Top Regulatory Concerns
With AI and cybersecurity topping the list of Issues on Leaders’ Minds, it’s no surprise that the regulatory landscape around these topics is also front and center.
Respondents noted they are very or highly concerned in these compliance areas:
Cybersecurity Compliance
AI Governance
Financial Crimes Compliance (e.g., AI, Analytics, Fraud Detection, BSA/AML Modernization)
Managing Regulatory Change and Risk
Cloud-Based Banking Technologies
Digital Assets (e.g., Stablecoins, Tokenized Deposits, Cryptocurrencies)
Building Your Financial Services Ecosystem (e.g., Fintech/Big Tech Partnerships, Third-Party Risk Management, Open Banking)
Four out of 10 respondents also reported concern about: Monetizing Data, UDAAP, Fair Lending, Housing Finance Reform and CFPB’s Rule 1033 on Open Banking. Credit unions ranked Monetizing Data much higher than banks (64% vs 45%), a hesitation that could affect many areas of growth.
Cybersecurity Compliance
Highly Concerned or Very Concerned
Cybersecurity remains the top regulatory concern for respondents. Mitigation measures like regular security assessments and multi-factor authentication can give banks and credit unions the tools they need to reduce risk and maintain trust with account holders.
Highly Concerned
Very Concerned
Moderately Concerned
Slightly Concerned
Least Concerned
AI Governance
Highly Concerned or Very Concerned
AI governance is the second biggest regulatory worry for respondents, and with good reason: a recent U.S. Government Accountability Office report highlighted AI risks, including biased lending decisions, data quality issues, privacy concerns and new cybersecurity threats.25 The OCC has issued guidance recommending transparency, accountability and strong risk management for AI systems26, while the NCUA launched a formal AI compliance plan to help credit unions use AI safely.27
Highly Concerned
Very Concerned
Moderately Concerned
Slightly Concerned
Least Concerned
Financial Crimes Compliance
(AI, Analytics, Fraud Detection, BSA/AML Modernization)
Highly Concerned or Very Concerned
Financial crime compliance worries many respondents. FinCEN’s proposed rule under the AML Act of 2020 would require all financial institutions to build “effective, risk-based and reasonably designed” AML/CFT programs.28 Without clear guidance, institutions face uncertainty that can increase the risk of compliance gaps or costly penalties.
Highly Concerned
Very Concerned
Moderately Concerned
Slightly Concerned
Least Concerned
Managing Regulatory Change and Risk
Highly Concerned or Very Concerned
Regulatory change is keeping institutions on their toes as rules continue to shift and evolve. For example, U.S. regulators recently proposed redefining “unsafe or unsound practices” and removing reputation risk from exam criteria, signaling a move toward more measurable, financial-based oversight.29
Highly Concerned
Very Concerned
Moderately Concerned
Slightly Concerned
Least Concerned
Cloud-Based Banking Technologies
Highly Concerned or Very Concerned
Cloud-based banking technologies offer many benefits to scale and resilience, but regulators are pushing hard to ensure that institutions don’t simply offload risk when they outsource to cloud providers. Financial institutions are expected to carefully negotiate contracts with cloud providers that include strong transparency and security provisions.
Highly Concerned
Very Concerned
Moderately Concerned
Slightly Concerned
Least Concerned
Digital Assets (e.g., Stablecoins, Tokenized Deposits, Cryptocurrencies)
Highly Concerned or Very Concerned
2025 saw regulatory shifts giving financial institutions more room to engage with crypto—but with higher expectations. The FDIC and OCC both rolled back earlier restrictions, now allowing activities like crypto custody and participation in blockchain networks as long as financial institutions can demonstrate strong risk management.30 31 With Congress advancing the GENIUS Act to create a clearer framework for payment stablecoins, institutions can expect both new opportunities and closer scrutiny ahead.32
Highly Concerned
Very Concerned
Moderately Concerned
Slightly Concerned
Least Concerned
Industry Insight
Banks and credit unions are navigating rising regulatory pressure in many areas, including cybersecurity and AI governance. At the same time, recent remarks from OCC and Federal Reserve officials encourage community banks to embrace digital assets and technology to stay competitive.33 Regulators are signaling expectations for stronger controls and continued innovation, creating pressure for institutions to advance on both fronts.
Expert Perspective
With the FFIEC’s Cybersecurity Assessment Tool (CAT) retirement in August 2025, experts see a growing gap between regulatory expectations and institutional readiness.34 Many institutions feel uncertain about what “good enough” looks like for AI and cybersecurity governance or evolving BSA/AML requirements.
To mitigate risk, compliance teams need a deeper understanding of how AI-enabled threats, fraud and cloud dependencies change their risk profile and how regulators expect those risks to be documented and addressed.