Abrigo

How behavior, not rates, is shaping balance sheet risk in 2026

What a bifurcating economic outlook means for credit markets, featuring Oxford Economics

Bank M&A fair value: What has changed

Bank deals impacted by lower rates & regulatory tailwinds

How have shifting rates and policy changes affected fair value and reshaped financial institution deals?

Key topics covered in this post:

The changing environment influences deal pricing and fair value outcomes
Factors affecting M&A activity: Then and now
Loan portfolio valuations have normalized from peak discounts
Peak values of core deposit intengibles have fallen
CECL changes simplify purchase accounting complexity, but the shifting market still requires discipline

The changing environment affects deal pricing and fair value outcomes

Over the past two years, the M&A landscape for financial institutions has undergone a meaningful transition. A previously constrained environment was defined by rapidly rising interest rates, widening valuation discounts, muted deal activity, and a lengthy regulatory process. That environment has now become more constructive and more active, creating a wider window for transactions and changing the assumptions that drive fair value.

As rates, funding costs, approval timelines, and purchase accounting have shifted, fair value outcomes have become less punitive in some areas and easier to model with greater confidence.

Read the latest on loan fair value and exit price trends.

Get the report

Factors affecting fair value marks

Rising and elevated market rates drove significant pressure on loan fair value marks while also increasing the value of core deposits in recent years. But several more recent key developments altered that dynamic and accelerated the announcement of merger transactions in 2025:

The Federal Reserve has shifted policy direction, implementing rate cuts following peak tightening
Market expectations for future rate paths have stabilized
Bank loan portfolios have repriced upward
Bank equity valuations have improved
Regulatory processes have become more efficient
Deal flow has begun to reaccelerate, with a broader mix of transaction structures

Although deal activity has slowed into 2026, this updated environment is changing not only how deals are priced, but also how fair value is measured and interpreted. Transaction-specific analysis remains critical for financial institutions, even in a more constructive environment, because portfolio composition, borrower concentration, collateral trends, and embedded risks can still materially affect deal economics.

A reopening M&A window

During the rising rate cycle, deal activity slowed considerably due to:

Depressed bank stock valuations
Increased uncertainty around credit quality
Larger fair value discounts, particularly on fixed-rate loan portfolios
Tangible book value dilution concerns

Today, many of those handicaps have partially reversed. Lower rates, improved market confidence, and the regulatory backdrop have:

Reduced the severity of loan discounts
Improved buyer currency (stock)
Increased alignment between buyer and seller expectations
Reduced execution risk through shorter approval timelines

As a result, we are seeing more traditional acquisitions returning, including the re-emergence of large transactions. We are also seeing increased competition for attractive franchises, particularly those with strong deposit bases. Shorter deal timelines further reduce the risk that fair value estimates will change materially between announcement and closing.

Loan portfolio valuations: From peak discounts to normalization

At the peak of the rate cycle, loan portfolios experienced significant fair value discounts driven by:

Market discount rates far exceeding portfolio yields
Limited ability for legacy loans to reprice
Elevated uncertainty around borrower performance

The Federal funds rate reached a peak in mid-2023 and held flat for much of 2024. Beginning in September 2024, the Federal Reserve reduced rates, bringing the year-end 2024 federal funds rate to 4.33%. Rates then stabilized through most of 2025 until the Federal Reserve resumed easing in September 2025, cutting rates by another 75 basis points over three moves by year-end. As the yield curve began to normalize, loan portfolio yield discounts also compressed meaningfully.

While market rates remained elevated relative to 2020 and 2021 levels, cumulative Fed easing since the third quarter of 2024, combined with continued repricing of loan portfolios toward current market levels, reduced the severity of yield-driven discounts reflected in the accounting for loans.

With rate stabilization and selective rate cuts:

The spread between market rates and portfolio yields has generally narrowed
New loan production and variable rate loan repricings have lifted portfolio yields overall
Discount severity has moderated meaningfully

Financial institutions with older fixed-rate loans with longer maturities, however, remain more challenged from a fair value perspective.

Credit marks: Stability, with continued need for diligence

Credit marks remained relatively stable through much of the rate cycle, as macroeconomic conditions held up better than expected. That stability, however, should not be read as a reason for less rigorous diligence.

Aggregate credit marks may appear steady, but portfolio composition, borrower concentration, collateral trends, and pockets of embedded risk can still materially affect deal economics.

Core deposit intangible values: Peak value from higher rates has passed

In a rising rate environment, core deposits became more valuable as the spread between low-cost deposits and alternative funding sources widened. That dynamic increased the value of core deposit intangibles and made strong deposit franchises more attractive in M&A transactions.

As rates have declined, the economic advantage of core deposits has compressed modestly because the cost of alternative funding sources has also decreased. The spread between the all-in cost of core deposits and wholesale funds has narrowed, reducing some of the premium that higher-rate conditions created.

Core deposits remain an important source of franchise value, but the tradeoff in valuation is worth noting. Higher CDI values reduce goodwill, which does not amortize, while also increasing future noninterest expense through CDI amortization. As CDI values moderate, that future amortization burden becomes somewhat less of a concern for buyers evaluating transaction economics.

CECL and purchase accounting: Complexity has been simplified

The interaction between fair value marks and CECL remains a central issue in deal modeling. In November of 2025, the FASB adopted ASU 2025-08 (Topic 326) for the accounting of purchased credit deteriorated (PCD) loans and non-PCD loans (now referred to as purchased seasoned loans or PSL). The change eliminates the prior “double count” impact and simplifies how institutions model the effect of acquired loan marks.

Under the prior standard, an institution determined the fair value of the acquired loan portfolio and recorded the discount on Day 1, which increases goodwill. After closing, the institution then immediately recorded an allowance on non-PCD loans through provision expense. In effect, a portion of the credit mark was counted twice, once in fair value and again through the allowance.

Under the new standard, PSL loans receive the same accounting treatment as PCD loans, eliminating the double count. The change improves Day 1 capital because an immediate provision expense no longer reduces retained earnings. Instead, a portion of the mark is reallocated to the allowance at closing.

That benefit comes with an important tradeoff. Because a portion of the discount related to non-PCD (PSL) loans is now allocated to the allowance rather than accreted into income over time, income accretion will be lower than under the prior model. For acquirers, the result is a cleaner, more transparent framework for evaluating capital, goodwill, and post-close earnings impact.

Faster approvals: Implications for fair value

One of the more meaningful shifts in today’s environment is the acceleration of regulatory approvals.

Historically, transactions often took four to six months (and longer for more complex deals) from announcement to closing. As such, there was market risk that fair values could change materially before close, particularly in volatile rate environments.

The risk was especially evident in 2023, when rising rates widened loan fair value discounts rapidly while portfolio yields adjusted more slowly. In some cases, the estimated loan discount at due diligence differed significantly from the amount ultimately booked at closing, resulting in higher goodwill than initially anticipated, all else equal.

Shorter windows from announcement to closing reduce some of this risk in today’s market. For buyers and sellers, that means greater confidence that the fair value assumptions used to evaluate a transaction will remain relevant through closing. It also improves the reliability of early-state deal modeling and reduces the likelihood that transaction economics will shift materially late in the process.

A changing M&A market requires discipline

The current M&A environment represents a transition from constraint to opportunity.

Many of the pressures from the rising rate cycle have eased. Loan discount severity has moderated, bank valuations have improved, and approval timelines have shortened. At the same time, changes in purchase accounting have simplified one of the more complex elements of deal modeling.

Even so, fair value remains highly sensitive to assumptions for both the interest rate component and the credit component. Core deposit intangible values have decreased and stabilized, reducing concern for buyers’ future amortization expense levels, but they remain an important part of franchise value in many transactions.

The result is a more active deal environment than a few years ago, but not a simpler one. Evaluating transaction economics in financial institution acquisitions or mergers requires disciplined valuation frameworks, forward-looking macro assumptions, and granular portfolio analytics. Early-stage due diligence fair value analysis also remains essential to gauge deal economics. Finally, the interaction between valuation and CECL continues to require careful consideration under the new FASB treatment for PCD and PSL loans.

Abrigo has deep valuation and bank purchase accounting expertise. We provide accurate and timely fair value and income recognition services for financial institutions.

Purchase accounting services

Loan fair value and exit price trends: Quarterly disclosure insights – Q4 2025

Purchased seasoned loans: A guide to simplified compliance & early-adoption benefits

FASB’s purchased financial assets update: What’s changing and what it means for your institution

What the Q1 2026 ACH metrics mean for ACH fraud detection

The ACH Network entered 2026 with strong momentum as financial institutions continue to modernize payments. Newly released metrics from Nacha show accelerating adoption of Same Day ACH and continued growth in business-to-business (B2B) payments—two trends that are reshaping the payments landscape for banks and credit unions alike.

Key topics covered in this post:

Same Day ACH growth metrics
Balancing customer expectations for speed with security
What financial institutions should prioritize to fight fraud

Learn how Texas National Bank improved fraud prevention with Abrigo.

Read case study

Same Day ACH growth continues to accelerate

The Q1 Nacha numbers reflect changing customer expectations around real-time payments, increasing pressure to modernize ACH fraud detection strategies, and the need to adapt to an evolving regulatory and operational environment.

According to Nacha, there were 403 million Same Day ACH payments in the first quarter of 2026, representing a 23.6% increase over the same period last year. The value of those payments reached $1.1 trillion, up 22.1% year over year and marking the second consecutive quarter that Same Day ACH value surpassed the $1 trillion threshold.

This sustained growth should signal to community financial institutions that faster payments are no longer viewed as a premium or niche service. Businesses and consumers increasingly expect funds to move quickly, predictably, and securely. With these expectations, ACH operations can no longer be treated as purely back-office functions. ACH has become a strategic channel directly tied to customer experience and competitiveness. Many institutions are evaluating how Same Day ACH complements broader, faster payments strategies while maintaining operational resiliency and compliance.

B2B payments are driving ACH network expansion

Nacha also reported that nearly 2.1 billion B2B payments moved through the ACH Network during Q1, an increase of 9.4% compared to a year ago. These numbers reinforce a broader industry shift away from paper checks and manual payment processes. Commercial customers increasingly want digital payment experiences that improve cash flow visibility and reduce processing delays.

For banks and credit unions, B2B ACH growth creates opportunities to deepen treasury relationships and deliver more value-added services. At the same time, commercial ACH activity can introduce elevated fraud risks due to higher transaction values and increasingly sophisticated fraud tactics. This is where ACH fraud detection becomes especially critical.

Faster payments increase the need for strong ACH fraud detection

As payment speed increases, fraud decisioning windows shrink. Financial institutions have less time to identify suspicious activity before funds move. Fraudsters understand this dynamic and increasingly target ACH channels using account takeover schemes, business email compromise, synthetic identities, and mule account activity.

The continued rise of Same Day ACH means institutions need fraud controls that can operate in near real time without creating unnecessary friction for legitimate customers. Modern ACH fraud detection solutions increasingly rely on layered approaches that combine behavioral analytics, anomaly detection, risk scoring, and ongoing transaction monitoring. Institutions also need visibility across payment channels, since fraud patterns rarely remain confined to a single rail.

The challenge is balancing speed with security. Customers expect payments to move faster, but they also expect their financial institution to protect them from fraud. According to survey data from Abrigo, the majority (51%) of American respondents aged 25 to 34 believe banks should always reimburse fraud victims.

What financial institutions should prioritize next

As ACH usage moves into faster, higher-value payment scenarios, expectations for financial institutions’ governance, risk management, and fraud prevention will grow accordingly. Financial institutions are increasingly evaluating whether existing processes, staffing models, and technologies are equipped to support the growing volume and velocity of transactions.

The Q1 2026 ACH metrics point to several priorities for banks and credit unions:

Strengthening ACH fraud detection capabilities to support faster payment environments

Improving visibility into high-risk transaction behavior

Modernizing operational workflows to support increasing Same Day ACH volume

Supporting commercial clients transitioning away from checks

Balancing payment speed with risk management and compliance expectations

The ACH Network remains one of the foundational payment rails in the U.S. financial system, but the way institutions use it is changing rapidly. For financial institutions, the message from Q1 is clear: ACH modernization is no longer optional. It is now central to how institutions compete, protect customers, and support the future of digital payments.

Learn more about Abrigo's AI-powered fraud-fighting solutions, built for bankers

AI solutions

What a bifurcating economic outlook means for credit markets, featuring Oxford Economics

Success Stories

Building a foundation for smarter banking: Alpine Bank improves knowledge access with AskAbrigo

Bold intelligence: AI’s expanding role in AML & fraud

Large sporting events like the FIFA World Cup can exacerbate human trafficking

The upcoming 2026 FIFA World Cup brings excitement for soccer fans around the globe, but for financial institutions and law enforcement, major sporting events also signal the need for heightened vigilance against human trafficking.

What is human trafficking?

Human trafficking is a crime in which force, fraud, or coercion is used to compel a person to perform labor, services, or commercial sex acts. Large-scale events often create increased demand for temporary labor, hospitality services, transportation, and commercial sex, creating opportunities for traffickers to exploit victims.

Financial institutions of all sizes play a critical role in identifying and reporting suspicious activity connected to human trafficking. According to FinCEN Director Andrea Gacki, “Timely reporting on suspicious activity potentially connected to human trafficking, regardless of threshold, is crucial in helping law enforcement aid possible victims and prosecute their traffickers.”

The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a Notice urging financial institutions in and around cities hosting the 2026 FIFA World Cup to increase vigilance. The 2026 FIFA World Cup is expected to draw millions of domestic and international visitors, and financial institutions of all sizes play a pivotal role in detecting and reporting suspicious activity related to human smuggling and human trafficking.

Staying on top of fraud is a full-time job. Let our Advisory Services team help when you need it.

Connect with an expert

Behavioral indicators and transactional red flags

Behavioral red flags may include the presence of a controlling third party who:

Speaks on behalf of the customer
Insists on remaining present throughout the interaction
Attempts to complete paperwork without consulting the customer
Retains possession of the customer’s documents or funds
Behaves aggressively or intimidates the customer

Additional warning signs may include customers who:

Appear malnourished, fatigued, or show signs of abuse
Do not know where they are staying or provide inconsistent stories
Show little control over their own finances or personal documents

Sex trafficking during major events

FinCEN notes that victims of sex trafficking may be forced to travel frequently to meet clients within short timeframes. As a result, victims or traffickers may exhibit unusually large travel-related transactions. Victims often receive payment for commercial sex acts in cash, but traffickers may also use peer-to-peer transfers, credit card payments, digital assets, or prepaid access cards.

Other transactional red flags include:

Frequent cash deposits into easily accessible ATMs
Rapid transfers of deposited funds to another account
Transactions inconsistent with a customer’s normal activity patterns

Labor trafficking during major events

The increased demand for labor and services surrounding major sporting events can also create opportunities for labor trafficking.

Seemingly legitimate businesses in host cities may use exploitative employment practices to meet staffing demands. Financial institutions may observe:

An absence or deviation from expected payroll expenses
Wages transferred from a victim’s account to another individual’s account
Large deductions from employee wages
Minimal or no transactions associated with maintaining essential living needs, which may indicate a trafficker’s financial control over a victim

Financial institutions are key partners in combating human trafficking

According to the National Human Trafficking Hotline, working in the financial industry provides you the opportunity to report suspicious behavior involving 92% of the various types of human trafficking. When you encounter transactions that just don’t feel right, don’t hesitate to file Suspicious Activity Reports (SARs) and call the National Human Trafficking hotline at 888-373-7888.

FinCEN also encourages voluntary information sharing among financial institutions and financial institution associations, including appropriate cross-border sharing with foreign financial institutions, to help identify and prevent potential money laundering or other illicit activity related to human trafficking.

Customer-facing employees are especially important in identifying potential trafficking activity because victims may have limited contact with people outside of their traffickers, other than when visiting financial institutions.

It's easy to feel overwhelmed by the number of potential human trafficking transactions you find, knowing the abuse that lies behind these transactions. The good news is there are data scientists designing ways to detect these patterns without human intervention. Financial institutions with AML software that incorporates AI will be empowered to find data that can free victims faster.

Learn more human trafficking behavioral indicators with this checklist: "Human Trafficking Red Flags."

read now

The FIFA World Cup and human trafficking: How financial institutions can help

Understanding stablecoins at your credit union

What are Chinese money laundering networks? Understanding the risks to U.S. financial institutions

The risk of outdated technology and processes

Some financial institutions look efficient on paper but have outdated processes and technology systems. These can reveal gaps in compliance, data integrity, or risk controls. Misclassified borrowers, inconsistent data, and incomplete information lead to flawed decisions.

This article covers these key topics:

Three outdated modes of operation
Hidden costs of outdated modes and processes
The path forward to innovation
The role of artificial intelligence

'Business as usual' no longer works

My introduction to banking came in a small hometown institution, working summers between college years. Back then, the industry (only half-jokingly) ran on the “3-6-3” rule: pay 3% on deposits, charge 6% on loans, and be on the golf course by 3:00—especially on Thursdays where I worked.

Those days are gone. Margins are tighter, competition is faster, and borrowers have more options than ever. “Business as usual” no longer works.

See the benefits of embracing innovation.

Customer success stories

3 Outdated modes of operation

Underwriting

Early in my career, underwriting involved paper, pencils, and a good typewriter ribbon—and it took days. Today, we have automated loan origination systems…and it still takes days.

No amount of technology will fix an obsolete, overly complex underwriting approach. Meanwhile, fintechs offer decisions in minutes and funding within a day. You can debate their philosophy, but your borrowers won’t. They care about speed and certainty. And they will pay for it.

The contrast to lending at many financial institutions is stark: a straightforward credit that could be decisioned in hours instead moves through days of rework, duplication, and handoffs.

Risk isn’t one-size-fits-all, yet we treat it that way. Simple credits should move quickly and consistently. Time and expertise should be reserved for complex risk, where it actually matters.

Approvals

In response to past failures, the industry swung from excessive approval autonomy to excessive control. The result: layered approvals, diffused accountability, and slow decisions.

Recent data shows most institutions still require three or more approval levels for small business credit. That is a process choice with consequences, and in most cases, the process choice isn’t about risk management; it’s risk avoidance.

Not every exposure deserves the same treatment. A small loan that cannot threaten the institution should not be subjected to the same process as a top-tier exposure.

Put this in perspective. Stack rank your loan portfolio by smallest borrower to largest. How much of your portfolio exposure is represented by 50% of your borrowers? 60%? 70%? 80%? I suspect that 70% to 80% of your borrowers combined represent a fraction of your portfolio. Why do you want to spend so much time and effort approving facilities to them when, if you charged off the whole segment (which is highly unlikely given the diversity), you can’t lose your institution?

If you want people to manage risk, give them ownership and make them accountable. Use portfolio tools to identify outliers. Stop treating every loan like your worst-case scenario requiring elevated approvals.

Technology and data

We depreciate software over 3–5 years yet hesitate to invest in modern systems, especially core platforms. Instead, we build workarounds.

The result is a patchwork of spreadsheets—isolated, inconsistent, and poorly governed. Meanwhile, we still insist the core is the “single source of truth,” even when it clearly isn’t.

Worse, we launch products we can’t operationally support. That leads to manual processes, shadow systems, and sometimes even Post-it notes backing what we often market as automated capabilities. Critical data lives outside the system of record and is reconciled manually.

Core replacement is expensive and disruptive. But avoiding it comes with its own cost: inefficiency, errors, and a slow bleed of resources.

Hidden costs = credit costs

There are institutions that look efficient on paper, only to later reveal gaps in compliance, data integrity, or risk controls. Efficiency ratios can mask underlying fragility.

If you don’t trust your data, you can’t manage your portfolio. Misclassified borrowers, inconsistent data, and incomplete information lead to flawed decisions.

If your institution is slow, process-heavy, and reliant on backward-looking metrics because that’s all you have, you have a credit problem, whether you recognize it or not.

The path to closing innovation gaps

In the effort to avoid risk (as opposed to manage it), the result is often an elevated risk profile due to inefficiency, ignorance and error. But there is a way to fix this. This isn’t easy—but it is straightforward.

Principles

Start with a clear foundation:

Focus on decision making speed and quality
Favor controlled, incremental change over reactive “big bang” efforts
Prioritize risk reduction over marginal productivity gains
Align credit culture, policy/guidance, and incentives with the desired operating model

Identify blind spots

Bring the right people (line, credit, loan servicing, CRO, CCO, CFO) into a room and dissect the credit process end-to-end. The only “sacred cow” is that there are no sacred cows. If a step exists, it should be defensible. If it isn’t, it should be challenged.

Ask simple but uncomfortable questions:

Why does underwriting take so long?
What slows approvals?
Where are exceptions and overrides coming from? Are they relevant to the true credit risk of the institution, or just pet peeves?
How are people actually spending their time?
Where are losses—or (more likely) excessive servicing costs—emerging?
Do we have the data we need? If not, why?

The goal is clarity: what prevents effective, quick, risk-based decisions?

Fix the operating model

Most efforts fail due to resistance to change rather than due to a lack of insight. Without executive and board-level alignment from the start, modernization will stall.

Focus on:

How time is actually spent vs. how it should be spent
Streamlining underwriting and eliminating low-value steps
Reducing unnecessary approvals
Clarifying accountability
Aligning incentives with desired behaviors

Once you go through this process and make the necessary adjustments, the next step is to ensure that your policies, guidance, and procedures (as well as the incentive program) are simplified and realigned to the new model and CLEARLY communicated to your team with plenty of time for feedback and internalization. To simply impose change without communication and alignment is another major flashpoint of failure.

Modernize data (incrementally)

You can’t fix data all at once. But you do need to start somewhere. Pick a handful of critical credit data elements and clean them for your largest exposures. Then expand. Build processes to maintain data quality at every touchpoint, with clear points of accountability and consequences for failure.

In parallel, improve the completeness and timeliness of borrower information, also with accountability and consequences. From there, establish governance to systematically address gaps.

Progress will be incremental, but standing still is not an option.

Use technology thoughtfully

The biggest mistake institutions make when it comes to modernizing systems is layering new technology onto broken processes. Far too often, automation fails because decisions still require excessive time and effort.

Here are some key questions to address as you consider a new loan origination system or other technology:

What decisions can be automated?
Where is human judgment truly needed?
Are roles and responsibilities clear?
Is underwriting aligned with actual risk?
Are we identifying emerging risks early?

The role of artificial intelligence

AI is a strategy and a tool. Before financial institutions can answer “How do we use AI?” it helps to answer “What problem are we solving?”

Today, on individual credit, AI can already support:

Benchmarking and comparative analysis
Early detection of financial stress
More consistent underwriting decisions

At the loan portfolio level, AI can surface patterns that are very difficult to detect manually—across markets, products, or borrower types.

But AI requires discipline:

Clear governance by use case (underwriting, monitoring, portfolio management)
Defined human accountability
Transparency in outputs
Ongoing monitoring for drift and bias

AI can enhance judgment. It cannot replace responsibility.

Rethink how decisions are made

Competing today requires more than adopting new technology. It requires rethinking how decisions are made.

Better decisions—faster, more consistent, and grounded in reliable data—aren’t just an efficiency gain. They are a credit risk imperative. The most dangerous credit risks rarely announce themselves. They build quietly through slow processes, unclear accountability, and unreliable data, until they surface in ways that are harder to correct.

And yes—it’s still okay to play golf on Thursday afternoon.

You might like this webinar: "AI's impact on credit risk: What to consider in your portfolio."

Watch the webinar

At first glance, a machine in a store might look like a standard Automated Teller Machine (ATM). Some are traditional ATMs that dispense cash. Others are cryptocurrency ATMs, often called Bitcoin teller machines (BTMs), that allow customers to buy or sell cryptocurrency using cash. They may share a similar name, but they operate very differently and pose distinct risks and compliance expectations for financial institutions.

As cryptocurrency adoption continues to expand, more merchants are installing BTMs to generate additional revenue. This trend makes cryptocurrency ATM monitoring an increasingly important part of a financial institution’s risk management program. During site visits and customer reviews, staff can no longer assume that every machine functions under traditional ATM rules.

Staying on top of fraud is a full-time job. Let our Advisory Services team help when you need it.

Connect with an expert

Why BTMs require closer attention

Unlike a traditional ATM, a BTM facilitates the exchange between fiat currency and cryptocurrency. This activity typically classifies the operator as a money services business (MSB), which brings added regulatory obligations under the Bank Secrecy Act (BSA) and anti-money laundering (AML) requirements.

From a risk standpoint, BTMs introduce several concerns:

The potential for pseudonymous transactions, depending on controls
Rapid movement of funds across jurisdictions
Increased exposure to fraud and illicit activity
Third-party operators with varying levels of compliance maturity

Financial institutions already understand that higher-risk products require stronger oversight. As expectations for BSA and AML programs continue to evolve, maintaining awareness and control over emerging channels, such as BTMs, is essential.

Regulatory expectations for BTM operators

Financial institutions should expect BTM operators to meet specific regulatory and compliance requirements. Gaps in these areas may indicate elevated risk.

Registration and licensing
BTM operators must register as an MSB with the Financial Crimes Enforcement Network (FinCEN). Many states also require a money transmitter license or additional cryptocurrency-related licensing.
AML program requirements
A compliant operator should maintain a written AML program that includes:
Customer identification and verification procedures
Ongoing transaction monitoring
Suspicious activity reporting
A designated compliance officer
Independent review
Operators should conduct independent audits of their AML program and utilize appropriate monitoring procedures. These tools help identify exposure to high-risk wallets, sanctioned entities, or suspicious transaction patterns.

Banking relationships
Because BTMs require a financial institution to facilitate cash flow, the operator’s compliance posture directly impacts the bank or credit union. This underscores the importance of due diligence and ongoing oversight.

This is where cryptocurrency ATM monitoring plays a key role. Understanding who owns, operates, and manages the machine is foundational to assessing risk.

Third-party risk

A common challenge is that merchants do not always own the BTM located on their premises. In many cases, a third-party provider installs and operates the machine, and the merchant receives a share of the revenue.

This type of arrangement can introduce additional third-party risk that is not always obvious at first. For example:

The merchant may rely entirely on the operator’s AML program
The financial institution may have limited visibility into transaction activity
Compliance accountability may be unclear or misunderstood

In some situations, merchants are unaware of the regulatory requirements tied to BTMs. Unscrupulous providers may place machines without fully explaining the responsibilities involved. That lack of transparency can expose both the merchant and the financial institution to risk.

Even when the merchant is not the operator, the presence of a BTM should influence how the relationship is risk-rated and monitored.

Customer due diligence and risk rating

Financial institutions should incorporate BTMs into their customer due diligence and risk assessment processes.

At onboarding and during periodic reviews, consider:

Does the customer own, operate, or host a BTM?
Who is responsible for regulatory compliance?
Is the operator registered with FinCEN?
Is the appropriate state licensing in place?

The presence of a BTM does not automatically make a customer high risk. However, it should prompt a closer evaluation of the customer’s overall risk profile and may warrant enhanced due diligence.

Ongoing monitoring is equally important. Changes in ownership, transaction volume, or business activity should trigger reassessment.

Red flags

In addition to understanding the structure of the relationship, financial institutions should be aware of transactional red flags associated with BTMs. Incorporating these into your cryptocurrency ATM monitoring processes can help identify potential issues early.

Examples of suspicious activity may include:

Repeated cash deposits followed by immediate cryptocurrency purchases
Customers structuring transactions to avoid identification thresholds
Multiple individuals using the same machine in a coordinated manner
Unusual transaction volumes inconsistent with the business type
Customer complaints indicating confusion or possible fraud

These patterns should be evaluated within the institution’s existing suspicious activity monitoring framework and escalated when appropriate.

Internal processes and training

Effective cryptocurrency ATM monitoring requires coordination across multiple teams. Frontline staff, lenders, and BSA professionals all play a role in identifying and managing risk.

Financial institutions should:

Train staff to recognize BTMs during site visits
Update procedures to require documentation and photos of machines
Enhance customer questionnaires to include cryptocurrency-related questions
Ensure BSA and AML teams understand how BTM activity fits into monitoring systems

A lack of awareness at the frontline level can lead to missed risk indicators. Ongoing training and clear communication help ensure that emerging risks are consistently identified and addressed.

Practical steps

To strengthen your approach, consider implementing the following:

Ask all business customers whether they have an ATM or a BTM
Identify who owns and operates the machine
Obtain FinCEN registration details and verify licensing where applicable
Maintain copies of BTM agreements, including AML compliance language
Incorporate BTM activity into your risk assessment and monitoring processes

If agreements do not clearly address compliance responsibilities, that may signal a need for further review.

Looking ahead

Cryptocurrency and alternative payment channels continue to evolve. As adoption increases, regulators are likely to maintain or expand their focus on these areas.

Financial institutions that take a proactive approach to cryptocurrency ATM monitoring will be better positioned to manage risk, support their customers, and meet regulatory expectations. This includes building scalable processes, leveraging technology where appropriate, and ensuring staff are equipped with the knowledge they need.

Understanding the difference between an ATM and a BTM is no longer a minor detail. It is a necessary step in maintaining a strong, risk-based compliance program in a rapidly changing financial landscape.

Need help with fraud?

Learn More

FAQs

What is a BTM?

A BTM, or Bitcoin Teller Machine, is a kiosk that allows users to buy or sell cryptocurrency using cash, debit cards, or digital wallets. For banks and credit unions, BTM activity may require monitoring as part of AML transaction monitoring and financial crime compliance workflows.

What is the difference between an ATM and a BTM?

An ATM allows customers to access traditional banking services, while a BTM, or Bitcoin Teller Machine, allows users to buy or sell cryptocurrency. For banks and credit unions, understanding the difference helps BSA/AML teams identify crypto-related transaction activity that may require enhanced monitoring.

Why should financial institutions monitor cryptocurrency ATM activity?

Financial institutions should monitor cryptocurrency ATM activity because it can create elevated fraud, money laundering, and scam risk. AML transaction monitoring software can help banks and credit unions detect unusual cash withdrawals, rapid movement of funds, or customer behavior connected to crypto scams.

What red flags may indicate suspicious BTM-related activity?

Suspicious BTM-related activity may include repeated cash withdrawals, transactions inconsistent with a customer’s profile, elderly customers sending funds after coercion, or activity tied to known crypto scam patterns. Abrigo-related AML/CFT workflows can help financial institutions identify, investigate, and document these red flags more consistently.

How can banks and credit unions reduce risk from cryptocurrency ATM transactions?

Banks and credit unions can reduce cryptocurrency ATM risk by combining staff training, customer education, risk-based monitoring, and clear escalation procedures. Financial crime compliance software can support this process by centralizing alerts, customer data, investigation notes, and SAR decisioning.

Ahead of the curve: A banker’s podcast – Data quality, AI, and the future of financial crime compliance

Telegram fraud exposed: Inside the cybercrime economy fueling financial fraud

Hot topics in AML & fraud: What to watch in 2026

Why lenders should lead the conversation on timing, cash flow, and performance

In today’s uncertain environment, many business borrowers hesitate to move forward with equipment investments. Concerns about interest rates, cash flow, or economic conditions often lead them to delay financing in an effort to “save money.”

Borrower hesitation presents both a challenge and an opportunity for financial institutions that are diversifying with equipment finance. By reframing the conversation, banks and credit unions can demonstrate the equipment finance advantage and help clients make decisions that strengthen both operational performance and credit quality.

Aging equipment creates a performance problem

When borrowers defer equipment upgrades, the impact isn’t always immediate, but it is cumulative. Aging equipment can lead to increased downtime and reduced efficiency. Over time, these issues can erode margins and disrupt revenue generation.

Leasing equipment also helps businesses avoid the long-term burden of obsolescence. As technology evolves, older equipment often becomes less efficient and more expensive to maintain. With a lease structure, borrowers have the flexibility to replace their assets at the end of the term and transition to newer, more efficient equipment without being locked into outdated technology.

For lenders, aging equipment introduces risk. A borrower operating with unreliable equipment may face inconsistent cash flow, making repayment capacity less predictable. Discussing the advantages of equipment leasing helps lenders shift customers' mindsets from cost avoidance to performance stability and shows how updated equipment supports stronger financial outcomes.

Learn how to tap into the equipment financing opportunity in during this webinar.

Watch now

Borrower hesitation signals an advisory opportunity

For banks or credit unions offering equipment leasing, client hesitancy creates an opening for lenders to step into a more advisory role. When a client delays an equipment decision, it is rarely just about rates. It often reflects uncertainty about timing, return on investment, or broader business conditions. Rather than focusing solely on loan terms, lenders should get familiar with the factors impacting equipment financing and guide conversations around:

Operational efficiency and lifecycle planning
Revenue impact of purchasing new equipment vs leasing
How new technologies are reshaping asset valuation

Having these discussions positions your institution as a strategic partner, not just a funding source.

Reframing financing around cash flow alignment

One of the most effective ways to shift borrower perspective is to focus on cash flow timing. Instead of making a large upfront payment to purchase equipment, leasing allows businesses to spread the cost over manageable monthly payments. This helps businesses maintain liquidity and frees up funds for other critical expenses.

Taking a cash flow approach can resonate strongly with borrowers who are hesitant to commit capital in uncertain conditions. Emphasizing how equipment financing supports flexibility can help clients see financing as a tool for managing financial pressure.

Strengthening relationships through proactive guidance

Banks and credit unions that actively engage clients in these conversations can differentiate themselves in a competitive lending environment. Rather than reacting to financing requests, they can anticipate needs and provide guidance before operational challenges emerge.

Helping borrowers understand the hidden costs of waiting—and the strategic benefits of acting—supports stronger client outcomes and more resilient loan portfolios. Ultimately, communicating the equipment finance advantage is not just about closing more deals; it’s about building long-term relationships grounded in insight and trust.

This blog was developed with the assistance of ChatGPT, an AI large language model. It was reviewed and revised by Abrigo's subject-matter expert for accuracy and additional insight.

Curious about the most relevant local indicators for evaluating borrower performance?

The silent threat to credit quality: Innovation gaps

How to reframe equipment financing conversations with hesitant borrowers

What does agentic LOS mean? What is it?

Advance lending efforts with agentic loan origination

In agentic LOS, software agents apply workflow context, policy logic, and human oversight across systems and documents throughout the lending cycle to help loans by banks and credit unions progress more consistently.

This article covers these key topics:

The challenges of loan origination
Agentic LOS in plain terms
How agentic AI differs from traditional AI and generative AI
Where financial institutions should start

The challenges of loan origination

Today’s loan origination process remains heavily manual, with bank and credit union staff spending significant effort on repetitive tasks.

Financial institutions report spending about 20 minutes per application on simple quality-control reviews and up to an hour on complex loans, even though most steps (document checks, policy exception validation, tickler and covenant setup, and cross-system reconciliation) are structured and repeatable.

At the portfolio level, the inefficiency compounds. Periodic loan reviews take 8+ hours per loan, translating to 1–1.5 months to complete just 20 credit risk reviews. This workload often forces teams to sample the portfolio rather than provide full coverage.

Fragmented systems, unstructured data, and frequent mismatches across credit memos, documents, and core systems drive continuous rework, missed exceptions, and heightened examiner risk for busy financial institutions.

The result is a high-cost, human-coordinated operating model where 60–70% of the workload could be automated through better orchestration and intelligence. This is exactly the kind of problem agentic systems are designed to solve.

Need help with AI governance and strategy? We can help.

Connect with an expert

The friction behind lending workflows

Even with current processes, loan pipelines of financial institutions rarely break in obvious ways. Instead, they slow down quietly. A lender waits on a missing borrower document. An analyst tracks down a policy exception. A covenant requires manual setup and follow-up. Data needs to be reconciled across systems.

These small interruptions, repeated across every loan, create the operational drag that defines today’s experience. Some bankers describe it as a classic “human glue everywhere” system, with fragmentation across roles and functions.

This friction doesn’t exist in isolation; it spans the entire lending lifecycle. And it’s this friction-filled workflow that agentic AI is designed to address and reimagine, especially in the context of a loan origination system (LOS).

The lending lifecycle: Progress via coordination

Traditionally, loan origination is just one phase of a much broader lending lifecycle—from acquisition and credit evaluation to closing, servicing, and ongoing risk monitoring. Yet in most institutions, these stages operate as disconnected workflows, with data re-entered, decisions revalidated, and work repeatedly handed off at each transition. What begins as a borrower application turns into a series of fragmented processes, each introducing delay, rework, and risk.

An agentic LOS changes this by creating continuity across the lifecycle—ensuring that information, policy logic, and workflow context carry forward seamlessly, so lending work progresses as a coordinated system rather than a sequence of disconnected steps.

Agentic LOS, in plain terms

In plain terms, an agentic LOS shifts the system from tracking work to actively moving it forward. Instead of relying on users to push each step, software agents operate within the workflow: identifying missing information, validating documents, applying policy logic, coordinating next steps, and surfacing exceptions in real time.

They use context from across systems and documents to take action while keeping humans in the loop for approvals and judgment calls. The result is faster execution within a system that continuously drives loans toward completion.

How agentic AI differs from traditional AI and generative AI

Agentic LOS represents a fundamental shift from how automation has worked in lending.

Traditional software is procedural—users click through screens, enter data, and hand off tasks. Traditional AI can score or classify, and generative AI can summarize documents or draft narratives, but both are largely reactive, waiting for a prompt or input.

Agentic AI, by contrast, is goal-driven. It can recognize that a loan is incomplete, pull the relevant data, compare it against policy, initiate follow-ups, update workflows, and escalate issues when needed. Instead of supporting individual tasks, it orchestrates entire workflows, moving loan origination from a reactive process to a proactive, continuously advancing system.

Why agentic LOS matters

Loan origination is not a single decision for a financial institution. It is a chain of decisions, documents, handoffs, follow-ups, and controls. Over time, that chain has accumulated friction. A single loan can pass through multiple roles—relationship managers, analysts, underwriters, reviewers—each advancing the file step by step. Even with modern systems, the experience often feels like a digital version of passing paper from desk to desk.

That friction is more than just inefficiency. It is lost capacity. Time spent extracting data, checking documents, managing ticklers, validating covenants, and routing files is time not spent on borrowers, credit insight, or growth.

This is where an agentic LOS changes the equation.

Instead of workflows that wait on people, an agentic system actively moves work forward. It handles routine coordination, pulls context across systems, flags issues early, and ensures that required steps are completed consistently. The process becomes more continuous, less fragmented, and far less dependent on manual follow-up.

The impact compounds quickly. Cycle times shrink. Errors surface earlier. Audit trails improve. Borrowers experience faster, more consistent service.

More importantly, the role of people changes. Lenders and analysts spend less time managing process and more time applying judgment—understanding borrowers, structuring deals, and making better credit decisions.

Decision velocity increases. Operational drag decreases. Institutions gain the ability to scale lending without linearly scaling headcount.

That is the real promise of an agentic LOS—not just efficiency, but controlled growth.

What makes this a meaningful shift

The opportunity lies beyond simply automating tasks. Agentic LOS can translate credit policy, workflow rules, and institutional knowledge into a system that can act on them.

Done well, this strengthens relationship banking. By removing internal friction, institutions can deliver faster responses, clearer communication, and more consistent execution, while still keeping humans in control of decisions that matter.

Modernization, in this sense, stops being a back-office upgrade. This form of modernization is a front-line advantage.

Where financial institutions should start

The most effective starting point is not identifying the technology. It is workflow clarity.

Map the origination process end-to-end. Identify where time is spent, where delays occur, and which steps are repetitive, rules-driven, and prone to error. Then separate those from the moments that require human judgment, negotiation, or discretion.

Start with contained, high-impact use cases: policy exception validation, document comparison, covenant checks, tickler setup, and workflow bottleneck detection. These areas are measurable, lower risk, and create immediate operational lift.

Build with guardrails. Prove value. Expand deliberately.

Where this is headed

Adoption is still early, but momentum is building quickly. Generative AI is already in production across many institutions, and agentic AI is moving from experimentation to strategic priority.

The conversation is shifting from “What is this?” to “Where does it fit, and how do we govern it?”

To move successfully, financial institutions will want to balance urgency with discipline. Modernize data access, tighten policy logic, and focus on use cases that deliver real operational value without introducing unnecessary risk.

Finally, recognize that this is more than a technology shift; it is an operating model shift.

Learn about Abrigo's AI-powered solutions and resources

Visit the AI Hub for Bankers

FAQs

What is an agentic LOS?

An agentic LOS is a loan origination system that actively moves lending work forward rather than merely tracking tasks. Software agents within the LOS apply workflow context, policy logic, and human oversight across systems and documents throughout the lending cycle to help loans progress more consistently.

How does an agentic LOS compare with manual loan origination processes?

An agentic LOS provides more consistent workflow coordination than manual loan origination processes. Agentic loan origination can reduce reliance on staff to track missing documents, validate exceptions, reconcile information, and move files forward across disconnected steps.

How does an agentic LOS improve loan origination?

An agentic LOS improves loan origination by reducing manual coordination across documents, policies, systems, and approvals. It helps financial institutions address rules-driven, repetitive steps such as document checks, exception validation, covenant setup, tickler creation, and workflow follow-up.

How is agentic AI different from generative AI in lending?

Agentic AI differs from generative AI because it can coordinate actions across a workflow, while generative AI primarily creates or summarizes content. In an LOS context, agentic LOS uses agentic capabilities to identify incomplete files, compare data against policy, surface exceptions, and escalate issues for human review.

What lending tasks can an agentic LOS help automate?

An agentic LOS can help automate repetitive, rules-driven lending tasks such as document comparison, policy exception validation, covenant checks, tickler setup, and workflow bottleneck detection. Agentic LOS should ensure humans remain responsible for approvals, credit judgment, borrower negotiation, and decisions requiring discretion.

How can an agentic LOS help lenders and analysts?

An agentic LOS helps lenders and analysts spend less time managing processes and more time applying judgment where it is critical. Agentic loan origination can reduce operational drag by coordinating routine follow-ups, surfacing issues earlier, and helping teams focus on borrowers, deal structure, and credit quality.

What should financial institutions do before adopting an agentic LOS?

Financial institutions should clarify their lending workflows before adopting an agentic LOS. Abrigo recommends mapping the origination process end to end, identifying delays and repetitive rules-driven steps, and separating automation opportunities from decisions that require human judgment.

What a bifurcating economic outlook means for credit markets, featuring Oxford Economics

Success Stories

Building a foundation for smarter banking: Alpine Bank improves knowledge access with AskAbrigo

Bold intelligence: AI’s expanding role in AML & fraud

Sanctions screening as part of a holistic risk prevention strategy

When a wire transfer appears routine, it can be easy to treat it as a processing task rather than a financial crime risk event. That is a mistake. Financial institutions should assume that bad actors moving funds across borders or through the U.S. financial system are actively looking for weaknesses in screening, data quality, escalation, and human review. In many cases, the goal is not simply to complete a payment but to disguise who is involved, where the funds are going, and why the transaction should have raised concern.

This is what makes sanctions evasion through wire activity such an important issue for anti-money laundering/combating the financing of terrorism (AML/CFT) teams. The risk is not limited to clearly foreign transactions or direct matches to a watch list. It often appears in altered entity names, missing address fields, layered ownership structures, routing through neutral countries, or payment details that do not align with expected customer behavior.

For community financial institutions, the takeaway is straightforward. The wire room, operations staff, and AML/CFT team all play a role in identifying suspicious activity before it becomes a missed alert or regulatory issue.

This article covers these key topics:

Evolving tactics
What institutions can do
Why sanctions screening is not a standalone task

Why wire transfers remain vulnerable

Wire transfers move quickly, involve multiple parties, and rely heavily on the quality of the data entered at origination. This creates an opportunity for abuse. Businesses attempting to avoid sanctions screening rarely rely on a single tactic. They may alter identifying details, use intermediaries, test payment channels, or exploit control gaps. A transaction that does not generate an alert is not necessarily low risk. It may indicate that key information was incomplete or manipulated.

Effective detection requires more than name screening. It depends on understanding context, reviewing supporting details, and recognizing when small inconsistencies form a larger pattern of sanctions evasion.

Common tactics used to avoid sanctions screening

Obscuring beneficial ownership: Layered entities, shell companies, nominee owners, or relatives listed as owners can make screening less effective. Ownership structures may also be designed to fall just below internal review thresholds. When beneficial ownership data is incomplete or inaccurate, institutions may screen the wrong party or miss the true risk.
Routing through intermediaries or neutral countries: Rather than transact directly with a sanctioned party or higher-risk jurisdiction, businesses may route payments through freight forwarders, import and export firms, law firms, or banks in countries that appear less suspicious. This can obscure the true origin or destination of funds. Transactions that involve unexpected routing or unnecessary intermediaries should prompt additional review, particularly when the structure does not align with the stated business purpose.

Misrepresenting transaction details: Altering payment data is one of the more common tactics. A business may omit the purpose of the payment, shorten a legal name, remove foreign company identifiers, or present a party as domestic rather than international. For example, removing suffixes such as Ltd., S.R.L., GmbH, S.A., or Pte. can affect whether a transaction matches. Using a U.S. address for an overseas entity without a clear explanation can create a similar risk.

Exploiting remote initiation channels: Online banking, mobile banking, and batch uploads can reduce opportunities for manual review. Foreign IP addresses, VPN usage, rapid fund transfers, and high-volume wire activity can increase risk, especially when the activity does not match the customer’s normal profile.
Taking advantage of weak screening logic: Outdated systems or poorly tuned rules may fail to identify misspellings, aliases, or non-Latin characters. Overreliance on exact matches and limited fuzzy logic capabilities can lead to false negatives. Institutions should regularly evaluate whether their screening tools are aligned with current risks and capable of identifying variations in names and identifiers.

Manipulating data to create false negatives: Some businesses intentionally omit or alter data fields that could trigger a match. Missing addresses, partial legal names, or inconsistent identifying details may appear minor on their own. Together, they can indicate deliberate sanctions evasion. Staff should be trained to identify these inconsistencies and validate information when needed, including comparing wire details to publicly available information.

Using alternative payment channels: Some actors move funds through digital assets, privacy-focused services, or noncompliant platforms to obscure transaction flows. Even when a financial institution is not directly handling these transactions, related wire activity may still reflect exposure.
Sending test transactions: Small-dollar wires can be used to test whether controls are functioning as expected. If a transaction does not trigger an alert, activity may escalate. Institutions should not assume that low-value transactions are low-risk.
Exploiting policy gaps and delays: Outdated policies and procedures, infrequent updates to the sanctions list, delayed alert reviews, and inconsistent training can create gaps that allow suspicious transactions to slip through controls. Timeliness and consistency are critical.
Avoiding the U.S. financial system: Some parties attempt to structure transactions outside of U.S. jurisdiction. However, exposure can still exist if U.S. dollar clearing occurs at any stage. Institutions should understand the full transaction flow, not just the immediate parties involved.

Need help fighting fraud?

Learn more

What institutions should do

Financial institutions do not need perfect information to improve their response. They need strong controls, consistent processes, and well-trained staff.

Start by reviewing policies and procedures to ensure they reflect current wire risks, escalation paths, and departmental responsibilities. Confirm that screening occurs at appropriate points and that sanctions lists and system settings are updated regularly.

Training is equally important. Staff should be able to recognize missing or altered data, unusual routing patterns, and transactions that do not fit the customer profile. They should also understand when to escalate an issue as a potential financial crime concern rather than treating it as an operational exception.

Technology should also be evaluated. Screening systems should align with the institution’s risk profile and include appropriate fuzzy logic capabilities. Strong data quality and thoughtful system tuning can improve detection while reducing unnecessary alerts.

A broader approach to sanctions risk

Sanctions screening should not be viewed as a standalone system task. It is part of a broader risk management effort. Wire transfers provide valuable information beyond the payment itself. When institutions connect screening results with customer due diligence, transaction context, and ownership information, they gain a clearer picture of potential risk.

This approach is increasingly important as payment channels become faster and more complex. Institutions that strengthen controls, improve training, and maintain effective escalation processes are better positioned to manage the risk of sanctions evasion.

Conclusion

Wire transfers remain an essential service, but they also present ongoing risk. Businesses attempting to avoid sanctions screening may manipulate data, use intermediaries, or exploit process gaps.

For banks and credit unions, the path forward is clear. Maintain current policies and procedures, train staff to identify evasion tactics, and ensure screening tools are aligned with actual risk exposure. These steps support compliance while protecting the institution, its customers, and the financial system.

FAQs

Why are wire transfers considered high risk for sanctions evasion?

Wire transfers move quickly, involve multiple parties, and depend heavily on data quality, making them vulnerable to manipulation and abuse.

How do businesses attempt to evade sanctions screening?

They use tactics such as altering entity names, hiding beneficial ownership, routing through intermediaries, and manipulating transaction details.

What are false negatives in sanctions screening?

False negatives occur when suspicious transactions are not flagged due to incomplete, inaccurate, or deliberately altered data.

What should financial institutions do to reduce sanctions risk?

Institutions should maintain updated policies, train staff to identify evasion tactics, and ensure screening tools are aligned with current risks. during transactions, such as anxiety, confusion, or secrecy, which means detection should combine software and staff observation.

Ahead of the curve: A banker’s podcast – Data quality, AI, and the future of financial crime compliance

Telegram fraud exposed: Inside the cybercrime economy fueling financial fraud