Industry Outlook: Banking & Financial Services — Week of May 11, 2026

Market Outlook

• Supervisors move to clarify AI and on-chain rules. The OCC’s Spring 2026 Risk Perspective highlights AI as a dual-use technology reshaping the cyber threat landscape, while the SEC chair is publicly urging clearer rules for on‑chain financial markets and backing the CLARITY Act. Together, these signals point to a near-term tightening of expectations around AI governance and digital-asset market structure rather than a laissez-faire approach. CTOs should anticipate more prescriptive expectations on AI model risk, data lineage, and controls for tokenized or on‑chain trading workflows.
• Digital-asset players race to institutionalize infrastructure. Kraken parent Payward is both acquiring stablecoin-native card and payments platform Reap for $600 million and applying for a US national trust charter to provide fiduciary digital-asset custody. At the same time, ECB President Lagarde is questioning the case for euro stablecoins, underscoring a divergence between market innovation and central bank skepticism. This combination suggests institutional-grade crypto infrastructure will keep maturing even as regulatory attitudes fragment by jurisdiction.
• AI-powered capital markets platforms gain critical mass. Top Wall Street dealers joining the AI-driven LTX corporate bond trading platform indicates growing buy-side and sell-side comfort with AI in price discovery and liquidity management. As liquidity tools become increasingly data- and model-driven, banks that cannot integrate external AI platforms into their trading stacks will see a widening execution and analytics gap. This is an early marker of how AI will be embedded into market infrastructure rather than remaining a peripheral analytics tool.

Discussion: This week’s signals point to AI and digital assets moving deeper into regulated market infrastructure rather than remaining at the edges. CTOs should track how supervisory guidance coalesces around AI and on‑chain activity and be ready to adapt data, model, and custody architectures accordingly.

Headwinds

• Escalating fraud and identity risk in payments. UK romance fraud losses reached £102 million last year with reports up nearly a third, and the Fed is convening a multi-agency roundtable to combat rising payment fraud. At the same time, the City of London is calling for a digital verification network to fight fraud, highlighting that existing KYC and authentication regimes are no longer sufficient. Banks will face pressure to materially improve fraud detection, identity assurance, and customer protection for real-time and account-to-account payments.
• AI expands cyberattack surface and regulatory scrutiny. The OCC explicitly calls out AI as transforming the cyber threat landscape, while high-profile incidents such as the hacktivist attack on Chime and lawsuits alleging customer data theft show attackers are targeting fintech and bank adjacencies. As AI tooling becomes widely available, both defenders and attackers are upgrading their capabilities, and regulators are watching closely, including the Fed’s attention to Anthropic’s Mythos model. Weak AI governance, inadequate red-teaming, or opaque models in critical workflows will increasingly be viewed as safety-and-soundness issues.
• Operational resilience exposed by outages and infrastructure gaps. Coinbase’s seven-hour outage, attributed to an AWS data center issue, underscores concentration risk in cloud infrastructure and the reputational damage of prolonged downtime in high-volatility markets. As banks expand digital and real-time services, tolerance for outages—whether cloud, network, or vendor-induced—continues to shrink. Regulators are already probing third-party risk and will expect robust multi-region, multi-availability-zone designs and tested failover for critical customer-facing platforms.

Discussion: Defensive priorities this week center on hardening identity and fraud controls, tightening AI and data governance, and revisiting operational resilience assumptions for cloud and third-party dependencies. CTOs should validate that current architectures can survive both targeted cyberattacks and infrastructure failures without prolonged customer impact.

Tailwinds

• AI-readiness becomes core to banking growth narratives. The Temenos Community Forum spotlighted AI as the defining revolution for the bank of tomorrow, spanning AI-readiness, AI capabilities, and AI-native products. Chime’s deployment of its Jade AI agent with improved customer satisfaction, and Airbnb’s disclosure that 60% of its code is now coauthored with AI, demonstrate credible productivity and CX gains at scale. Banks that can industrialize AI—from software delivery to customer interaction—will gain both cost and experience advantages.
• Real-time SME and commercial banking intelligence matures. Codat’s launch of an advisory intelligence platform for commercial and business banks leverages real-time data connectivity and AI to enhance underwriting and relationship management. As embedded finance and open banking mature, SME data exhaust from accounting, commerce, and payroll systems can be turned into higher-margin advisory and lending products. This offers incumbents a path to defend and grow commercial banking franchises against fintech and big-tech encroachment.
• Digital-asset payments expand into mainstream rails. Sui’s Slush Card with RedotPay, Bitget’s Scan to Pay for USDT at offline merchants, and Solana’s partnership with Google Cloud to enable stablecoin payments for AI agents all point to a rapid broadening of digital-asset payment use cases. Kraken’s acquisition of Reap further strengthens card issuing and stablecoin-native payments infrastructure. Even if central banks remain skeptical, customer expectations for instant, programmable, and borderless payments will increasingly be shaped by these experiences.

Discussion: Opportunities this week cluster around scaling AI into production, monetizing real-time data in commercial banking, and selectively engaging with digital-asset payments where regulation allows. CTOs should look for near-term pilots that can demonstrate measurable uplift in CX, productivity, or fee income.

Tech Implications

• Design-led, proactive risk systems over reactive oversight. Starling’s new CRO is advocating a shift from reactive risk oversight to proactive, design-led systems, aligning with regulators’ expectations for built-in controls rather than after-the-fact monitoring. For CTOs, this means embedding risk and compliance logic directly into product and core-banking workflows—treating risk as a first-class design constraint, not an add-on. Architectures that support policy-as-code, continuous monitoring, and explainable AI will be better aligned to this direction.
• AI in financial services moves to specialized stacks. Anthropic is deepening its push into financial services with industry-specific tools and partnerships aimed at middle-market enterprises, while the Fed is considering supervisory approaches for its Mythos model. This indicates a shift away from generic LLM deployments toward vertically tuned AI stacks that integrate domain ontologies, compliance constraints, and financial data models. Engineering teams will need to design for model interchangeability, robust guardrails, and tight integration with existing risk and data platforms.
• Digital identity networks and verification as shared utilities. The City of London’s call for a digital verification network and the Fed’s payment fraud roundtable both implicitly endorse shared, interoperable identity infrastructure to combat scams and authorized push-payment fraud. For banks, this points toward participating in or helping shape cross-industry digital ID utilities rather than building siloed solutions. Architecturally, this requires standardized APIs, consent management, and privacy-preserving verification mechanisms that can plug into both domestic and cross-border payment schemes.

Discussion: Engineering priorities should emphasize platform capabilities: policy-as-code risk controls, AI platforms designed for regulated workloads, and interoperable identity and data-sharing APIs. Core modernization efforts ought to assume AI-native and real-time-by-default requirements rather than retrofitting later.

CTO Action Items

Reassess your AI governance and cyber posture in light of the OCC’s risk perspective and the Fed’s interest in models like Mythos: ensure you have a clear inventory of AI use cases, model owners, and documented controls, especially where AI touches credit, trading, or customer interactions. Initiate or accelerate a fraud and identity roadmap review, incorporating shared digital identity schemes, stronger behavioral analytics, and real-time monitoring tuned for authorized push-payment and romance-style scams. On the opportunity side, identify one or two high-impact domains—such as commercial lending or customer service—where you can pilot AI-enhanced, real-time data platforms with measurable KPIs in the next two quarters. Finally, stress-test your operational resilience assumptions for cloud and critical vendors, validating multi-region failover, incident playbooks, and communication plans against a Coinbase-style outage scenario in your own environment.