Securing the Future of Finance
2nd July 2025 • Park Plaza Victoria, London, UK
Hyper-personalized AI-driven banking, banking-as-a-service, DeFi, crypto – can security cope with innovation?
Balancing innovation, compliance and security
The rise of AI-driven hyper-personalization, platform banking, super-apps, Banking-as a-Service (BaaS), and DeFi/crypto presents a range of cybersecurity challenges and regulatory concerns.
The AI models that drive personalization (and those in fraud detection and credit scoring) can be attacked via Adversarial AI, Model poisoning and Bias exploitation.
Super-apps & platform banking integrate multiple financial services, third-party partners, and open APIs. This creates issues both with integration of legacy systems but also an expanded attack surface with more entry points for hackers due to interconnected services.
Cloud and de-centralized banking models, such as super-apps or platform banking initiatives, increase these risks and add others. Cloud-first banking and open APIs increase misconfiguration risks. Third-party integrations may expose sensitive data. And insecure API authentication is a hard-to-detect and dangerous threat vector.
Embedded finance & BaaS allow non-banks to offer banking services, introducing new players into the ecosystem who may not be as well defended as highly-regulated banks, insurers and asset managers. And then DeFi & crypto operate with pseudo-anonymous transactions increasing the risk of fraud, money laundering, and synthetic identity theft.
DeFi and crypto does not just mean the wilder ends of the digital asset spectrum either: central bank digital currencies and the tokenisation of traditional financial assets are developing fast and introduce huge additional cybersecurity challenges and risks.
And that is without even starting to think about the threats posed by Quantum Computing and the threats to traditional cryptographic algorithms, compromising banking security.
All of this has spurred a huge burst of regulation. In open banking & API security we have the EU’s PSD2 & PSD3, the UK’s Open Banking Standard and the US CFPB’s 1033 Rule. Around Cloud and platform banking compliance we have DORA, the US FFIEC cloud computing risk guidelines, and the UK FCA’s operational resilience framework (PS21/3).
AI & ML in banking is now a big focus (as is the data quality these models will rely on). So, we have the EU AI Act. We have US Regulators the OCC, CFPB, and SEC all expecting AI models to follow explainability and fairness standards. And the Basel Committee on Banking Supervision (BCBS) has issued guidance on AI/ML governance frameworks.
For DeFi, Crypto and digital assets the EU has MiCA to address AML, fraud risks, stablecoins; in the US SEC and CFTC have been increasing oversight of crypto markets and DeFi, at least until recently. And FATF has recommendations on KYC, AML rules for crypto and DeFi platforms.
So how can banks balance all of this innovation with security? This event will look at, amongst other topics, how banks are:
• Strengthening AI/ML governance to prevent fraud & bias exploitation.
• Securing APIs & cloud services to prevent platform banking breaches.
• Ensuring digital identity security in DeFi, BaaS & embedded finance.
• Preparing for quantum-resistant security before threats materialize.
• Ensuring compliance with all of the new regulations without stifling the business