Technology risks move fast and spread widely through financial systems. As transformation and digitization accelerates, we forecast growing scrutiny and enforcement action on operational resilience, use of AI and crypto markets in the year ahead.
In 2026, fraud, cyber incidents, outages, and algorithmic bias are system-level storms, not isolated lightning bolts. Interconnected digital infrastructure in the financial sector and the normalization of real-time payments, digital assets and AI-driven decision-making will increase the speed and scale of harm if systems fail.
Failures often originate from third party technology platforms, and the UK is moving toward direct oversight of certain designated critical technology providers. But this doesn’t dilute expectations on financial institutions to prevent, detect and remediate damage.
Cyber incidents in particular serve as potent litigation and enforcement triggers, with scrutiny driven by customer impact, data exposure, and service disruption, rather than technical failure or negligence alone.
A handful of enforcement decisions have already been made, with the potential for momentum in 2026. Last year, one US financial broker agreed to pay fines of $45 million to cover data breach and record-keeping failures. In the UK, the FCA also levied fines and sought redress for a customer data hack involving a credit reference agency.
The AI outlook is similarly unpredictable. As States in the US fight back against federal limits on AI regulation, and European policymakers delay the full rollout of the EU AI Act, uncertainty persists
Regulatory gaps and fragmentation notwithstanding, both AI harm and use of AI as a tool for detecting and preventing financial crime will draw the attention of financial regulators. From discrimination to AI-enabled fraud, enforcement action and disputes are on the horizon. Ensuring robust governance, risk management and accountability structures is therefore critical for financial firms in 2026.
Risk of disputes is also rising in crypto as the market matures. In the UK, regulators already enforce AML and financial promotion rules, but full FCA authorization and conduct requirements will soon become the price of entry, raising the bar on compliance.
We forecast new enforcement actions for unauthorized promotion of crypto services and investigations into crypto fraud and money‑laundering schemes in the coming year.
This comes in contrast to the US, where the SEC has deprioritized crypto enforcement under the direction of the current administration. At a state level, however, we do see potential for enforcement against unlicensed activity, ICO fraud, and deceptive promotions, alongside examples of regulatory innovation. Florida, for example, has created a regulatory sandbox to supervise innovative fintech use cases and lower barriers to entry.
Interconnected risks
“Technology and financial risk are ever more interconnected, and regulators’ expectations for operational resilience and compliance are rising as a result. Stress-test your systems regularly — including third party providers — and make sure your governance protocols keep pace with new AI use cases and digital tools.”
Matt Baker, Partner, Financial Services Disputes and Investigations
Get ahead for digital asset normalization and adoption
With the UK’s stablecoin regime due to be finalised in H2 2026, and the new cryptoasset authorisation gateway opening in September 2026, firms should move now to strengthen governance, custody, settlement, and disclosure frameworks ahead of the UK’s shift to full digital asset regulation.
Stay up to date with our latest Financial Regulation and Disputes insights
Prevailing winds
