What’s in store for banking in 2025?

Evolving risk

From threats related to credit risk or market fluctuations, the concerns have now shifted to the very core of banking operations and the business models of banks. Cybersecurity breaches, which were once a rare occurrence, have now become an everyday occurrence that could bring down even the mightiest banking giants. Where fintech and decentralized finance (de-fi) increasingly threaten banks, economic shocks if anything, amplified by global interconnectedness can wipe out even the sturdiest of balance sheets in the blink of an eye. For Tier 1 banks, the stakes have never been higher. Given their systemic importance, a single failure might trigger a cascading effect throughout the global economy. Tier 2 banks are smaller, yet not immune. A regional focus belies a vulnerability to economic downturns or shifts in consumer behavior at the local level.

Technological disruption

The rapid pace of technological change is fundamentally changing banking. Fintech and big tech have forced banks to embrace digital technologies. These market players are forcing banking institutions to continually and dramatically improve, expand, and innovate their services, processes and customer-oriented strategies.

These disruptors deploy technology in an endeavor to execute solutions at lower cost, with higher speed and far more convenience, appealing to the significant share of the market which could lead to a loss of both market relevance and market share for banks. The rise of cryptocurrencies and, more so, de-fi threatens to upend the very fabric of the traditional banking model. These disruptors could impact the role of traditional banks in the financial ecosystem as these trends continue to gain traction. 2025 will see these changes accelerate at unprecedented rates. What’s

The banking industry stands at the threshold of an AI-driven transformation that promises to radically reshape the way institutions operate and serve their customers. The integration of AI presents both an opportunity and a challenge. Those banks able to execute complete AI strategies in line with regulatory, ethical, and workforce considerations will acquire a competitive advantage. With the fast-paced continuous development of this industry, a delicate balance between innovation and responsibility is the only viable way to ensure sustainable competitiveness in the AI-driven future of banking.

Artificial General Intelligence (AGI)

Artificial General Intelligence will likely become mainstream, as a greater number of banks incorporate AGI into their business processes. For banks who have incorporated machine learning, through pattern analysis on usage behavior, fraud detection and risk management, the incorporation of AGI will further enhance them.

Generative AI transformation

Generative AI is changing core banking in several big ways. Advanced language models make customer service interactions more natural and context-specific, enabling the virtual assistant to handle complex queries and give in-depth financial advice. AI-driven systems smooth document processing by automating document analysis, generating reports with insights, and extracting data, considerably reducing the time spent on manual processing. AI-driven solutions create less dependence on compliance management, by simplifying regulatory reporting, enhancing anti-money laundering through automated risk identification, and producing compliance documentation.

Agentic AI

Customer-oriented interactions require an increase in two-way digital conversations with banks, not today’s one-way push notifications. The time is right for enterprises to build on this trend with the growth of Agentic AI platforms and appropriate use cases.

Data-centric security

In 2025, banks will increasingly leverage AI to drive efficiency and innovation, and the concept of datacentric security has become paramount. Traditional perimeter-based security models will continue to be foundational for AI security, but they are, on their own, no longer sufficient. As AI-enabled cyberattacks become more common, the need for enhanced data security measures will become more evident. This will continue to force renewed emphasis on data governance, compliance with data protection regulations, and new standards for data residency will demand it.

The cost of protection, like Zero Trust and data security controls, will be small compared to the costs associated with potential data breaches, unauthorized access and AI-driven adversarial attacks.

AGI security

Banks are utilizing AGI to transform their customer digital experience; threat actors will be using that very same technology to perform deep fake and other scams to fool bank customers. AI costs have decreased substantially, so an increasing use of AI to attack banks is expected.

Ransomware as-a-Service (RaaS)

Ransomware, like other threats, has evolved over the years. From the encryption-only approach, ransomware has morphed to a dual threat malware (exfiltrate data and encryption) to ransomware as-a-Service (RaaS) with threat actors offering ransomware and other tools and services to affiliates for a share of the profits.

Industrialization of cybercrime tools

The industrialization of attack tools increases the significant cyber risks that organizations face, including credential theft, data breaches, operational disruptions and reputational damage.

With deep fake and social engineering scams flourishing across the banking industry, criminal organizations have developed realistic audio, video, and image manipulations to exploit trust, identity theft, executive impersonation and market manipulation.

Supply chain

As in previous years, banks that depend on IT, cloud and telecommunication service providers in 2025 may discover certain vendors with whom they are working may suffer attacks and be compromised by statesponsored adversaries or others.

The traditional response to mitigating supply chain attacks has been the evaluation of third-party risk management and assessment, as well as developing contractual agreements that impose financial penalties on these providers. Unfortunately, reliance on these activities is reactive and cannot prevent attacks from occurring.

In 2025, we see more information sharing and collaboration among industry players to learn from each other and build better defenses against infiltration from third-party providers. This is a main tenet of Digital Operational Resilience Act (DORA), UK regime for Critical Third Parties (CTP), and Network and Information Security 2 (NIS2). Strategic IT partners, such as DXC, can offer a great deal of value in helping to defend against infiltration, and in contributions to industry collaboration.

Reducing disruption

Throughout 2025, industries and sectors including banks will witness a significant change in the wake of regulatory requirements like DORA, CTP, and NIS2 for sound digital operational resilience.

The convergence of these regulations represents an evolutionary leap in how banks approach both operational resilience and cybersecurity. While adopting these new regulatory frameworks it will introduce a strategic differentiator by establishing improved operational efficiencies, customer trust, and a competitive positioning environment.

Banks are obliged to adopt sophisticated information and communications technology (ICT) risk management frameworks, including an effective incident reporting system, resilience testing, and third-party risk management. Banks need to implement sophisticated cybersecurity measures, conduct periodic security audits, and report significant cyber incidents in good time. This, together with the focus of the directive on collaborative defense mechanisms, will encourage banks to engage in information sharing with regulators and industry peers, further building the resilience of the overall financial sector.

This shift will demand significant investment in ICT infrastructure and data analytics to support ongoing reviews of risk management to ensure compliance with new regulations and enhancements to operational resilience.

Necessary measures

The goal is to create a culture of proactive risk management and continuous improvement. A focus on operational resilience should reduce the impacts of ICT-related disruptions and their related costs (downtime events, data breaches, etc.), driving increased customer trust and satisfaction. It will spur innovation by providing solid security, a stable environment, and allow for the safe adoption of new technologies.

Getting everyone onboard

Today, most people use online banking; digital-only bank accounts are growing; utilization of mobile services is increasing with more people switching banks to obtain a better digital customer experience. Winning and retaining younger customers will be important to ensure long-term customer lifecycle growth for banks. Thus, we see even greater demand for investment in technologies that provide seamless, omnichannel, personalized experiences. Some examples include:

• Omnichannel technology advancements and capabilities are outpacing banks’ abilities to respond promptly. Technology has created a society of customers who expect more and more from their digital online experience while demanding a more personalized customization, more protection and control of their data and privacy, and more two-way interactions through a one-stop shopping seamless omnichannel experience. The convergence of edge technologies, including AI, allows these frictionless interactions to happen and will continue to be a focus for banking services providers.
• As standard, embedded finance, powered by Open Banking and Application Programming Interface (API) ecosystems, will continue to be a focus area for investments by retail banks, ensuring that financial services are seamlessly integrated into the everyday lives of their customers.
• Advanced analytics will let banks provide hyper-personalized products and services. Digital wallets, real-time payments, and contactless transactions will facilitate the customer experience, bringing intuition and ease to customer interactions.

Payment technologies

The evolution in instant payment technologies and services is making it easier for customers to pay their peers (P2P), move money between accounts (A2A), and consume more products including quicker refunds. Will this evolution in technologies encourage the adoption of micro payments and transaction volumes in virtual worlds?

Identification and authentication

Decentralized digital identities, enabling secure and unique digital identification and authentication via digital channels, will grow in importance. They will support better control of personal data, protect user privacy, and facilitate standardization and interoperability across platforms (and borders). This may also support the ESG agendas of the banks by promoting inclusivity, reducing paper and securing identities.

• Learn more about UK Banking and Capital Markets
• Learn more about DXC’s work around data and AI
• Explore more Insights from DXC