<\/p>\n
When U.S. regulators unveiled revisions to the so-called But beyond the initial enthusiasm is a practical question: When the formula no longer rewards better risk management, will banks have the discipline to hold capital for their unique operational risks?<\/p>\n By easing certain capital constraints, the new proposal does more than adjust balance sheets; it subtly, but meaningfully, shifts accountability.<\/p>\n Nowhere is this more evident than in This erosion occurs precisely at the wrong moment, as AI makes threats more adaptive, faster to replicate and harder to attribute. Recent research from New transaction models add further complexity. Crypto assets, stablecoins and emerging forms of agentic commerce are advancing faster than the surrounding ecosystems of fraud management, dispute resolution, legal accountability and operational resilience. Meanwhile, instant, irrevocable payments through rails such as real-time payments and FedNow present additional risks, as do the expanding universe of fintechs and third-party providers that banks increasingly facilitate and engage with.<\/p>\n History suggests that when these mismatches surface, the losses don’t rest on the innovators or intermediaries. They flow back to the banking system. The mortgage crisis, with AAA bonds that went bust overnight, offers a costly reminder.<\/p>\n All of which points to the core challenge: Managing operational risk without regulatory compulsion requires a high degree of self-discipline. The financial system’s track record suggests that sustaining that discipline voluntarily has never been easy.<\/p>\n For nearly two decades, banks have been conditioned to respond to mandates. Mechanisms such as confidential communications from regulators outlining “matters requiring attention” and consent orders worked not because they were elegant, but because they eliminated ambiguity. Deadlines were real, consequences were visible, boards paid attention and resources were ring-fenced.<\/p>\n Absent this external pressure, the organizational muscle to drive difficult, preventative change has weakened.<\/p>\n Rebuilding that strength requires more than tightening policies. It entails reinventing how risk management is embedded into everyday operations, decisioning and technology. In the AI era, the operating model must shift from periodic review to continuous oversight, with controls that are testable and adaptable as products, channels and threats evolve.<\/p>\n There are some basic “no-regret” moves that banks should consider. First, embed risk-by-design into workflows so discipline becomes the default. The goal is not more controls. It’s better controls built into the work, so resilience is achieved in-process, rather than checked after the fact.<\/p>\n Second, fight fire with fire. As bad actors use AI and deepfakes to scale fraud, banks should deploy the same technology to strengthen threat detection and respond. Models and agents can improve early warning, monitor continuously and help triage and scale investigations without increasing headcount. But the real reinvention is to move from “alerts and queues” to closed-loop prevention: learning from outcomes, hardening controls and adapting playbooks as adversaries change.<\/p>\n They should also clarify accountability across the lines of defense. Self-discipline breaks down when no one owns the outcome. Accenture’s recent Lastly, banks can manage operational risk using timely data, not stale reports. Many operational losses start as small signals, such as data quality issues, manual workarounds and control breaks. Real\u2011time governance is the only reliable way to detect and correct these problems before they escalate.<\/p>\n Encouragingly, more than nine in 10 (92%) banking C-suite leaders plan to invest more in AI in 2026 according to The best-run banks will treat this moment as an opportunity to reinvent governance and discipline around risk. Even as capital rules loosen, they will keep investing in forward\u2011looking scenario analysis, strengthen resilience before losses arrive and adjust size buffers to the quality of their risk management, not just the regulatory minimum. The trade-offs are real, but so are the long-term benefits.<\/p>\n<\/div>\n