demands.

CTO Action Items

Use this week to stress‑test your payments and post‑trade stack against the 2027 T+1 timeline and the growing ubiquity of real‑time rails; commission an architectural review to identify which batch processes, reconciliation tools, and core interfaces must be refactored to event‑driven patterns. In parallel, formalize an enterprise AI platform strategy: define standard tooling, data‑access patterns, and model‑risk controls so that front‑office use cases like adviser copilots can scale safely rather than as bespoke builds. Given the Lloyds incident and rising fraud losses, run a red‑team style exercise on your mobile and API channels focused on data segregation, authorization boundaries, and incident response, and ensure fraud and identity services are unified across cards, RTP, and open banking. Finally, for markets where open banking and new RTP schemes are emerging (e.g., GCC, Nordics), prioritize building reusable API gateways, consent management, and partner‑integration patterns so you can plug into new ecosystems quickly without compromising governance.