Expert analysis on financial regulation, global markets, compliance trends, and operational excellence — from the team behind three decades of institutional service.
With the SEC and ESMA rolling out new AI governance frameworks in Q1 2026, financial institutions are racing to align their machine learning models with explainability mandates. We explore what compliance teams need to know — and how Panache is helping clients stay ahead.
Read Full Article
After years of negotiation, the Basel Committee's final framework takes full effect. We break down the capital requirement changes and operational impacts for multinational institutions.
Read More
With new sanctions packages affecting cross-border transactions across Eurasia and the Middle East, financial institutions face unprecedented compliance complexity. Our guide to staying compliant.
Read More
With the ECB's digital euro and China's e-CNY now processing live transactions, correspondent banking networks face a fundamental transformation. What operations teams must prepare for.
Read More
The Fed, ECB, and Bank of England now require climate scenario analysis for all supervised institutions. We outline the 2026 testing frameworks and how to integrate them into existing risk models.
Read More
As FedNow adoption surges past 2,000 institutions, real-time fraud detection has become the defining operational challenge. Best practices from institutions that are getting it right.
Read More
The SEC's T+0 mandate for US equities went live in March 2026. A behind-the-scenes look at how Panache guided institutions through the operational overhaul — and the lessons learned.
Read MoreWeekly insights on financial regulation, global markets, and operational excellence — delivered to your inbox every Monday.
No spam. Unsubscribe anytime.
Executive Summary: The SEC's AI Risk Management Rule and ESMA's Algorithmic Trading Directive 2.0 are fundamentally changing how financial institutions deploy machine learning. Institutions have until Q3 2026 to comply — here's what compliance and operations leaders need to know.
For years, financial institutions deployed AI models with minimal regulatory oversight — relying on internal governance frameworks that varied widely in rigor. That era ended in January 2026, when the SEC published its final AI Risk Management Rule, followed closely by ESMA's Algorithmic Trading Directive 2.0 and the UK FCA's Consumer Duty AI guidance.
The common thread across all three frameworks: explainability. Regulators are no longer satisfied with "the model works." They want documented evidence of why it works, how decisions are made, and what guardrails prevent discriminatory outcomes.
Every AI model used in a regulated function must now have:
At Panache, we've helped clients build centralized model registries that track all AI assets across the enterprise — from credit scoring models to fraud detection systems. The key is treating AI models with the same rigor as financial models under SR 11-7.
Fully autonomous AI decision-making is now restricted in several areas:
Static validation is no longer sufficient. Regulators now expect:
Over the past six months, our compliance and technology teams have worked with seven major financial institutions to build AI governance frameworks. The engagement typically follows three phases:
Catalog every AI/ML model in production, classify by regulatory risk, and identify gaps against new requirements.
Build documentation templates, deploy monitoring tools, establish governance committees, and train staff on new procedures.
Run mock regulatory reviews, address findings, and produce the first quarterly attestation package for board sign-off.
Our team can assess your current state and build a compliance roadmap tailored to your institution's AI footprint.
Schedule an AI Compliance Review
After nearly a decade of deliberation, the Basel Committee's final Basel IV framework took full effect on January 1, 2026. With output floors, revised credit risk approaches, and operational risk overhauls, global banks are recalibrating their capital strategies.
The most consequential change is the 72.5% aggregate output floor, which limits how much capital benefit banks can derive from internal models versus standardized approaches. For institutions that relied heavily on internal ratings-based (IRB) models — particularly for mortgage and corporate lending — this means a significant increase in risk-weighted assets (RWAs).
Our analysis of mid-sized and large European banks shows RWA increases of 8–18% under the output floor, translating to billions in additional capital requirements. US banks, already subject to the Collins Amendment floor, face a more modest impact — but the operational risk changes affect everyone.
The replacement of the Advanced Measurement Approach (AMA) with the Standardized Measurement Approach (SMA) is perhaps the most operationally intensive change. Key implications:
The Fundamental Review of the Trading Book (FRTB) brings revised credit valuation adjustment (CVA) frameworks alongside standardized and internal model approaches for market risk. Banks with significant derivatives books face the dual challenge of implementing FRTB and Basel IV simultaneously — straining both technology budgets and risk talent pipelines.
We've guided six institutions through Basel IV readiness assessments. Our approach covers:
Our regulatory change specialists can assess your institution's readiness and build a practical compliance roadmap.
Schedule a Consultation
The sanctions landscape in 2026 is more fragmented than at any point since the post-9/11 era. With diverging US, EU, and UK regimes — plus growing secondary sanctions exposure — financial institutions must navigate a compliance minefield.
The unified Western sanctions front that characterized 2022–2024 has fractured. The US maintains the broadest sanctions — particularly targeting technology transfers and energy sector transactions. The EU has carved out humanitarian exemptions and food security carve-outs. The UK, post-Brexit, has developed its own independent sanctions framework under the Office of Financial Sanctions Implementation (OFSI) that sometimes diverges from both.
For global banks, this means transaction screening must now check against three increasingly different lists — with different ownership thresholds (50% vs. 33% vs. "control" standards), different sectoral restrictions, and different licensing regimes.
The most significant development in 2026 is the expansion of secondary sanctions — where the US penalizes non-US persons for transactions that would be legal under their own country's laws. Key risk areas:
Integrate OFAC, EU, UK, and UN sanctions lists into a single screening engine with jurisdictional rule sets. Avoid screening against each regime separately.
Deploy tools that automatically aggregate beneficial ownership across complex corporate structures to apply the appropriate ownership threshold for each regime.
Sanctions lists now update multiple times per week. Automated ingestion and immediate screening re-runs are essential.
Our compliance team can review your sanctions screening framework and help close gaps before regulators do.
Request a Sanctions Review
The European Central Bank's digital euro and the People's Bank of China's e-CNY are now processing live transactions at scale. With 15+ central banks in advanced pilot stages, correspondent banking faces its biggest operational shift since SWIFT.
Correspondent banking — the backbone of cross-border payments — has operated on essentially the same model for decades: nostro/vostro accounts, batch processing, and multi-day settlement. CBDCs challenge every layer of this stack. When two jurisdictions both have live CBDCs, transactions can settle in near-real-time without intermediary banks holding prefunded accounts in each currency.
The Bank for International Settlements' Project mBridge — connecting China, Hong Kong, Thailand, and the UAE — has demonstrated CBDC-based cross-border settlement at a fraction of traditional costs. As more jurisdictions join, the volume of correspondent banking traffic will shift toward CBDC rails.
Banks must run CBDC network nodes with 24/7 uptime requirements. This demands new monitoring infrastructure, key management for digital signing, and integration with core banking ledgers.
Real-time settlement eliminates float but creates new intraday liquidity challenges. Treasury teams need real-time position visibility across CBDC and traditional rails.
CBDCs can be designed with varying privacy levels. Banks must adapt AML screening to work across both transparent and privacy-preserving CBDC architectures.
No single CBDC standard has emerged. Banks must build bridges between incompatible protocols — a technical and operational challenge requiring dedicated engineering resources.
We help financial institutions assess CBDC readiness and build integration roadmaps that preserve correspondent banking revenue.
Explore CBDC Readiness
The Fed, ECB, and Bank of England have all finalized mandatory climate stress testing frameworks. By Q4 2026, every supervised institution above $100B in assets must submit results. Here's what the tests cover and how to integrate them into your risk management.
Regulators have standardized on three climate scenarios, each spanning a 30-year horizon:
Sudden policy action after 2030 creates stranded asset shocks. Carbon-intensive sectors face rapid repricing.
Gradual carbon pricing and technology adoption. Lower short-term impact but persistent transition risk.
Limited policy action leads to severe physical risks: coastal flooding, agricultural disruption, supply chain failures.
The single biggest challenge for institutions is data. Climate stress testing requires information most banks don't have:
Climate risk is not a separate exercise — it must be integrated into credit risk, market risk, and operational risk frameworks. At Panache, we recommend a three-phase approach: data gap assessment and remediation (months 1-4), model development and calibration (months 3-8), and parallel running alongside existing stress tests before regulatory submission (months 7-12).
Our risk team can assess your climate data readiness and design a practical implementation plan.
Start Your Assessment
FedNow adoption has surpassed 2,000 financial institutions in 2026, processing over $1.2 trillion in monthly volume. But with instant, irrevocable payments comes an urgent challenge: real-time fraud detection that can match real-time settlement speeds.
Early FedNow data reveals a troubling pattern: fraud rates on real-time rails are running 3-5x higher than ACH. The reasons are structural — instant irrevocability means fraudsters can extract funds before detection systems trigger. Traditional batch-based fraud analytics simply cannot keep up.
The most common attack vectors include authorized push payment (APP) fraud where victims are socially engineered to authorize payments, account takeover using credentials purchased on dark web marketplaces, and synthetic identity fraud exploiting gaps in real-time verification.
How users type, swipe, and navigate reveals identity more accurately than passwords. Leading institutions deploy behavioral analysis that flags anomalies in real time — unusual typing cadence, mouse movement patterns, or navigation paths can trigger step-up authentication before payment release.
Machine learning models trained on real-time payment patterns can score transactions in under 100 milliseconds. Key features include deviation from normal payee patterns, time-of-day anomalies, velocity checks across multiple accounts, and device fingerprinting.
The UK's CoP system — which verifies that the account name matches the intended recipient — has reduced APP fraud by 35%. US institutions are now implementing similar verification layers integrated directly into the FedNow payment flow.
The CFPB has signaled that financial institutions bear responsibility for real-time payment fraud losses when reasonable detection measures weren't in place. Expect formal guidance in H2 2026 establishing minimum fraud detection standards for FedNow participants.
Our technology and risk teams can evaluate your FedNow fraud detection capabilities against evolving regulatory expectations.
Request a Fraud Assessment
When the SEC announced the T+0 settlement mandate for US equities in March 2026, many institutions scrambled. Having guided T+1 transitions in 2024, Panache was ready. Here's how we helped three banks complete the operational overhaul in under 90 days — and the lessons every institution should learn.
Under T+0, trade settlement must complete by end of day on trade date. This collapsed a multi-day process — trade matching, allocation, affirmation, netting, funding, and settlement — into hours. Every operational bottleneck that was manageable under T+2 became critical under T+0.
Mapped every step in the trade lifecycle across front, middle, and back office. Identified 47 process steps requiring acceleration or automation. Critical finding: institutional allocations were the single biggest bottleneck, with 60% still arriving after 4pm ET.
Deployed automated trade matching engines, real-time allocation platforms, and API integrations with DTCC's SIFMU infrastructure. Established straight-through processing (STP) for 95%+ of flow. Implemented exception queues with 15-minute SLA response times.
Three weeks of parallel operations — running T+0 processes alongside legacy T+2 to validate accuracy. Built real-time reconciliation dashboards. Conducted failover drills for system outages, market volatility events, and counterparty defaults.
Phased cutover by asset class. Dedicated war room with real-time monitoring for first two weeks. Average settlement rate of 99.2% by end of week 2, exceeding the 98% regulatory threshold.
Whether you're still transitioning or optimizing post-go-live, our operations team can help reduce settlement fails and improve STP rates.
Talk to Our Operations Team