Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Looking for TPG Software? You are in the right place!

TPG Software is now part of Abrigo. You can continue to count on the world-class Investment Accounting software and services you’ve come to expect, plus all that Abrigo has to offer.

Make yourself at home – we hope you enjoy being part of our community.

Male in suit looking worried

Shutdown implications for credit unions, banks, and their clients 

Credit unions and community banks have been stepping in to help those affected by the federal government shutdown even as institutions consider risk management implications.

Federal shutdown: Institutions see effects on clients

The government shutdown that began Oct. 1 has now dragged on for more than 40 days – the longest in U.S. history. That’s 40 days of missed paychecks for federal employees and contractors. Forty days of stress for families trying to juggle mortgages, car loans, and credit cards without income.

The good news: there are signs of a deal in motion. However, credit union members and community bank customers facing financial stress from the shutdown don’t yet have clear information about when paychecks and backpay will hit their accounts. Credit unions and community banks have been stepping in, helping even as they consider risk management implications.

Is your CECL model performing as expected? Learn more in this on-demand webinar

Watch now

Shutdown impacts on financial institutions and their clients

Some areas of the country feel government shutdowns more acutely than others.

While California, Virginia, and the District of Columbia employ the most federal workers in raw numbers, other states have a higher concentration of their workforce in federal jobs. According to the economics and public policy firm Scioto Analysis, the District of Columbia, Maryland, and Hawaii have the highest number of federal employees per 1,000 workers.

California, Virginia, and Texas host the largest numbers of active-duty military personnel, according to the Defense Manpower Data Center data cited by Visual Capitalist.

Together, these factors mean that entire communities, especially those with military bases, federal facilities, or federally funded tourism, can see significant ripple effects when government paychecks are at risk or stop.

America’s Credit Unions reports that roughly two million federal civilian workers and millions of contractors face uncertainty during a shutdown, with some furloughed and others working without pay until Congress acts. The Government Employee Fair Treatment Act of 2019 guarantees retroactive pay, but workers still face immediate challenges covering daily expenses.

Local economies that depend on federal programs or tourism at national parks and public lands are also affected. In 2013, 401 national parks closed, costing communities $414 million in visitor spending, according to America’s Credit Unions.

In addition, farmers have faced delays in U.S. Department of Agriculture services or support. And lenders offering some government-backed loans have run into processing roadblocks with the shutdown, delaying approvals for applicants of U.S. Small Business Administration loans and some agricultural loans.  

Even when states step in to fund temporary operations, the strain on local businesses and workers is real. And it extends to their credit unions and community banks.

When paychecks stopped, CFIs stepped up

For community financial institutions, the shutdown has presented yet another opportunity to do what they’ve always done best: show up for their customers or members when times get tough. It’s times like these that tend to reaffirm what sets community banks and credit unions apart. And even in uncertain times like the current situation, these institutions can look to balance empathy and action with sound risk management. 

Across the country, community banks and credit unions have been quick to respond, rolling out skip-a-payment options, loan deferrals, fee waivers, and short-term bridge loans for furloughed or unpaid workers. Many are reaching out proactively before members even ask for help.

That’s the power of being local. Decisions get made down the hall, not across the country. Relationship managers know their customers or members by name. And when the community hurts, CFIs don’t wait for permission; they act.

The human side meets the CECL side

Over the last couple of weeks, I’ve had quite a few conversations with our clients, many asking some version of the same question: How will these relief efforts by an institution intersect with CECL (current expected credit loss ) accounting?

It’s a good question. Relief programs like deferrals and extensions, while absolutely the right move, can shift the timing of cash flows and change how loans behave. Under CECL’s forward-looking model, that timing shift can show up, even if only slightly, in lifetime expected loss estimates.

Now’s not the time to overthink it or overhaul allowance models, but it is worth considering. Track how much relief you’re providing, where your exposures lie, and consider how payment pauses could affect cash flow projections. Most of what I’m seeing is immaterial, but good bankers stay aware.

Leading with purpose and discipline

This is the balance we’ve always tried to strike in community banking – leading with purpose while staying grounded in sound credit discipline. You can take care of your people and still manage your risk well. Those two goals aren’t in conflict; in fact, they strengthen each other.

Shutdowns come and go. Relationships and reputations last. The way CFIs are showing up right now – fast, personal, and with genuine care – is exactly what separates this industry from the rest.

And if you’re wondering what the right move is in moments like this? You’re probably already doing it.

CECL software that offers documentation, exam confidence and time savings for key personnel.

CECL software

This article covers these key points: 

Why forward-looking lenders are expanding their credit risk data sources

As market dynamics and consumer behaviors continue to shift, financial institutions must remain agile to effectively assess creditworthiness and manage risk. 

This article was was co-authored by Robert Schmidt, Abrigo and Angela Sebestyen, Equifax

Lenders are increasingly adopting new approaches that provide deeper insights and enable more predictive, holistic credit decisioning strategies—for both consumer and commercial lending.

One area gaining momentum is the integration of alternative data sources and advanced analytics into credit risk scoring. These innovations are helping financial institutions broaden access to credit and improve lending outcomes in today’s evolving environment.

Pull credit reports seamlessly, all from one platform

Learn more about lending software

Unlocking deeper insights into creditworthiness

Modern credit risk scores can now go beyond traditional credit histories. For example, EquifaxⓇ has developed a multi-data score that combines 24 months of trended credit data along with alternative data sources, including telco, pay TV and utilities data reported directly from service providers, as well as the largest specialty finance database covering non-traditional lending history for 120 million borrowers. By incorporating this differentiated, alternative data into Abrigo's Sageworks credit decisioning, financial institutions can now leverage the advanced machine learning and robust data-driven models unique to Equifax, driving more nuanced and profitable lending decisions.

Versatility and key benefits for lenders

Modern, multi-data credit scores can be adapted to a lender's specific needs. Some of the ways institutions are using them include:

  • As a standalone credit score that combines traditional and alternative credit data
  • In conjunction with existing risk scores to enrich insights without duplicating data
  • As an input to custom models to improve predictive accuracy

This adaptability helps expand lending opportunities for underserved populations—including credit-invisible, thin-file, or credit-building consumers—based on proven non-credit payment records. The result is faster, more confident decisions and reduced application friction. These tools are particularly useful for unsecured loan products like credit cards, personal loans, and auto loans.

Proven performance and impact

Lenders using enhanced credit scores that blend traditional and alternative data have reported significant improvements in lending outcomes. For instance, some lenders using OneScore, from Equifax, improved hit rates and performance over traditional scores, with gains such as:

  • Up to 40% higher approval rates
  • Coverage of 97% of the market with expanded borrower visibility
  • Kolmogorov-Smirnov (KS) lift of up to 10% compared to traditional scores
  • 48% KS lift in short-term lending, 66% in lease-to-own, and 45% in subprime fintech lending when combined with traditional data

Although individual results may vary, these examples reflect the real-world advantages of using broader datasets and AI-powered scoring tools to identify risk and opportunity more precisely.

Going beyond the consumer

While consumer lending remains a core offering for many financial institutions, commercial lending has also grown more complex—and competitive. That’s why some institutions are now extending these advanced scoring capabilities to their commercial portfolios as well.

A commercial delinquency score using both financial and non-financial data, such as public records, firmographics, trended credit, and business owner credit history, can provide a more complete view of risk. This helps lenders identify the likelihood of a business becoming delinquent, even if the business is newer or has limited credit history.

Key benefits of commercial risk scoring

 Institutions using commercial credit scores that integrate alternative data and analytics have seen benefits such as:

  • Scoring more applications
  • Improved ability to predict default risk
  • Increased access to credit for small businesses
  • Flexible configurations using industry-specific scorecards based on NAICS or SIC codes

In today’s market, it’s increasingly important for lenders to be able to assess creditworthiness with confidence, speed, and fairness—whether they’re evaluating a first-time borrower or a growing business.

Meeting the moment with modern credit decisioning

Credit risk is evolving, and financial institutions that expand their data sources and leverage predictive scoring tools are better equipped to serve their communities and meet regulatory expectations. By integrating traditional credit data with robust alternative sources, institutions can make more inclusive, accurate, and timely lending decisions.

Whether evaluating consumers or small businesses, today’s forward-thinking lenders are embracing data-driven credit decisioning to stay ahead of risk and unlock opportunities for growth.

Learn more about the partnership between Equifax and Abrigo

Read more

Get ready to scale equipment financing operations by streamlining efforts

With momentum picking up in equipment finance, workflow automation helps financial institutions be ready to grow this book of business. 

Key topics covered in this post: 

Why automation matters now in equipment financing

The gears are turning again in the equipment finance sector.

The U.S. Bureau of Economic Analysis (BEA) reported 3.2% annualized growth in nonresidential equipment investment for Q2 2025, and Wells Fargo economists say business investment spending looks to have increased again in the third quarter. New business volumes at banks providing equipment financing grew in August at their fastest pace since March, and added $5.3 billion in September, according to the Equipment Leasing and Finance Association (ELFA).

Learn how to tap into the equipment financing opportunity in during this webinar.

Watch now

Yet across much of the industry, staffing levels remain flat. Many credit and lending leaders at equipment finance firms may soon face a widening gap between market opportunity and operational bandwidth.

Scatter plot of industry-specific momentum in equipment financing

Source: U.S. Equipment & Software Investment Momentum Monitor, Sept. 2025, ELFA

This familiar challenge of growing volume without growing overhead will require more than simply capital to fund new deals. It demands a shift toward efficient equipment finance: operationally lean, technologically enabled, and built to scale. Workflow automation helps firms scale with demand while protecting profitability.

Efficient financing operations matter to growth

Equipment finance, where both leases and loans are products, isn’t like traditional lending. The operational complexity, which includes residual value analysis, multi-party vendor programs, property and sales tax compliance, and asset-level tracking, adds complexity at every stage of the contract lifecycle from origination to asset disposition.

Firms with manual or siloed processes can face delays, compliance risks, and missed opportunities.

Meanwhile, borrower and equipment vendor expectations are evolving. They want faster decisions, seamless documentation, and real-time updates. Equipment financing companies that can’t deliver on these needs risk losing repeat business or falling behind more agile competitors, including fintechs and alternative lenders.

Efficient equipment finance firms can more easily scale, serve clients faster, and respond to market shifts without overextending their teams.

What efficient equipment finance looks like

What does it mean to be an efficient equipment finance operation?

At its core, an efficient equipment finance firm minimizes friction across the lease and loan lifecycle while maintaining full visibility and control.

That means an equipment financing firm that is firing on all cylinders will utilize:

  • Integrated systems that connect pricing, origination, credit, servicing, and accounting to manage the entire life cycle of a lease or loan from a single system, whether the products are small ticket, middle market, or large ticket.
  • Standardized workflows that reduce handoffs and eliminate duplication during pricing, transaction structuring, credit analysis, booking and funding and vendor/broker management
  • Automation of routine decisions and data entry
  • Real-time reporting and audit trails that simplify compliance and oversight, especially for lease and loan accounting
  • Flexible billing and asset management capabilities that support complex contracts and end-of-term scenarios

In short, an efficient equipment finance operation does more with the team it has without compromising credit quality, service levels, or regulatory compliance.

Embedded across operations, efficiency allows teams to shift their focus from processing paperwork to building relationships, growing vendor programs, and analyzing portfolio performance. The shift can drive long-term profitability and resilience.

According to industry reports, very few equipment finance firms fully automate underwriting capabilities, although the digital transformation of equipment lease financing companies and service providers is on a four-year upward trend. Those that still rely on manual processes for quoting, documentation, and even funding are at a competitive disadvantage because manual processes create vulnerabilities not just in productivity but also in the lessee/borrower experience.

Banks and independent financing firms that provide fast decisioning, seamless documentation, and rapid funding are the ones that win repeat business and market share.

How does workflow automation work within financing processes?

At firms using end-to-end lease and loan lifecycle systems like IFSLeaseWorks, workflow automation is how they’ve kept lean teams productive during periods of rapid growth.

One equipment finance firm using IFSLeaseWorks summed it up:

“Over the past few years, we've experienced significant growth, yet we've maintained a lean workforce thanks to the system's incredible efficiency,” said the firm’s VP of IT.

Efficient financing of equipment is possible because every stage of the process is automated and connected. From pricing and credit scoring to documentation and funding, the processes promote scalable growth. Here’s how:

  • Credit: Automated scorecards, external bureau data pulls, and credit algorithms allow credit teams to approve deals faster—without compromising underwriting standards.
  • Documentation: Rules-based engines produce contract packages ready for eSignature, cutting turnaround time and error rates.
  • Funding: Automated workflows ensure contracts are booked correctly the first time, reducing rework and improving compliance.

Together, these capabilities support an efficient equipment finance strategy that increases throughput without sacrificing control or compliance.

Automating equipment financing compounds ROI

The urgency behind workflow automation isn’t about limiting expenses. With traditional and alternative lenders expanding their digital presence and embedded finance gaining traction at the point of sale in other types of transactions, equipment finance firms face real competitive pressure.  

Even if processes like manual credit checks, emailed PDFs, and siloed contract management feel “good enough” today, they will likely become friction points tomorrow. Workflow automation helps remove that friction, particularly in high-volume or vendor-driven originations where timing and consistency matter most. By reducing data entry, handoffs, and lengthy decision timeframes, lean teams can process more deals faster, while delivering a modern experience for lessees, borrowers, and vendors. Equipment -finance automation is a strategic move that future-proofs the business.

In addition to saving time and creating happier customers and partners, an automated equipment finance operation also helps the organization with:

  • Risk reduction: Automated audit trails and compliance checks reduce manual errors and documentation gaps.
  • Improved analytics: Integrated platforms centralize data across contracts, assets, and vendors—giving executives better insight into profitability, risk exposure, and performance trends.
  • Stronger relationships: When account managers aren’t chasing paperwork, they’re building vendor and lessee/borrower relationships that lead to new opportunities.

The profitable growth without proportionate overhead allowed by automation is a strategic advantage in today’s margin-conscious environment.

How to identify the need for more efficiency

For credit and lending leaders evaluating whether to build a more efficient equipment finance operation, consider the following questions:

  • Where in our equipment loan/lease lifecycle are manual processes slowing us down or introducing risk?
  • How are we preparing for increased deal flow without expanding our team?
  • Are our systems and workflows scalable, or how will they limit our growth?
  • How fast can our vendors get a decision today? How fast do they need one?

When efficiency creates competitive equipment financing

With workflow automation, an equipment finance company’s operations can be a competitive advantage. And given the industry’s outlook, now is the time for firms ready to scale smarter to create that advantage. They’re unlikely to have the bandwidth to do so once demand increases. And industry leaders say that could be soon.

“Our latest CFI data indicates that equipment demand was strong at the end of the third quarter,” said Leigh Lytle, President and CEO at ELFA recently. “The current pace of new business volumes has put the industry on track for one of its best years ever.” Financial conditions also are healthy, with lower delinquency and loss rates in the latest data, she said.

“With the Fed resuming its easing cycle, I expect demand to remain strong and financial conditions to improve further. That will give the equipment finance industry a lot of momentum heading into 2026.”

Equipment finance industry experts have also said they expect some provisions of the “One Big Beautiful Bill Act,” such as 100% expensing and EBIDTA-based interest deductibility, to encourage equipment spending.

For equipment finance firms considering workflow automation, a delay could prove costly.

This article was was written with the assistance of ChatGPT, an AI large language model, and was reviewed and revised by Abrigo's subject-matter expert.

Expanding credit union member business lending? Learn about the common risk issues flagged by examiners.

Get the checklist
Blog

Online/digital account opening: A bridge and a moat

Read More
Webinar

Identifying emerging CRE risk: Red flags vs. red herrings | Credit risk series

Read More
Webinar

Navigating annual reviews: How should you approach them? | Credit risk series

Read More

Combat emerging ACH fraud threats with technology 

The shift toward digital banking and real-time payments has created new opportunities for innovation, but also for fraud. According to Nacha, the Automated Clearing House (ACH) network saw a 6.7% increase in payment volume to 33.6 billion payments in 2024, as well as an 11.6% increase in business-to-business (B2B) ACH payments. This growth, unfortunately, comes with increased risks of fraud.

According to the 2025 AFP Payments Fraud and Control Survey Report, 38% of organizations experienced ACH debit fraud in 2024, and 20% were victims of ACH credit fraud. ACH fraud threats are becoming more sophisticated, posing serious financial, regulatory, and reputational risks. Banks and credit unions need to recognize these risks early and ensure that appropriate controls, staffing, and technology are in place to mitigate them.

Understanding ACH fraud

ACH payments are a vital component of modern banking, providing efficient and cost-effective methods for transferring funds. However, as digital transactions increase in volume and speed, cybercriminals are becoming more opportunistic and more creative. Bad actors are increasingly targeting both business and consumer accounts through a variety of sophisticated methods, many of which can be challenging to detect using outdated monitoring approaches.

Learn more about Nacha's 2026 fraud monitoring rules

Read the whitepaper

Common tactics contributing to rising ACH fraud threats include:

  • Account takeover through phishing or malware: Fraudsters gain unauthorized access to online banking credentials through phishing emails, spoofed websites, or malicious software. Once inside, they can initiate unauthorized ACH transfers from compromised accounts. These takeovers are particularly dangerous because they often involve the legitimate account holder's information, making detection more difficult.
  • Ransomware: While often associated with data breaches, ransomware attacks are increasingly being used as a gateway to financial fraud. Once a system is compromised, fraudsters may divert ACH payroll files, modify payment instructions, or lock down critical banking applications, halting legitimate operations and demanding payment via ACH or wire.
  • Social engineering scams like romance scams: Criminals build fake online relationships to manipulate victims emotionally, often elderly or vulnerable individuals, into sending funds via ACH. These scams rely on trust and typically involve repeated transfers over time, making them harder to identify as fraud from a transaction pattern standpoint.
  • Business email compromise (BEC): Fraudsters infiltrate or spoof a company's email system to pose as executives, vendors, or employees. They then submit fraudulent ACH payment requests to finance teams or account managers, often under the guise of urgent matters. BEC attacks continue to be among the costliest forms of fraud, particularly for small and mid-sized businesses.
  • Synthetic identity fraud: In this scheme, fraudsters combine real and fictitious information to create entirely new identities, often opening accounts and building credit histories over time. These fake identities can then be used to initiate fraudulent ACH transactions, which are especially difficult to detect because the identities often appear legitimate in credit and identity verification systems.
  • Authorized push payment (APP) fraud: In APP schemes, victims are tricked into sending ACH payments to fraudsters under pretenses, such as paying an impersonated vendor, making a down payment on a fake real estate transaction, or responding to a fake invoice. Because payments are often authorized, recovering funds can be difficult, making real-time monitoring and intervention essential.

What makes ACH fraud especially challenging is that it often stems from valid credentials or seemingly authorized activity, allowing it to bypass traditional red flags that might catch fraud.

Why financial institutions must act

Regulators continue to signal that fraud prevention is no longer a best practice; it’s a critical component of a sound AML/CFT compliance program. Both the Financial Crimes Enforcement Network (FinCEN) and the Federal Financial Institutions Examination Council (FFIEC) have reinforced expectations for layered security controls, particularly around high-risk transactions like ACH and wire. The FFIEC’s guidance on authentication and access management calls for anomaly detection and behavior-based monitoring for electronic payments, while FinCEN has named fraud among its top AML/CFT priorities. With the introduction of real-time payment methods like FedNow, institutions must also be prepared to make rapid decisions about the legitimacy of incoming and outgoing transactions—making it even more important that fraud detection tools and processes are integrated into the institution’s broader risk-based compliance strategy.

Core technology for fighting ACH fraud

To combat modern ACH fraud threats effectively, institutions require scalable and intelligent fraud detection tools that surpass static, rules-based systems. Key features that support proactive protection include:

  • Real-time monitoring across payment channels: Institutions should implement solutions that evaluate transactions as they occur, identifying anomalies in ACH activity such as unusual transaction amounts, geographies, or timing.
  • Behavioral analytics and machine learning: Technology that understands normal customer behavior can more accurately flag deviations. This is especially valuable in catching fraud attempts that don't trigger traditional rules.
  • Cross-channel analysis: Fraud rarely confines itself to one payment method. Systems should be able to analyze ACH activity in conjunction with wires, checks, and digital payments to detect broader fraud patterns.
  • Collaboration and escalation tools: The ability to flag suspicious accounts, automate escalations, and collaborate across AML and fraud teams helps reduce investigation time and improve case outcomes.

Building a holistic fraud program

ACH fraud threats don't exist in a vacuum. These threats intersect with broader fraud schemes, regulatory obligations, and customer service expectations. That's why a strong ACH fraud prevention program should be integrated with your institution's overall AML/CFT strategy. For most financial institutions, this means:

Technology alone won't eliminate fraud, but when combined with a well-resourced compliance program, it allows institutions to manage risk more effectively and respond with agility to emerging threats.

Staying ahead of ACH fraud threats

ACH fraud is not slowing down. As payment systems evolve, so do the methods used to exploit them. Criminals are adapting quickly, especially with the growing use of faster payments, leaving financial institutions with less time to detect and respond to suspicious activity. Staying ahead of these threats means more than just updating policies. It requires evaluating whether your current systems, staffing, and monitoring tools are equipped for today’s risks.

Institutions should take a risk-based approach by reviewing fraud detection capabilities, reassessing ACH-related controls, and ensuring teams are supported with the technology and training needed to act quickly.  Being proactive now helps avoid costly disruptions later and reinforces your commitment to protecting your clients and your institution.

Get a free AI readiness checklist and other resources on Abrigo's AI Hub.

AI resources for bankers
Blog

Fraud prevention and detection: Empowering clients through education

Read More
Blog

Why boosting your check fraud prevention is worth the effort

Read More
Whitepaper

5 Ways financial institutions can prepare for FedNow

Read More

This article covers these key points: 

Regulatory changes provide a reason to shift from overly defensive postures

The new regulatory environment is a chance for community banks to reclaim market share. Five steps bank boards should consider right now. 

Regulatory momentum is building

At the Federal Reserve’s recent Community Bank Conference, one line of Treasury Secretary Scott Bessent’s reported remarks jumped out to me: it’s time for community banks to “go on the offense.”

That statement summed up what many of us in the industry have been thinking for a while. For years, community banks have been playing defense, navigating an ever-growing list of regulations, absorbing rising costs, and competing against institutions with far greater scale and resources.

Hearing Bessent’s message, paired with genuine signs that Washington may finally be ready to reexamine how those rules impact smaller institutions, felt both refreshing and overdue. This could be the start of something meaningful.

Expedite ROI and technology adoption. Access change management help.

Connect with an expert

An opening for a different approach

What stood out to me wasn’t just Bessent’s energy, but the substance behind it. Federal Reserve Vice Chair for Supervision Michelle Bowman reinforced the same theme: regulation should match the real risk profile of community banks, not the scale of megabanks.

That message has been missing for too long.

The conversation is starting to move toward right-sized supervision, with potential reviews of the Community Bank Leverage Ratio, clarity around what truly constitutes “unsafe or unsound” practices, and early steps toward streamlining anti-money laundering (AML) and reporting burdens. Regulators even seem open to addressing outdated core vendor contracts that some financial institutions say have limited their flexibility and innovation for years.

For community bankers, this environment is a real opening to do things differently.

Why bankers should act now

Community banks have always been the financial backbone of local economies. But the reality is, the ecosystem of financial institutions has been shrinking, through consolidation, cost pressure, and competitive encroachment from fintechs and non-bank financial institutions that play by different rules.

For years, the strategy of many community banks has been survival: comply, consolidate, or get creative.

Now, these institutions have an opportunity to do more than survive. If the tone coming from Washington holds and results in action, community banks will want to take the initiative–to invest, expand, and reclaim market share in the ways only community institutions can.

How community banks can play offense intentionally 

If I were sitting with a bank’s leadership team today, here’s what I’d challenge them to think about:

  1. Revisit your regulatory posture.

Don’t wait for reform to be finalized. Start mapping how changes to capital ratios, exam expectations, or AML guidance could impact your balance sheet and growth capacity. Position yourself ahead of the curve.

  1. Modernize your technology stack.

Technology is more about relevance than efficiency, given the competitive environment. In fact, Bessent said the community banks “that make it through the next 10 years will have embraced technology.” Evaluate where automation, analytics, or new integrations could free up capacity and create better customer experiences or increase staff ability to focus on insights, not inputs. For example, many banks are now pairing credit risk analysis and allowance modeling within unified systems, rather than juggling spreadsheets and disconnected tools or systems.

And if your core vendor is slowing you down, this might finally be the time to renegotiate.

  1. Pursue focused growth.

Identify and lean into what you do best: relationships and local insight. Whether tied to small business, ag lending, or a new niche, use data to identify where you can win. Growth without focus is a risk. Growth with focus is power.

  1. Strengthen compliance through modernization.

Community banks take seriously the importance of discipline and compliance. But compliance can be smarter. At Abrigo, we see more banks integrating risk rating, stress testing, and concentration management into their CECL and portfolio analytics workflows, not as regulatory checkboxes, but as tools for stronger decision-making.

Automate the routine tasks, align processes to material risk, and prepare your teams for evolving threats like cyber and AI-related fraud.

  1. Tell your story.

Now is the time to remind your communities and policymakers why community banking matters. Be visible, be vocal, and help shape the conversation about what “right-sized” really looks like.

Keep perspective

I’ve spent much of my career working with community banks through periods of dramatic change. And one thing I’ve learned is that the ones that thrive are those that prepare while others wait.

If this new regulatory era does take shape, those who have already aligned capital, compliance, and technology around a clear strategy will be the ones defining the future rather than reacting to it.

At Abrigo, our team is helping banks define their future. By combining data, credit risk modeling, and portfolio management tools with strategic banking advisory services, institutions are strengthening their earnings and readiness.

We all understand that even with momentum, reform doesn’t happen overnight. And political shifts can occur quickly. In addition, field exam consistency often lags behind new guidance. And yes, modernization brings its own risks (e.g.; vendor challenges, cyber concerns, execution pressure, etc.).

But for the first time in a long time, the tone from the top isn’t “hold the line.” It’s “move forward wisely.”

That’s a message every community banker can rally around.

The opportunity is real. The timing is right.

It’s time to go on offense.

See how Integro Bank advanced its allowance model with help from Abrigo.

Read more

This article covers these financial crime threats:

  • Deepfakes
  • Sextortion
  • Pig butchering scams
  • Cartels as terrorist organizations
  • Chinese money laundering organizations
  • Cryptocurrency theft
  • Human trafficking and human smuggling

Considerations for compliance teams

Financial crime won't slow down in 2026. Criminals are using advanced technology to make their schemes more challenging to detect. From deepfakes and crypto scams to human trafficking and organized crime networks, new tactics are surfacing every day. For compliance teams, this means it’s not enough to rely solely on traditional transaction monitoring.

Building smarter defenses

Criminals may be creative, but financial institutions are resilient. Compliance teams across the country are adapting quickly, using data, technology, and collaboration within their organizations to strengthen AML/CFT programs. The key is to understand which threats are most active right now and how they continue to evolve.

Modern tools, such as AI-driven analytics and real-time payment screening, can help institutions detect suspicious activity more quickly and accurately. However, technology is only part of the solution. Staying ahead of today’s AML/CFT threats also requires ongoing staff training and a strong culture of compliance. Every team member must understand their role in protecting the institution and its clients.

Staying on top of fraud is a full-time job. Let our Advisory Services team help when you need it.

Connect with an expert

Here are some of the most pressing AML/CFT threats facing financial institutions in 2026:

  • Deepfakes: Advancements in AI have made it easier than ever to create realistic fake audio and video content. Criminals are using these tools to impersonate executives, government officials, or even clients to defraud financial institutions. A convincing deepfake video call or voice message can be used to authorize fraudulent wire transfers, bypass identity verification, or pressure staff into releasing funds.
  • Sextortion: This scheme preys on its victim’s fear and embarrassment. Criminals use social media, email, or dating apps to trick victims, both young and old, into sharing compromising photos or information. Once they have it, the criminals demand payment, often through wire transfers, prepaid cards, or cryptocurrency, to keep the material private. These cases are not only emotionally devastating for victims but also create opportunities for money laundering as criminals move the proceeds through layered accounts.
  • Pig butchering scams: Despite the unusual name, this fraud has become alarmingly common. Fraudsters build trust with victims over weeks or even months, often through dating sites or messaging apps. Once a relationship is established, they persuade victims to invest in fake cryptocurrency platforms or other fraudulent opportunities. The “investment” usually shows early gains to keep the victim engaged, but eventually the funds disappear. These scams can result in significant financial losses, and the stolen funds are frequently laundered through complex networks of accounts and digital assets.
  • Cartels as terrorist organizations: Drug cartels' growing ties to violence, corruption, and transnational networks have prompted new attention from U.S. authorities. The Office of Foreign Assets Control (OFAC) continues to designate major cartels and their leaders under the Foreign Narcotics Kingpin Designation Act (Kingpin Act), freezing assets and prohibiting U.S. persons from engaging in transactions with them. Policymakers have pushed for even stronger measures, classifying certain cartels as Foreign Terrorist Organizations (FTOs), most notably those based in Venezuela. While not all cartels have been officially designated as FTOs, this shift signals a higher level of scrutiny and a stronger expectation for financial institutions to identify and report cartel-linked activity. For compliance teams, these developments create new challenges. Transactions tied to drug trafficking, precursor chemicals, or regions under cartel control may carry both sanctions and terrorism-financing risks. Institutions with customers or counterparties in high-risk geographies, especially near the U.S.–Mexico border, should ensure their sanctions screening systems and risk assessments reflect OFAC’s Kingpin Act designations and any related advisories from FinCEN.
  • Chinese money laundering organizations: FinCEN has issued an advisory on these organizations’ methods and red flags to look for. These highly sophisticated networks often operate globally, using networks of shell companies, trade-based money laundering, and professional money laundering organizations to disguise the origin of illicit funds. In recent years, these groups have also leveraged cryptocurrency exchanges, underground banking systems, and casinos to move funds tied to fraud, drug trafficking, and human smuggling. FinCEN has highlighted how Chinese syndicates play a central role in laundering proceeds from the fentanyl trade. Due to their scale and cross-border reach, these organizations pose a significant AML/CFT emerging threat to community financial institutions that may unknowingly process their transactions. Financial institutions should monitor for FinCEN-identified red flags, including unusual cross-border transactions, shell or front companies with unclear purposes, and cryptocurrency activity linked to known laundering hubs. Watch for transactions connected to high-risk industries, such as chemicals, casinos, or import/export businesses.
  • Crypto theft and state-linked activity: This threat refers to organized, state-sponsored cybercrime groups, most notably those from North Korea, which conduct large-scale thefts of cryptocurrency to fund their government’s activities. These groups target decentralized finance (DeFi) platforms, cryptocurrency exchanges, and even individuals with weak security controls. When successful, they steal millions, sometimes hundreds of millions, of dollars’ worth of digital assets. The stolen crypto is then laundered through complex chains of wallets, mixers, and exchanges to obscure its origin before it’s converted to usable currency. Because these transactions occur outside the traditional banking system, they often evade standard AML monitoring. The U.S. Treasury Department has warned that this type of activity not only threatens financial stability but also contributes to sanctions evasion and the development of weapons. For financial institutions, heightened vigilance around crypto-related transactions, unfamiliar counterparties, and sudden large transfers remains critical to identifying potential links to these state-backed theft operations.
  • Human trafficking and human smuggling: Despite growing awareness and stronger regulations, human trafficking and human smuggling remain persistent and profitable crimes, leading FinCEN to designate these crimes together as one of the FinCEN National Priorities. Traffickers and smugglers continue to adapt their methods, using legitimate-looking businesses, such as restaurants, nail salons, cleaning services, or agriculture operations, to disguise the movement of illicit funds. FinCEN’s advisories note that these networks often rely on funnel accounts, cash-intensive businesses, and layered transactions to move proceeds through the U.S. financial system. According to FinCEN (Advisory FIN-2020-A008), financial institutions play a critical role in identifying and reporting these crimes. Traffickers and smugglers may co-mingle funds with lawful business revenue or use third parties to conduct transactions that appear routine. International wires, small-dollar deposits across multiple branches, and frequent payments to transportation or travel-related companies can all be indicators of activity tied to human exploitation. FinCEN also highlights that human smuggling operations frequently overlap with other financial crimes, such as drug trafficking or document fraud. These networks are fast-moving, transnational, and adept at exploiting gaps in monitoring systems, especially when institutions lack coordinated detection or updated risk models.

Strengthening detection with innovation

Technology continues to reshape how compliance teams fight financial crime. Instead of adding more work, today’s tools make detection faster and investigations more effective. AI-driven analytics are helping institutions focus on truly suspicious activity, while real-time payment controls like FedNow’s “accept without post” feature give teams critical time to review questionable transactions before funds move. Combined with stronger identity verification measures, these innovations give compliance professionals clearer insight into criminal behavior and help them act quickly when something doesn’t look right.

Collaborate to reduce risk

Fighting financial crime is a team effort. Banks and credit unions don’t have to face it on their own. Programs like FinCEN’s 314(b) information sharing, public-private partnerships, and advancements in secure technology all help institutions strengthen their AML/CFT programs and stay a step ahead of criminals.

When compliance teams combine shared intelligence with modern tools, they can:

  • Spot new criminal patterns sooner
  • Fine-tune detection models as risks change
  • Prepare staff to recognize real-world red flags
  • Stay ready for evolving AML/CFT requirements

Collaboration isn’t only helpful, it’s becoming essential. As financial crime becomes increasingly complex and interconnected, working smarter together helps protect both institutions and the communities they serve.

Next steps

The future of AML/CFT isn’t about doing more; it’s about working smarter. As we move toward 2026, now is the time to make sure your institution has the right people, processes, and technology in place. The right tools and a well-trained team can strengthen your defenses without losing what makes your institution special: the personal relationships and trust you’ve built with your clients.

Financial crime will continue to evolve in 2026, but so will we. By staying proactive, embracing innovation, and keeping compliance at the core of your mission, banks and credit unions can continue to protect their communities and move forward with confidence.

Find out how Abrigo Fraud Detection stops check fraud in its tracks.

Fraud detection software
two people reviewing financials on a tablet

"The sky is falling!!" What credit risk managers should do

Financial institutions don't need to panic in the wake of recent headlines about credit risk. Instead, review credit risk ratings and strengthen loan review to ensure sound risk management. 

A modern "Chicken Little" moment

When I was a kid, one of the stories that stuck with me was Chicken Little. After being hit on the head by an acorn, Chicken Little panics, shouting, “The sky is falling!” As he runs to warn others, each animal he meets joins in the chorus – until the whole group runs across a fox who offers his den for protection, which they gladly accept. The next morning, the only one left is a very full fox. (This is the traditional folk tale version, mind you, not the Disney animated film.)

The moral is clear: don’t jump to conclusions or spread panic based on incomplete information.

 

Strengthen credit analysis to manage exposure in dynamic business cycles.

Watch webinar

I recently read articles in both the Financial Times and the Wall Street Journal that sounded a lot like Chicken Little’s cries – this time about the U.S. banking system. The focus? Two isolated fraud cases at Western Alliance and Zions. CNBC even ran the headline: “This is not another Silicon Valley Bank: Traders bet these loan issues are not systemic.”

Really?

While it is understandable that there is concern over the cases of alleged large-dollar fraud (in the neighborhood of $140 million), the fact remains that these are loans made by two banks to the same borrower group that—at a full loss—represent less than 2% of capital for either bank. These are isolated situations, not systemic failures.

But in the words often attributed to Winston Churchill, “Never let a good crisis go to waste.” So instead of wringing our hands, what can financial institutions learn from this moment? I see two opportunities.

1. Rethink credit risk ratings

Most credit risk rating frameworks include a qualitative factor for the borrower’s “management.” Too often, the description of this factor is a vague label like “strong,” “adequate,” or “weak.” Let’s be honest – if management is “weak,” that’s not a rating. That’s a reason to say no.

A better approach is to evaluate governance rather than personality:

  • Is it a one-person operation or a team with independent oversight?
  • Are internal controls modern and robust, or is a single person still running the books using ledger paper or Excel files?
  • Are responsibilities and authorizations properly segregated to prevent fraud?

The same scrutiny should apply to how the institution governs its own transactions with borrowers:

  • Are multiple lenders involved in similar lending types?
  • Is there an intercreditor agreement in place?
  • Are collateral rights clearly defined in a default scenario?

Weak governance increases inherent risk and should be reflected in the risk rating. Institutions that adjust either governance factor downward as overall risk rises will get a truer picture of exposure.

More efficient loan review can help you gain deeper insights

Loan review software

2. Strengthen loan review

In my decades of experience in all aspects of commercial banking, fraud usually falls into two categories:

1. Bad actors from the start, or
2. Good people who make bad choices under stress.

The first tends to surface quickly; the second evolves as conditions deteriorate. An institution’s loan review group won’t always catch fraud directly, but it can and should highlight warning signs.

Some areas to focus on:

  • Borrower governance: As covered above.
    Institutional governance: Repeated issues within specific lending segments (like construction or asset-based lending) may point to deeper problems.
  • Financial analysis: Watch for inconsistent cutoff dates, unexplained intercompany transactions, unrealistic projections, and “too-good-to-be-true” turnarounds.
  • Loan activity: Review utilization trends on lines of credit over 12–36 months. Investigate sudden changes. Run UCC-11 searches for overlapping collateral filings—especially on inventory. Even if it’s not fraud, multiple claims can cause liquidation chaos.

Loan review’s job isn’t to fix these issues, but it is responsible for identifying them and adjusting risk ratings accordingly. (That’s why “Special Mention” exists, after all.)

 

Noise doesn’t equal crisis

The lesson from Chicken Little still applies: don’t confuse noise for crisis. Sensational headlines may grab attention, but sound risk management depends on analysis, governance, and discipline – not panic.

Abrigo helps financial institutions stay grounded in data, governance, and sound analysis rather than headlines. We also have loan review solutions that help credit risk management professionals do their jobs more efficiently so they have more time for deep analysis. Reach out to our Advisory Services team to learn more, or visit Abrigo.com to explore solutions that help financial institutions manage risk and drive growth.

AI poses 3 main cybersecurity risks to banks & credit unions

Understand the specific AI-related risks and take action now to mitigate cybersecurity threats at your bank or credit union. Key topics covered in this post:   
This blog was rewritten and updated to reflect recent threats and trends.

AI can enhance operations and add risks

As artificial intelligence becomes more embedded in financial institutions’ daily operations, cybersecurity is both urgent and complex. AI offers enhanced capabilities for threat detection and incident response, but it also introduces new opportunities for cybercriminals to exploit cybersecurity vulnerabilities at a greater scale and speed.

This Cybersecurity Awareness Month is a good reminder for banks and credit unions to understand specific cybersecurity risks associated with AI so they can manage and mitigate them. Many mitigation strategies require applying the same fundamentals of diligence, oversight, and employee training to AI tools that institutions apply to other technology in their environment. Even so, financial institutions need to evaluate how AI fits into existing cybersecurity frameworks, reassessing the testing and oversight needed to protect data, evaluate vendors, and stay exam ready.

Watch the on-demand webinar, "Navigating AI risks: Policies, vendors, and compliance."

Watch now

What are the cybersecurity risks of AI?

Three main cybersecurity risks are associated with AI, according to a 2024 letter by the New York State Department of Financial Services (DFS) to the banking industry:

  • AI-enabled social engineering: AI has amplified traditional social engineering attacks, such as phishing. It can generate realistic audio, video, and text deep fakes that are highly personalized and sophisticated, making fraudulent activity appear alarmingly legitimate.
  • Faster and more advanced cyberattacks: Cybercriminals can use AI to scan and analyze vast amounts of data quickly, identifying and exploiting security vulnerabilities more efficiently than ever before. They can conduct reconnaissance, deploy malware, and exfiltrate nonpublic information (NPI) at an unprecedented rate.
  • Data misuse or theft involving sensitive information: The large datasets (often including NPI from institutional or customer data) used in AI models themselves represent new cybersecurity exposure. Threat actors are incentivized to target entities with substantial amounts of information, increasing the risk of data breaches.

Even though each of these risks is an extension of existing risks, they can undermine customer trust and institutional resilience, so the DFS letter’s messaging to state-regulated entities is nevertheless relevant for banks and credit unions across the country. 

Risk mitigation with data management & planning

Financial institutions must treat AI not as an isolated innovation but as another layer of their cybersecurity environment that needs to be tested, documented, and governed.

Data encryption and management, risk assessment, response planning, and vendor due diligence are among the areas financial institutions should focus on when it comes to protecting against AI-related risks. Financial institutions will want to:

1. Revisit data management and encryption efforts

Central to protecting any kind of data financial institutions have in their systems is encryption of data both at rest and in transit. Encryption is vital to preventing unauthorized access and maintaining confidentiality, so financial institutions should verify encryption practices, irrespective of whether AI is in scope. Similarly, financial institutions should regularly assess security, privacy, and cyber resiliency as part of ongoing efforts to safeguard sensitive information, regardless of whether it is tied to AI models and tools. Technical controls and data governance are vital.

2. Update risk assessments, policies, and incident response plans

Institutions’ risk assessments should identify potential AI-related threats and implement appropriate controls. This includes regular reviews and updates to security policies and procedures. As AI tools are introduced, they need to be integrated into your institution’s cybersecurity and incident response plans. Review your current policies and determine whether they cover AI-related incidents, such as compromised models or data misuse.

If an AI model used for customer service were manipulated or “poisoned,” for example, your response plan should outline how to isolate it, communicate with affected parties, and analyze the event. Institutions should also consider how to maintain essential operations while that model is taken offline.

Board and senior management oversight are critical to these updates. Regular briefings on AI initiatives, ideally quarterly, help ensure that the use of AI aligns with the institution’s broader strategy and risk appetite. These discussions should include the results of any AI testing or model assessments, reinforcing accountability and transparency.

AI risk requires vendor due diligence & training

3. Strengthen due diligence and vendor oversight

For many institutions, AI arrives through third-party vendors. That means the focus should be on understanding how those tools are built and how they’re secured before implementation. The institution can offload implementation but not risk ownership.

When assessing AI vendors, request details about the specific models used and the data on which they were trained. If you’re using a large language model (LLM), ask whether training is ongoing and what safeguards exist for issues like prompt injection and hallucinations. Vendor contracts should reflect these considerations and include:

  • Disclosure of the model type and its training parameters
  • Limitations on using your institution’s data for further training
  • AI-specific security reporting
  • Prohibitions against sharing data with public or fourth-party models

You should also request results from AI-specific penetration testing, ideally following the OWASP Top 10 for LLMs, performed by qualified, independent assessors. That testing provides confidence that vendors are applying recognized security standards to their AI systems. Due diligence should be refreshed regularly, and of course, everything should be documented.

4. Expand training and ensure collaboration

Employees remain a key line of defense against cyber threats, and training should evolve alongside technology. Updating annual cybersecurity awareness programs to include examples of AI-driven phishing or deep-fake impersonations can make a real difference.

AI governance is also about collaboration. IT, compliance, audit, and risk management functions should work together to assess AI use cases and ensure controls are applied consistently. Internal audits can help verify that documentation, contracts, and policies are keeping pace with technology. Some institutions even run mock audits focused on AI governance to prepare for future regulatory exams.

5. Stay connected to peers and regulatory developments

The AI threat environment changes quickly. Staying connected to peers and industry organizations helps institutions remain informed and proactive. Groups such as FS-ISAC, RMA (now ProSight), and the ABA regularly share emerging threat information and best practices.

Monitoring regulatory updates is equally important. Even when guidance originates at the state level, such as from the DFS, it can offer useful direction for developing internal frameworks and ensuring readiness for broader oversight.

6. Balance innovation with security discipline

AI can enhance defenses when deployed carefully. Many vendors are now embedding AI into their existing cybersecurity tools, improving anomaly detection and response times. Institutions should evaluate these enhancements through the same lens as any other vendor solution: documentation, testing, and clear accountability.

Every new technology introduces risk. The institutions that will benefit most from AI are those that apply discipline and rigor to its adoption, verifying controls, maintaining strong governance, and documenting every step.

A structured approach for long-term success

AI is not a passing trend. It is another evolution in how financial institutions operate and protect themselves. By incorporating AI into existing cybersecurity frameworks through vendor management, board oversight, and ongoing education, institutions can stay secure while adapting to technological change and maintaining the trust of their customers, members, and regulators.

Get a free AI readiness checklist and other resources on Abrigo's AI Hub.

AI resources for bankers

Steps to a successful SAR

In the world of anti-money laundering and countering the financing of terrorism (AML/CFT), few activities carry more regulatory weight than filing a suspicious activity report (SAR). But filing a SAR isn’t the final chapter—it’s one of many critical SAR process steps that financial institutions must execute consistently and defensibly.

Understanding the complete lifecycle of a SAR can help your institution strengthen compliance, improve reporting outcomes, and support law enforcement in identifying and preventing financial crime. From the initial alert to post-filing analysis, each step of the SAR process carries its own importance and regulatory expectations.

5 key takeaways for the SAR process

  • A SAR is more than paperwork: It’s a piece of financial intelligence that can help law enforcement disrupt criminal activity.
  • SAR process steps matter: Regulators expect each step—from alert to closure—to be clearly documented and repeatable.
  • Narrative quality impacts utility: Clear, well-structured reports make SARs actionable.
  • Filing isn’t the finish line: Institutions must reassess customer relationships and incorporate findings into risk assessments.
  • Effective SARs protect communities: By following strong processes, institutions safeguard more than just compliance—they protect the financial system and public trust.

Check out this SAR writing checklist for essential elements of a compelling SAR narrative.

Download

Step 1: Spotting red flags that initiate the SAR process

The SAR journey begins with a red flag—anomalous behavior or transaction patterns that suggest suspicious activity. Common examples include:

  • Structuring deposits to avoid currency transaction reports (CTRs)
  • Wire transfers inconsistent with the customer’s business profile
  • Rapid activity in dormant or low-volume accounts
  • Reluctance to provide required identification
  • Sudden shifts in geography or transaction type

Automated monitoring systems, particularly those enhanced by artificial intelligence, help institutions detect these red flags efficiently. Still, even the most advanced system can’t replace skilled staff. Institutions must train employees to recognize and escalate concerns without prematurely dismissing key indicators.

Step 2: Conducting a defensible investigation

Once a red flag is identified, compliance teams begin the next SAR process step: investigation. This involves gathering evidence, reviewing customer history, evaluating transaction context, and determining whether a SAR filing is warranted.

With real-time payment platforms like FedNow increasing alert volume and urgency, investigators are under pressure to work quickly without sacrificing quality. Institutions can optimize this step by:

  • Regularly tuning monitoring rules to reflect emerging typologies
  • Using robust case management systems to centralize documentation
  • Cross-training teams to ensure redundancy
  • Conducting AML staffing assessments to keep workloads manageable

The key is ensuring each investigation is both thorough and defensible—able to withstand examiner scrutiny at any time.

Step 3: Writing and filing a strong SAR

If the investigation results in reasonable suspicion, the institution has 30 calendar days to file a SAR—or 60 days if no suspect is identified. But meeting the deadline is only part of the requirement. The narrative must be useful to law enforcement.

Best practices for this step of the SAR process include:

  • Clearly answering the who, what, when, where, why, and how
  • Including specific transaction details (amounts, accounts, dates)
  • Avoiding acronyms or codes that aren’t widely understood
  • Using plain, professional language to improve clarity

Templates may help standardize formatting, but no two SARs are alike. Each narrative should be tailored to the facts of the case and reviewed for accuracy and completeness.

Step 4: Monitoring SARs after filing

Filing a SAR doesn’t close the case. Examiners often look closely at how institutions manage SARs after submission. Effective post-filing SAR process steps include:

  • Documenting the full investigative timeline and decision-making process
  • Showing evidence of supervisory reviews or escalations to the BSA Officer
  • Reassessing the customer relationship, including risk rating updates or account closure

SAR trends—whether based on volume, type, or customer geography—should feed back into your institution’s AML/CFT risk assessments. For example, multiple SARs tied to the same customer may point to a systemic vulnerability that needs to be addressed across lines of business.

Step 5: Using SARs to strengthen compliance and national security

The final SAR process step is often overlooked: leveraging SARs as a tool to enhance overall risk management and support law enforcement. A single well-filed SAR could play a pivotal role in investigations into human trafficking, elder exploitation, or terrorism financing.

Financial institutions can take steps to ensure SARs serve their broader compliance goals by:

  • Training investigators on emerging fraud and AML typologies
  • Incorporating SAR trends into enterprise risk frameworks
  • Leveraging advisory services during periods of high alert volume
  • Reassessing the effectiveness of current AML software and processes

Make each SAR step count

Every SAR tells a story, and every step in the SAR process helps ensure that story reaches the right audience, at the right time, in the right way. Whether your institution files ten SARs a month or a hundred, understanding and refining the SAR process steps can help support a safer financial ecosystem.

Would you like other articles like this in your inbox?

Blog

AML/CFT hot topics: Are you regulator ready?

Read More
Blog

5 reasons your financial institution should attend the ThinkBIG 2024 conference

Read More
Blog

FedNow fraud prevention for credit unions: A guide for AML, fraud teams

Read More

Understanding stablecoins and their purpose

Stablecoins are digital assets designed to maintain a consistent value, often by pegging their price to a fiat currency like the U.S. dollar. By reducing the volatility typically associated with digital assets, stablecoins offer a bridge between traditional finance and cryptocurrency.

There are three primary types of stablecoins, each with its own structure and risk considerations:

  1. Fiat-backed (collateralized)

These are the most common type of stablecoin. Each token is backed 1:1 by fiat currency or short-term government debt, with reserves typically held in regulated financial institutions. Transparency and regular audits are key components of trust in this model.

Examples: USDC, USDT (Tether), TrueUSD
Key traits:

  • Simple to understand and widely used
  • Considered lower risk, though reliant on issuer compliance and reserve verification
  1. Crypto-backed

Backed by other cryptocurrencies such as ETH, these stablecoins are often over-collateralized to account for the price volatility of the underlying assets. Collateral is held in smart contracts rather than traditional banks.

Examples: DAI, sUSD
Key traits:

  • Decentralized structure
  • Increased complexity and risk due to market volatility and smart contract exposure
  1. Algorithmic (non-collateralized)

These stablecoins use code, not reserves, to maintain price stability. Algorithms automatically expand or contract token supply based on market conditions. While the goal is price stability, this model remains largely experimental.

Examples: Frax (partially algorithmic), TerraUSD (defunct)
Key traits:

  • Offer decentralization
  • High risk and prone to failure during periods of stress

Other models to be aware of:

  • Commodity-backed: Pegged to assets like gold (e.g., Pax Gold)
  • Hybrid models: Combine multiple elements from the categories above to balance stability and decentralization

Understanding these categories can help financial institutions assess which stablecoins, if any, align with their risk tolerance, regulatory obligations, and long-term strategy.

Why financial institutions should care

Stablecoin’s steady value makes it a more practical option for everyday transactions than other cryptocurrencies, which are known for volatility. It combines the efficiency of blockchain technology, such as rapid settlement and lower transaction costs, with the financial stability that businesses and consumers expect from a medium of exchange.

In a historic move, the Senate Banking Committee recently passed a bipartisan stablecoin bill, known as the GENIUS Act. Signed into law in July, this law sets guidelines for stablecoin issuers and could make stablecoins common for digital payments and investments.

The legislation introduces a plan for regulating stablecoin use, requiring 1:1 backing in cash or U.S. Treasuries and giving the Federal Reserve supervisory authority over large issuers. State regulators would oversee smaller issuers, preserving their role in overseeing regional financial institutions. This legislation is the most concrete sign yet that policymakers are preparing to bring stablecoins into mainstream payments, and compliance expectations are quickly materializing.

Stablecoin has the ability to offer faster settlement, greater accessibility, and new customer engagement opportunities. Examples include cross-border transfers, payroll, merchant payments, and decentralized (DeFi) platforms. With acceptance on the rise, financial institutions should understand how these products may intersect with their operations and risks, particularly in payments and compliance.

Risks and opportunities for financial institutions

Stablecoin has emerged as a key focus in the digital asset space, offering a less volatile alternative to traditional cryptocurrencies. The stablecoin market grew to approximately $159 billion in 2024 and has surged to more than $255 billion this year. With U.S. lawmakers signaling support and growing adoption across both consumer and institutional channels, now is the time for financial institutions to assess how stablecoins could impact their digital payment strategies.

Connect with an expert

FinCEN guidance on Stablecoin regulation

The Financial Crimes Enforcement Network (FinCEN) considers stablecoin a type of convertible virtual currency (CVC). As such, any financial institution facilitating stablecoin transactions must comply with Bank Secrecy Act (BSA) requirements and implement anti-money laundering/countering the financing of terrorism (AML/CFT) measures. This includes customer due diligence, suspicious activity reporting, and transaction monitoring.

Fraud guidance

In its guidance, FinCEN has warned that digital assets, stable or not, can still be exploited for money laundering, sanctions evasion, and fraud. Financial institutions must be prepared to identify and mitigate these risks, particularly as digital payment methods become more integrated with traditional banking.

Key risks financial institutions should consider

As stablecoins move closer to mainstream use, they bring new risks that banks and credit unions must be ready to manage:

Liquidity pressure during high redemptions

Even stablecoins that are fully backed by reserves can face problems if customers lose confidence and try to cash out all at once. This kind of “run” can create short-term cash flow challenges for institutions holding or processing these assets.

Risk tied to third-party partners

Working with outside stablecoin issuers or fintech providers means relying on their financial health and operational practices. Institutions should carefully vet these partners and have clear agreements in place about who is responsible for safeguarding assets, processing redemptions, and managing risks.

Compliance uncertainty and reputation concerns

The rules around stablecoins are still developing. Moving too fast, or not fast enough, can put a financial institution at risk. Engaging in stablecoin activities without a strong compliance program could lead to regulatory issues or damage customer trust.

Challenges detecting financial crime

Some stablecoin transactions are harder to trace than traditional payments. Without the right tools and processes, institutions might miss signs of suspicious activity. To stay compliant, AML and fraud monitoring programs should be able to track and evaluate blockchain-based transactions effectively.

Stablecoin carries many of the same risks as other financial instruments, plus some new ones. From AML/CFT compliance to liquidity planning, community financial institutions must treat stablecoin not just as a trend, but as a potential risk area that should be analyzed and managed.

What financial institutions should do now

Financial institutions have an opportunity to proactively position themselves as innovators and trusted providers of secure digital services. Whether or not your institution is engaging directly with stablecoin, these actions will help strengthen your position:

  1. Reassess your AML/CFT program: Ensure your risk assessment and AML/CFT compliance program can monitor for stablecoin risks, including identifying typologies related to stablecoin transactions.
  2. Monitor federal and state developments: Stay informed on legislative updates, particularly as the Senate bill advances. Look for guidance from FinCEN, the OCC, the NCUA, and the Federal Reserve on expectations for banks and credit unions.
  3. Engage internal stakeholders: Involve compliance, risk management, IT, and product development teams early. The more coordinated your approach, the better equipped you’ll be to assess opportunities and risks.
  4. Build fintech risk assessment processes: If partnering with a fintech or stablecoin issuer, apply enhanced due diligence measures and ensure service-level agreements clearly define responsibilities around compliance, custody, and data security.
  5. Educate your customers and your board: Help board members, executives, and customers understand how stablecoins work and the steps your institution is taking to protect their funds and data.

Looking ahead: Stability through preparation

Stablecoins have the potential to change how money moves, but they also bring new responsibilities for financial institutions. While this form of digital asset offers faster and more efficient payments, it also raises questions about oversight, risk, and readiness. With regulators beginning to set clearer expectations, now is the right time to get ahead of the curve. Banks and credit unions have succeeded by earning trust and adapting early, and preparing for stablecoin activity is a natural extension of that strength.

Stay ahead of stablecoin-related threats with proactive monitoring.