The big picture: Economic, regulatory and innovation trends shaping financial institutions in 2026

Adam Keefer, managing director of Financial Services Investment Banking at Piper Sandler, provided a comprehensive economic update and some insights on the merger and acquisition (M&A) front during a financial institutions industry outlook webinar Baker Tilly hosted in January 2026. Some key items to note: 

• The economic outlook is clouded by a significant amount of volatility and uncertainty right now. From an interest rate standpoint, there are several important items to note: 

– As expected, at its December 2025 meeting, the Federal Reserve lowered the federal funds target range by 25 basis points. The decision was opposed by three Federal Open Market Committee (FOMC) members, underscoring the volatility the FOMC is facing right now in terms of decision-making. The investment markets are currently expecting two 25bp rate cuts in 2026, taking place in the second half of the year. 

– Ongoing inflation concerns remain a persistent issue. As of January 2026, the inflation rate is 2.7%, which may seem close to the Federal Reserve goal of 2% and is lower than recent history, but ongoing significant reductions in the rate of inflation are needed to reach the goal of 2%. The Trump administration remains highly focused on getting interest rates down, so it is reasonable to expect an ongoing push-and-pull in the future direction of the fed funds rate. 

– Jerome Powell, chair of the Federal Reserve, will be replaced as chairman on May 15, 2026. The details around this important transition remain unknown.  

– The U.S. Treasury yield curves have steepened, which should result in a better environment for net interest margin for financial institutions which should improve profitability, though a steepening yield curve is often associated with a decline in credit quality, which is an important factor to keep in mind. 

• In terms of how the current economy and interest rates are impacting the outlook for financial institutions: 

– Banks are expected to see continued earnings per share (EPS) growth in 2026 and 2027, driven by higher net interest revenues, operating efficiencies and continued clean credit.

– After two successive years of compression, net interest margin increased in 2025 and is expected to continue to expand in 2026 and 2027.

– Despite uncertainty around interest rates, banks may benefit from the spread between lending and deposit rates, particularly if economic growth remains strong.

– Loan portfolios generally remain healthy, with low default rates and low charge-offs.

In the on-demand webinar recording below, Adam Keefer’s section featuring the latest economic and M&A updates starts at 01:45. 

Per Adam Keefer, there has been a notable uptick in M&A activity in recent months within the financial sector. A significant contributor to this uptick is a more accommodating regulatory environment, which has reduced barriers to transaction approval and shortened deal timelines. Improved bank valuations and a relatively stable operating environment have also made acquisitions more feasible. In addition, the capital markets are open, and investors are often attracted to capital raising in conjunction with strategic transactions, such as M&A.  Many institutions are seeking strategic opportunities after such a long period of subdued activity and following a sustained period of lackluster returns for bank stock investors.  Everything appears in place for this rate of M&A activity to continue in 2026.   

 FASB ASU 2025-08 (Topic 326) - Purchased Loans 

• Acquired loans without credit deterioration and deemed purchased ‘seasoned’ loans (excluding credit cards) are accounted for using the gross-up approach which was formally the purchase credit deteriorated loans approach. 
• Institutions using a method other than discounted cash flows to estimate expected losses can elect, acquisition-by-acquisition, to utilize amortized cost basis on subsequent measurement. 

Office of the Comptroller of Currency (OCC) Regulatory Relief for Community Banks 

• Bulletin 2025-24: Eliminates all requirements for community banking examination activities set by OCC policy, noting that examiners will now conduct risk-based examinations in alignment with statute and regulation with a focus on material financial risks. 
• Bulletin 2025-26: Clarifies community banks have flexibility to tailor model risk management practices to the institution’s specific risk exposure, business activities and model complexity and should not be interpreted to require annual model validation (noting OCC will not provide negative supervisory feedback to a bank solely for the frequency or scope of model validation if reasonably determined). 
• Bulletin 2025-28: Amendments establish a new definition of ‘covered community bank or savings association’ and provide such institutions access to all currently available expedited or reduced filing procedures ($30 billion or less in total assets or affiliate total assets; well-capitalized; not subject to a cease-and-desist order, consent order or formal written agreement that requires action to improve financial condition). 

FDIC Final Rule (Part 363) - Regulatory Thresholds 

• Immediate relief if the institution is no longer subject to updated Part 363 requirements, however other appropriate federal and state supervisory agencies may still have requirements in place at lower thresholds, consult with legal and your regulatory agencies 
• Annual Independent Audit threshold increased from $500 million to $1 billion 
• Internal control over financial reporting threshold increased from $1 billion to $5 billion 
• Audit Committee independence thresholds increased from $500 million to $1 billion and $1 billion and $3 billion to $5 billion 
• Director compensation threshold increased from $100,000 to $120,000 

In the on-demand webinar recording below, Kassie Ecklund’s section featuring the latest issued and pending accounting guidance starts at 22:19. 

• Interest exclusion on agricultural loans: Banks can benefit from a 25% partial exclusion of interest income on qualified rural or agricultural real estate loans, contingent on specific loan and borrower criteria, requiring lending teams to identify eligible opportunities. 
• Immediate deduction for R&E costs: Section 174A changes allow immediate deduction of domestic research and experimental (R&E) expenditures, encouraging banks to align tax strategy with innovation investments and collaborate with IT and business units to capture qualifying expenses.  
• Enhanced informational reporting: Increased thresholds for Form 1099-NEC and new wage reporting rules, alongside additional reporting for mortgage insurance and auto loan interest, necessitate readiness in systems and automation to ensure compliance and risk reduction.  
• State tax landscape shifts: States are adopting changes including OBBBA conformity, economic nexus expansion and single sales factor apportionment – exemplified by California’s SB 132 – requiring banks to monitor legislative changes and adapt tax provisions and sourcing methodologies proactively. 

In the on-demand webinar recording below, Tanya Thomas and Mike Zurenski’s section featuring information on the current tax landscape starts at 30:55.  

The financial services industry continues to be a prime target for cybercriminals due to its role in managing sensitive financial data and assets. In 2026, the threat landscape will continue to evolve rapidly, driven by technological advances and increasingly sophisticated attack strategies. Below is an expanded overview of the most pressing cybersecurity threats currently impacting financial institutions:  

• AI-driven cyber threats: AI is a double-edged sword in cybersecurity. While financial institutions leverage it for fraud detection and threat monitoring, cybercriminals continue to leverage AI to automate and scale their attacks. AI-driven threats can include automated phishing campaigns that craft highly realistic emails, AI-powered malware that adapts to evade detection and deepfake technologies used for social engineering. These tools enable attackers to bypass traditional security controls and target financial institutions with unprecedented precision and speed.  
• Cloud security: As financial institutions migrate critical operations and customer data to cloud environments, cloud security becomes a central concern. Misconfigurations, inadequate access controls and vulnerabilities in third-party cloud services can expose sensitive information. Attackers are increasingly targeting cloud infrastructures to exploit these weaknesses, launch data breaches or disrupt services. Ensuring continuous monitoring, proper configuration and robust cloud security policies is essential to mitigate these risks.  
• Identify verification software: With the continued surge in digital banking and remote services, verifying user identities has become more challenging and crucial. Financial institutions are responding by investing in advanced identify verification solutions such as biometric authentication, behavioral analysis and AI-powered fraud detection systems. These tools help prevent account takeovers, unauthorized transactions and identity theft by ensuring that only legitimate users can access sensitive banking services.   
• Criminal organizations: Cybercriminal groups have evolved into well-organized enterprises, often mirroring legitimate business structures. They maintain customer support, offer service-level agreements for ransomware and even provide “ransomware-as-a-service” platforms for other criminals. This professionalization increases the efficiency, scale and impact of their attacks on financial institutions, making it harder for traditional security measures to keep up.  
• Ransomware attacks: Ransomware attacks remain one of the most lucrative and damaging threats for financial institutions. Cybercriminals continuously refine their tactics to maximize the likelihood of ransom payments. This includes targeting high-value data, customizing ransom demands and employing advanced encryption methods to lock critical systems. The goal is to create situations where financial institutions feel compelled to pay in order to restore operations and protect customer data. 

In the on-demand webinar recording below, Himanshu Sharma’s section on cybersecurity starts at 47:21. 

AI governance is an expansion of data governance and is extremely important. A proper AI governance model encompasses policies, principles, standards and practices designed to ensure that AI systems are developed and used in a manner that is transparent, fair, accountable and respects privacy and human rights. Elements of this model include: 

• Ensuring ethical AI use: Establishing clear codes of conduct for AI use, developing ethical guidelines specific to AI applications and ensuring these are communicated and enforced across the organization. 
• Complying with laws and regulations: Establishing dedicated compliance teams to oversee AI projects, conducting regular audits, maintaining thorough documentation demonstrating regulatory adherence and staying informed about evolving AI-related regulations impacting financial institutions. 
• Proactive risk management: Conducting comprehensive risk assessments before and during the deployment of AI models, including scenario analysis for potential failures. Implementing robust controls and contingency plans for AI-driven processes and maintaining clear lines of accountability for AI decision-making. 
• Transparency and explainability: Prioritizing the development and deployment of explainable AI models, especially in high-stakes decisions like lending, credit scoring or fraud detection. This includes documenting model logic, data sources and decision pathways and providing clear explanations to both internal users and affected customers. 
• Promoting fairness and avoiding bias: Implementing rigorous fairness assessments and bias detection techniques throughout the AI lifecycle, diversifying data sets, using fairness metrics during model evaluation and establishing procedures to address and correct detected biases. 
• Enabling privacy protection: Adopting privacy-by-design principles and ensuring personal data is handled securely and only for legitimate and consented purposes. This includes deploying data anonymization, encryption and access controls, as well as conducting privacy impact assessments for all AI initiatives.  
• Fostering stakeholder engagement: Establishing channels for stakeholder engagement such as advisory boards, feedback sessions or public consultations. Engaging stakeholders early in the AI development process and keeping an ongoing dialogue with regulators and industry peers.  
• Continuous monitoring and improvement: Implementing continuous monitoring mechanisms to track AI system performance, compliance and emerging risks. This includes setting up automated monitoring tools, conducting regular audits and updating governance policies in response to new insights on regulatory changes. 

In the on-demand webinar recording below, Jordan Anderson’s section on digital transformation and AI governance starts at 1:01:55. 

Modernization is no longer optional – It’s strategic 

• Financial institutions face increasing regulatory scrutiny and evolving criminal tactics. Legacy AML/CFT programs, built on static rules and siloed systems, cannot keep pace with today’s dynamic risk environment. 
• Modernization means adopting risk-based approaches, leveraging advanced analytics and integrating compliance processes across the enterprise. This shift is not just about meeting regulatory requirements – it’s about building resilience and competitive advantage. 

AI is a game-changer, but it requires governance 

• AI and machine learning (ML) are transforming transaction monitoring, enabling predictive detection and reducing false positives. 
• However, AI adoption must be paired with strong governance frameworks to ensure transparency, explainability, and ethical use. Regulators expect institutions to demonstrate how AI-driven decisions are made and monitored. 

Sanctions compliance demands agility 

• The global sanctions landscape is volatile, driven by geopolitical tensions and rapid regulatory updates. Static screening processes are insufficient. 
• Institutions need real-time screening capabilities, advanced name-matching technologies and integrated workflows that embed sanctions controls into trade finance, payments and customer onboarding. 

Global reforms will continue to raise the bar 

• Financial Action Task Force (FATF) recommendations, beneficial ownership transparency and virtual asset regulations are reshaping compliance obligations worldwide. 
• Regulators are encouraging regulatory technology (RegTech) adoption and fostering public-private partnerships for intelligence sharing. Institutions must stay ahead of these reforms to avoid penalties and reputational risk. 

An integrated approach is the future 

• Financial crime risk management can no longer operate in silos. AML, sanctions, fraud and cybersecurity risks are interconnected. 
• Technology is the enabler of holistic compliance – bringing together data, analytics and governance under a unified framework to future-proof compliance programs. 

In the on-demand webinar recording below, Crystal Trout’s section on financial crimes starts at 1:29:25.  

Fraudsters and organized crime rings continue to increase the sophistication of their attacks and impersonations. They are using CEO/c-suite impersonations and AI deepfakes to trick employees, customers and key vendors. They are also impersonating: 

• Bank employees: There has been a notable increase in banking customer attacks where fraudsters are impersonating bank employees and obtaining credentials and initiating online banking transfers or ACH transactions. There is a notable increase in the sophistication of phone number spoofing and replicating banking websites. Fraudsters are also changing customer contact information (phone numbers and e-mail addresses) and changing routing information. 
• Employers: Fraudsters are also leading employees into thinking they are talking to their employer’s information technology (IT) or human resources (HR) departments and tricking them into providing their credentials and information. 
• Vendors: Key vendors may be compromised and request changes to bank information or may send malware via attachments that are normally trusted.  

Some best practices for preventing fraud:  

• Update your fraud risk assessments and prevention programs to address emerging trends and scam risks. More frequent updates are necessary with the continued sophistication and continuously changing attack vectors.  
• Provide employee and customer/member education continuously – not just annually. Focus on frequent education and reminders, warnings and pop-ups within your mobile and online banking platforms. Remind customers, especially key commercial customers with higher volumes of transfer or ACH transactions, on when/how a bank would ever contact them to change information. 
• Review transaction pausing and blocking protocols, which requires a balance of customer satisfaction and holds/blocking when red flags emerge. This typically is the most effective form of identifying fraud, however, it can result in disruption to customer ease of banking and overall customer satisfaction. 
• Review your internal wire protocols and controls. Perform internal callbacks and create codewords or ways to authenticate even internal employees for internal requests to address emerging c-suite and CEO impersonation attacks. 

More information on risk advisory can be found in the on-demand webinar recording below. Mark Boettcher’s section starts at 1:14:50.

Patrick South, chief revenue officer at TRM Labs, spoke in Baker Tilly’s recent webinar and discussed the growing importance of stablecoins and their relationship with traditional financial institutions and fintechs.  

What is a stablecoin? 

• A stablecoin is a digital asset, token or form of digital asset that is designed to maintain a stable value by pegging its market value to an external reference, such as a specified asset or currency. 
• Stablecoins, which are distinct from Central Bank Digital Currencies are not issued by a central bank or a financial market infrastructure (FMI). 

What are the different types of stablecoin? 

• Fiat-backed stablecoin are pegged to traditional currencies like USD or EUR and backed by equivalent reserves held in bank accounts or other financial institutions.  
• Algorithmic stablecoin aim to maintain their peg primarily through code-driven supply and demand mechanisms rather than traditional collateral. 
• Crypto-backed stablecoin are backed by reserves of other cryptocurrencies, often over collateralized to account for crypto volatility.  
• Commodity centralized stablecoin are pegged to the value of physical assets such as gold or other commodities. 

What’s the value in a stablecoin? 

The value in a stablecoin is that it behaves like digital cash on global, 24/7 rails. 

1. Price stability vs. other crypto 

• Stablecoins are designed to hold a steady value, usually pegged 1:1 to a fiat currency like the US dollar or a basket of assets. 
• That stability makes them practical for payments, salaries, remittances and invoicing, instead of just speculation. 

2. Better payments and settlement rails 

• Settlement is almost instantaneous – it occurs with minutes or seconds instead of days. 
• There is no dependency on banking hours or local holidays. 
• It works the same way across jurisdictions; no SWIFT, correspondent banks or FX frictions needed.  
• Typically involves lower fees and fewer intermediaries than wires or card networks. 

3. Bridge between fiat and crypto ecosystem 

• Acts as the ‘settlement currency’ across exchanges, Decentralized Finance (DeFi) and on chain markets – marketing trading pairs and liquidity pools are against stablecoins. 
• Lets users move in and out of volatile assets without leaving the chain, which keeps liquidity and activity on blockchain rails. 

4. Use cases 

• Retail: Remittances, savings in USD-like assets in high-inflation economies, lower-cost cross-border transfers. 
• Businesses: B2B payments, treasury management, supplier payments, creator payouts and marketplace settlements. 
• Financial institutions: Faster client settlement, new products (tokenized deposits, on chain cash management), and staying competitive with fintech/payment innovators. 

What are some regulatory considerations for financial institutions looking to engage with stablecoin? 

• Licensing and regulatory perimeter: Clarify whether your stablecoin activity (issuance, custody, payments, on/off‑ramp) brings you under specific licensing regimes or new supervisory expectations and ensure alignment with emerging frameworks (e.g., stablecoin and e‑money rules, payments regulation, bank safety and soundness standards). 
• AML/CFT and sanctions controls: Treat stablecoin flows as you would any other payment rail: robust KYC/KYB, ongoing transaction monitoring, sanctions screening, and clear escalation paths for suspicious activity. Many institutions use blockchain intelligence tools to apply Bank Secrecy Act and FATF‑aligned controls against on chain products. 
• Issuer and asset due diligence: Conduct deep due diligence on the stablecoins you support — reserve composition and audits, redemption rights, governance and regulatory status of issuers and custodians. Various Know‑Your‑Asset (KYA) style solutions help FIs assess on chain behavior, concentration risk and ecosystem exposure before and after onboarding a given token. 
• Operational and technical enforcement capabilities: Regulators increasingly expect clear playbooks for responding to lawful orders (e.g., to freeze, seize, or block transfers) and for handling de‑pegs, smart‑contract bugs or large‑scale fraud events. This means aligning legal, policy, and engineering teams so that operational controls on wallets and contracts can actually implement regulatory requirements. 
• Cross‑border and multi‑jurisdictional compliance: Because stablecoins move 24/7 across borders, institutions need a clear view of where counterparties, issuers, and key intermediaries sit from a regulatory perspective, and how different regimes (e.g., sanctions lists, travel‑rule obligations, data‑sharing rules) intersect. 

In the on-demand webinar recording below, Patrick South’s section on stablecoin and specialty finance starts at 1:34:29.