By Published On: July 6, 2026

Issue #22

Weekly Banking Intelligence: June 19 to June 25, 2026

THIS WEEK’S SIGNAL

The governance gap is now the deployment gap. Risk.net’s 2026 Op Risk Benchmarking study found four in five banks globally are already using Al to manage operational risk, yet the dominant conversation this week was about institutions deploying Al faster than they can govern it. That is not a technology problem. That is a leadership and operating model problem.

Why it matters: Banks that treat Al governance as a compliance checkbox rather than an architectural discipline are accumulating risk they cannot yet measure, and regulators on both sides of the Atlantic are paying close attention.

DEEP DIVE

Banks Are Deploying AI Faster Than They Can Govern It

The headline number from Risk.net’s 2026 Op Risk Benchmarking study, which drew record participation from 61 banks globally, is striking: 80 percent of institutions now deploy AI to manage operational risk. That is not a pilot statistic. That is a deployment statistic. And it raises a question that very few institutions are answering well: who owns what happens when the model is wrong?

The governance problem is not new, but the scale is. When one bank runs an AI model in its fraud detection stack, the failure is contained. When 80 percent of global banks are running AI across operational risk functions, a correlated failure, whether from a shared model provider, a common training dataset, or asynchronized response to a market event, becomes a systemic concern. That is the conversation regulators are starting to have, and it is the conversation most bank boards have not had yet.

Why it matters: Most banks have an AI strategy. Very few have an AI governance architecture. The difference is not semantic. An AI strategy tells you what you are building. An AI governance architecture tells you who is accountable when it breaks, how you detect drift before it becomes a loss event, and how you demonstrate to a regulator that your controls are commensurate with your deployment footprint. Right now, the deployment footprint is growing faster than the governance architecture.

Why it matters for operating models: This is also a structural question. AI governance cannot live in the second line alone. It requires runtime-embedded controls, continuous data lineage, and clear ownership at the business unit level. That means the banks with modern, cloud-native cores are in a fundamentally different position than the banks still running on legacy infrastructure. You cannot retrofit the controls a regulator will eventually require into an architecture that was never designed to support them.

The Deloitte data reinforces the deployment momentum: 37 percent of U.S. banking executives report current use of generative AI in contact centers, with another 37 percent planning deployment in 2026. That is a majority of the market moving into customer-facing AI within a 12-month window. The governance question does not get easier as the use cases get closer to the customer.

The banks that get this right will not be the ones that slow down deployment. They will be the ones that built the governance architecture before they needed it.

MARKET MOVES

Backbase Acquires Kasisto

Backbase, the Amsterdam-based digital banking platform company, has acquired Kasisto, a conversational AI firm whose KAI platform powers virtual banking assistants for a range of financial institutions. Backbase describes the deal as a direct enhancement to its Banking OS platform, which is positioned as an AI-native operating system designed to sit on top of existing cores and enable banks to launch digital financial services without replacing their underlying infrastructure.

Why it matters: This is not a feature acquisition. Backbase is making a structural argument: that the engagement layer, not the core, is where AI-native banking gets built. If that argument gains traction, it has real implications for how banks think about their modernization sequence. The question worth asking is whether an AI-native engagement layer on top of a legacy core is a durable architecture or an expensive workaround. The answer depends heavily on what your data layer looks like underneath.

Finastra Sells Its Global Core Banking Business

Finastra, one of the largest financial technology vendors in the world, has agreed to sell its Universal Banking business to Pollen Street Capital, a U.K.-based private capital asset manager. Upon completion, Universal Banking will operate as a standalone entity. Finastra will exit the core banking software market entirely, concentrating its remaining business on payments and lending.

Why it matters: When a vendor of Finastra’s scale exits a market, it tells you something about where that market is heading. Running a legacy core business requires significant ongoing investment, and the return profile is increasingly difficult to justify against the competition from cloud-native alternatives. For banks still running Finastra’s Universal Banking platform, the immediate question is straightforward: what does standalone ownership under private capital mean for the investment roadmap, the support model, and the long-term viability of the platform? This is not a reason to panic, but it is a reason to ask hard questions now rather than wait for the transition to play out.

Meta and CRED: A $4 Billion Signal from India

Meta is reportedly in advanced talks to acquire a 20 percent stake in CRED, a Bengaluru-based fintech platform with a large, high-credit-score user base in India, at a valuation of approximately $4 billion. CRED has confirmed the investment structure and stated that Meta, as a minority shareholder, will not receive access to customer data.

Why it matters: Meta entering a structured financial services investment at this scale is not a payments story. It is a distribution story. CRED’s value is its user base and the behavioral data that comes with it. The data access carve-out in the deal terms is notable precisely because it signals how sensitive that question is. For U.S. and European bank executives, the relevant pattern here is the same one that has played out in Southeast Asia and China: technology platforms with large, engaged user bases eventually become distribution channels for financial products. The question is not whether that happens in Western markets. The question is how quickly.

Objectway Acquires FNZ Switzerland

Objectway, an Italian wealth and asset management technology firm, has acquired FNZ Switzerland SA (formerly New Access), the Swiss private banking technology business previously owned by FNZ Group. The deal extends the consolidation trend in core banking and wealthtech infrastructure to private banking, a segment that has historically moved more slowly on modernization.

Why it matters: Fintech consolidation is not confined to consumer payments or retail banking. Private banking infrastructure is now actively in play. For institutions in the wealthtech and private banking space, the vendor landscape is shifting, and the window for evaluating alternatives on your own timeline is narrowing.

FIS Selected by First Commerce Bank; Bank of Ceylon Commits $10 Million to Core Overhaul

First Commerce Bank, a community bank based in New Jersey, has selected FIS and its HORIZON core banking platform to modernize its technology infrastructure. Separately, Bank of Ceylon has announced a $10 million core banking overhaul, with vendor selection and implementation timeline details expected in the coming weeks.

Why it matters: These two deals reflect a pattern worth watching. Community banks and institutions in emerging markets are making core decisions now, not deferring them. The FIS HORIZON selection at First Commerce signals continued demand for proven, established platforms at the community bank tier. The Bank of Ceylon commitment signals that the modernization imperative is genuinely global. Both decisions also reflect something the KPMG 2026 Banking Technology Survey confirmed this week: technology investment is no longer a discretionary budget line. It is a competitive and regulatory necessity.

VENDOR SIGNALS

Danske Bank Extends AWS Partnership

Danske Bank has extended its agreement with Amazon Web Services (AWS) to accelerate AI implementation, modernize IT systems, and strengthen its cloud and data foundations across the bank. The extension is framed explicitly around faster AI deployment and productivity improvement, not simply infrastructure migration.

Why it matters: The framing matters here. Danske is not describing this as a cloud migration. They are describing it as an AI enablement investment. That is the direction the market is moving: cloud infrastructure is becoming the prerequisite, not the destination. Banks that have not yet established a stable cloud and data foundation are not just behind on infrastructure. They are behind on the preconditions for AI deployment at scale.

Microsoft and Google Cloud: Commercial Banking AI Buildout Continues

Microsoft published a detailed look this week at how its agentic AI capabilities are being applied in corporate and commercial banking, covering decision support, workflow automation, and relationship management functions. Separately, a fintech pulse report flagged continued partnership activity between HSBC and Google Cloud in this same space.

Why it matters: The hyperscalers are not waiting for banks to define the use cases. They are defining them and bringing them to market. For bank technology leaders, the relevant question is not whether to engage with Microsoft or Google Cloud on AI. It is whether your architecture, your data governance, and your vendor contracts are structured to let you move quickly when a use case is ready, and to retain control of the outcomes when something goes wrong.

The GENIUS Act Creates New Infrastructure Requirements

The Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act is now law, and its implications for bank technology infrastructure are more significant than most institutions appear to have internalized. Banks seeking to issue stablecoins or custody digital assets under the GENIUS Act framework must treat wallet and safekeeping capabilities as regulated infrastructure, subject to supervisory scrutiny and adversarial threat environments, operating on a 24/7 basis.

Why it matters: This is not a crypto story for banks that have already decided to sit out digital assets. It is an infrastructure story for any bank that may want optionality in this space over the next three to five years. Wallet custody and digital asset safekeeping require architectural capabilities that cannot be bolted onto a legacy core after the fact. Banks that want to compete in this space will need to have made the foundational architecture decisions before the regulatory window opens fully.

REGULATORY PULSE

The White House AI Executive Order: Community Banks Named Explicitly

A new White House executive order on AI innovation and security, issued June 29, directs federal agencies to expand AI-enabled cybersecurity tools and facilitate access to frontier AI models for critical infrastructure operators. Community banks are named explicitly alongside rural hospitals and local utilities as intended beneficiaries of these programs.

Why it matters: The explicit inclusion of community banks in federal AI infrastructure programs is a meaningful signal. It suggests the administration views AI readiness as a systemic resilience issue, not just a competitive one. For community bank executives, this is worth tracking closely. Federal programs that lower the cost of AI-enabled cybersecurity tools could be significant for institutions that cannot fund enterprise-grade security infrastructure independently.

FCA Signals a Fundamental Rethink of AI Regulation

The U.K. Financial Conduct Authority (FCA) published a speech this week signaling that traditional regulatory frameworks are not keeping pace with AI deployment in financial services. The FCA is shifting its emphasis toward competition, cross-industry collaboration, and system-wide risk awareness, rather than institution-by-institution compliance review.

Why it matters: The FCA is telling the market something important: the regulatory model for AI in banking is not settled. Institutions that have built their AI governance frameworks around current FCA guidance should be watching this closely. A shift toward system-wide risk frameworks could change the compliance calculus significantly, particularly for banks that share model providers or data infrastructure with competitors.

GUARD Act and Open Banking: Federal Preemption Returns

The proposed GUARD Act, surfaced in a Consumer Finance Monitor analysis this week, would create new consumer rights over shared data, expand AI usage disclosure requirements, and preempt state-level consumer data privacy laws for institutions covered by the Gramm-Leach-Bliley Act (GLBA). This arrives as several states are actively advancing their own data-sharing frameworks, creating a potential patchwork that the GUARD Act would resolve by federal preemption.

Why it matters: For banks operating across multiple states, the prospect of federal preemption on data privacy is operationally significant. A single federal standard is easier to build to than 50 state variations. But the AI usage disclosure requirements in the GUARD Act are new territory, and the compliance infrastructure for those requirements does not yet exist at most institutions. Banks should be watching the legislative trajectory carefully and pressure-testing their current data governance and AI disclosure capabilities against what the GUARD Act would require.

TALENT SIGNALS

AI Governance Roles Are Now a Hiring Priority

Several Tier 1 and Tier 2 institutions are actively building out AI governance and model risk management functions. BMO Harris Bank is hiring for AI governance leads and model risk officers with specific mandates covering agentic AI oversight. JPMorgan Chase continues to expand its AI engineering and MLOps headcount, with particular emphasis on production deployment and monitoring capabilities.

Why it matters: AI governance roles are rising because AI deployment is rising, and the accountability gap between the two is becoming visible to regulators and boards. This is not a compliance-driven hiring cycle. It is a risk management response to the reality that deployed AI models require ongoing human oversight, and most banks built that oversight function after the fact, if at all. The institutions hiring now are the ones that understand the governance architecture has to be built before the regulator asks for it.

Non-AI Operational Roles Continue to Compress

The same KPMG 2026 Banking Technology Survey that shows rising technology investment also reflects continued compression in non-AI operational headcount, particularly in middle-office processing, routine compliance review, and transactional support functions. This is not a cyclical reduction. It is a structural one, driven directly by AI automation of the tasks those roles were performing.

Why it matters: For bank executives managing workforce transitions, the pattern is clear and accelerating. The question is not whether these roles will be affected. The question is whether your institution has a coherent reskilling and transition strategy, and whether your HR leadership is building toward the workforce your operating model will require in three years rather than the one it required three years ago.

CB RADAR UPDATE

 

Why it matters: The CB Radar picture this week reflects a market in active transition. Finastra’s exit creates displacement risk for its installed base. The community bank tier is making decisions now. And the architectural consensus around composable, phased modernization is hardening into conventional wisdom, which means banks still debating the approach are falling behind institutions that have already started executing it.

RICK’S STRATEGIC TAKE

The governance gap is real and it is closing faster than most banks are moving. Four in five banks are running AI in operational risk functions. A fraction of those have governance architectures that would survive a serious regulatory examination. That gap will not close itself. It closes when a board decides that AI accountability is a first-line responsibility, not a second-line audit function.

Finastra’s exit from core banking is the kind of market signal that gets rationalized away in the short term and recognized as a turning point in hindsight. If you are running Universal Banking, you do not need to panic. You do need a clear-eyed answer to the question of what your platform investment looks like under private capital ownership, and you need that answer before your next planning cycle, not after.

The banks that are in the strongest position right now are not the ones with the most aggressive AI strategies. They are the ones that did the hard work of modernizing their architecture before the AI wave hit. Cloud-native cores, real-time data infrastructure, embedded controls: these are not AI features. They are the prerequisites for AI that actually works at scale and survives regulatory scrutiny. The window to build that foundation before it becomes a competitive liability is narrowing.

For a deeper framework on what AI-ready core architecture actually requires, see CSP’s CB Architecture Series at coresystempartners.com.

Want the Full Picture?

Subscribe to BIS, the Banking Intelligence Service from Core System Partners, for the full breakdown including Rick’s Strategic Take on the governance gap, the CB Radar vendor tracking signals, and the regulatory pulse analysis covering what SR 11-7 does and does not cover for agentic deployments, delivered weekly. Banking Intelligence Service

For CSP’s full analysis of what the Fed and Treasury are actually concerned about—and a framework for what AI-ready architecture requires—visit Core System Partners.

Continue With Core System Partners

 

 

Like this week’s highlights?

Don’t miss the next one.

 

Ready to Explore?

Subscribe to our newsletter for exclusive insights, transformation strategies, and the latest banking technology updates.

Share This Story, Choose Your Platform!

Subscribe to Newsletter