At the Money20/20 Europe conference in Amsterdam, a collaboration led by Mastercard, ING and Worldline unveiled the continent’s first fully AI-driven payment transaction ([1]). In this groundbreaking demo, an autonomous AI assistant identified a desired product (concert tickets) online and executed the purchase end-to-end after receiving a single affirmative from the user ([2]). The transaction ran on live payments infrastructure – a significant milestone demonstrating that so-called “agentic” finance has moved from concept to reality ([3]).
This successful AI-powered payment intensifies pressure on other financial institutions. Until now, many banks and payment firms have limited AI to pilot projects or narrow use-cases. The fact that top-tier players completed a real transaction with an AI agent raises the bar for competitors, who will need to accelerate their own autonomous finance initiatives or risk falling behind. Crucially, it also spotlights the need for production-ready governance and risk management frameworks to oversee AI agents operating in live customer transactions, rather than in controlled sandbox environments ([4]).
Early adopters in other financial sectors are already reaping efficiency gains from AI autonomy. For example, London specialty insurer Hiscox reports that using an AI underwriting agent has slashed the time needed to generate complex policy quotes from three days to about three minutes – a 99.4% reduction in cycle time ([5]). Such dramatic improvements in speed and productivity show the transformative potential of AI for routine financial processes. At the same time, they underscore why boards and regulators will demand strong controls: as more operational decisions move to AI, human roles will shift toward oversight, and firms must ensure these agents act within safe parameters
Even as AI opens new frontiers, it is also prompting warnings about novel risks. This week Bank of England Deputy Governor Sarah Breeden cautioned that autonomous trading algorithms could “amplify volatility in stress” and potentially trigger market instability ([1]). Speaking at the ECB’s annual forum in Sintra on June 30, Breeden observed that existing financial regulations were not designed for self-directed AI agents, suggesting bespoke oversight may be required ([2]). Notably, she revealed the BoE is considering market-wide circuit breakers or “kill switch” mechanisms that would halt trading across the financial system if faulty AI models start to cause a systemic crash ([3]). The very notion of an AI kill-switch – unthinkable a year ago – is now on the regulatory agenda, signaling that authorities won’t hesitate to intervene directly in AI-driven markets when needed ([4]).
Breeden’s alarm echoes a growing global consensus that new safeguards are needed as AI takes on a larger role in finance. Earlier in June, the Financial Stability Board issued a set of 12 “sound practices” for responsible AI in financial services, emphasizing that manual human oversight is "no longer scalable" for high-autonomy systems and urging firms to treat AI agents as ‘synthetic employees’ with proper audit trails and identity controls ([5]) ([6]). Other regulators are also responding: India’s central bank (RBI) reportedly now requires banks to implement AI kill-switch capabilities after observing several high-profile AI trading glitches, and in the US, questions persist around who is accountable when AI-driven investment algorithms malfunction or mislead investors ([7]). Together, these warnings make clear that financial firms deploying AI in trading, portfolio management or other high-speed markets must strengthen their model risk controls and be prepared for more direct regulatory oversight. The era of "black box" AI with unchecked authority is rapidly drawing to a close
While innovation races ahead, regulators are racing to catch up. In the EU, the landmark AI Act becomes fully applicable on 2 August 2026 – just weeks from now – bringing a host of new legal obligations specifically relevant to banks, insurers, and fintechs ([1]). Under the Act’s risk-based regime, many of the AI systems used in financial services fall into the "high-risk" category (covering uses like credit scoring, loan approvals, fraud detection and anti-money laundering) and must meet strict requirements for training-data governance, bias testing, transparency, human oversight, and more ([2]). Non-compliance could incur fines as steep as €30 million or 6% of global annual revenue, making these arguably the most severe penalties ever applied to technology governance in the sector ([3]). Policymakers did grant certain extensions in May – for example, some AI embedded in regulated products gets until 2027 or 2028 to comply – but the core financial-sector provisions remain on schedule for enforcement this summer ([4]). European regulators and banking supervisors have noted that the majority of AI use-cases at financial institutions will indeed be subject to these "high-risk" rules, leaving many firms scrambling to finalize compliance documentation, model assessments, and registration of AI systems in the EU’s new database before the deadline ([5]).
Across the Atlantic, there is no equivalent federal law yet, but US regulators are tightening oversight through guidance. In February, the U.S. Treasury – working with financial regulators and 150 industry participants – released a Financial Services AI Risk Management Framework mapping out 230 best-practice controls covering governance, data integrity, model development, security, third-party risk, and explainability ([6]). While this framework is technically voluntary, it is widely expected to become a de facto baseline for regulators and examiners evaluating banks’ AI systems going forward ([7]). Likewise, the U.S. Securities and Exchange Commission has made “AI supervision and explainability” a priority in its 2026 examinations of broker-dealers and investment advisors, calling on firms to document how they govern AI tools and to be able to explain how automated decisions are made that impact customers ([8]) ([9]). The clear message from both Europe and the US: financial institutions must treat AI compliance and risk management with the same rigor as traditional financial risk and control domains – and the grace period for getting it right is nearly over
For established financial institutions, the competitive implications of AI’s rapid progress are becoming impossible to ignore. A recent global survey found that 52% of financial firms are already piloting or using autonomous AI "agents,” but only 28% of regulators have reached even a pilot stage with such technologies ([1]). Notably, fintech start-ups are outpacing incumbent banks in this domain, with 57% of fintechs deploying high-autonomy AI solutions versus 45% of traditional banks ([2]). In response, some leading banks are now dramatically scaling up their AI ambitions.
Spain’s Banco Santander, for example, is moving aggressively from “AI ambition to execution.” The bank’s Chief Data and AI Officer announced plans to expand AI capabilities from roughly 40,000 current users to all 185,000 employees worldwide ([3]). Santander already has over 280 automated AI agents in production handling processes across the bank, and it aims to generate more than €1 billion in value (via additional revenue and cost savings) between 2026 and 2028 through these AI initiatives ([4]). Early results are promising: in the first quarter of 2026 alone, Santander attributed €35 million in returns to its AI strategy and projects more than €200 million by year-end as deployments scale up ([5]).
Meanwhile, HSBC has turned to a technology giant to accelerate its AI journey. In a partnership announced on 17 June 2026, HSBC is working directly with Google Cloud and its DeepMind AI research team to develop and deploy over 200 new AI use cases across the bank’s global business lines within two years ([6]). This collaboration grants HSBC access to Google’s cutting-edge “agentic AI” technologies – including forthcoming large models like Google’s Gemini – and will initially focus on three areas: hyper-personalized wealth management for customers, advanced AI-driven financial crime detection, and tools to enhance front-line customer service ([7]) ([8]). Critically, HSBC is prioritizing only those new AI projects that can deliver at least $100 million each in net benefit, reflecting a shift among big banks from tentative experimentation to bold, ROI-focused AI investments ([9]) ([10]).
These moves by global banks highlight a strategic pivot: AI is no longer confined to innovation labs, but is being woven into the fabric of day-to-day operations enterprise-wide. As fintech challengers lead in deploying AI and big tech firms push into finance with advanced AI offerings, incumbent banks and insurers are betting that scaling up their own AI capabilities – and doing so responsibly – is essential to remain competitive
With industry racing ahead, the UK’s conduct regulator is also looking to the future. On 6 July, the Financial Conduct Authority (FCA) released the findings of its “Mills Review,” a broad study on how AI could transform retail financial services by 2030 ([1]). The FCA’s review identifies advances in AI as a new "systemic driver" of industry change and outlines four major “system shifts” that firms and regulators should prepare for this decade. One key shift is the “transformation of firms” – as AI matures, leading institutions are expected to move from using AI for assistance to full delegation of many processes to autonomous systems ([2]). By 2030, AI could become the primary means by which financial firms gather information, make decisions, and interact with customers, with employees increasingly overseeing and intervening in AI-driven processes rather than performing them manually ([3]). A second shift foresees new AI-enabled consumer journeys: customers may rely on personal AI agents to manage finances, find products, and even execute transactions on their behalf, raising new issues around transparency, bias, and consumer trust ([4]).
The third systemic shift the FCA highlights is a potential restructuring of competitive dynamics in financial services. AI could lower barriers to entry and enable digital-native challengers to scale rapidly, but it could also concentrate power in the hands of a few large AI and cloud providers that control critical platforms and data, possibly shifting customer relationships away from banks towards tech firms ([5]). Finally, the FCA warns that AI will heighten both the threats and defenses in financial crime and system risk. Fraudsters and cybercriminals are expected to leverage AI for more sophisticated scams – think deepfakes and automated social engineering at scale – while financial institutions and regulators will in turn need to use equally advanced AI for detection and cybersecurity ([6]). To address these coming changes, the Mills Review makes seven key recommendations, from enhancing firms’ AI governance and accountability mechanisms to new regulatory guidance on AI transparency, risk management, and oversight. The clear takeaway for senior leadership is that regulators anticipate AI fundamentally reshaping how financial services operate, compete, and are supervised – and they are starting to adapt the rulebook to keep pace