The new presidential administration means 2025 is likely to be a shifting year for regulators and the financial institutions they oversee. Despite all that change, many of the challenges for executives overseeing technology persist, ranging from bolstering cybersecurity, minimizing technology bloat and experimenting with AI.
For banks and credit unions thinking about upgrading or improving their technology strategy in the year ahead, the following themes from 2024 remain relevant.
Using the IT Steering Committee to Oversee Tech
One place for institutions to start is by making sure the IT steering committee is effective. These committees can help institutions oversee technology and make sure it’s being used efficiently and safely. Effective IT steering committees can help institutions manage the ever-growing tech budget, track the utilization of existing tech and think about fueling future growth, says Beth Johnson, a technology consulting principal with RSM US in the November episode of Reinventing Banking.
The technology budget is a major — and growing — expense, making it a key area of focus for institutions. Three-quarters of respondents said their tech budget increased between 2023 and 2024, with a median increase of 4%, according to Bank Director’s 2024 Technology Survey, sponsored by Jack Henry & Associates. But executives can sometimes struggle to translate long-term, strategic business objectives into infrastructure needs or software. Brad Smith, a partner at Cornerstone Advisors, recommends that IT steering committees use the institution’s strategic plan to determine where it needs to progress and create a technology road map for future investment.
Improving ROI
The IT steering committee can also help institutions ensure the tech they’ve purchased is producing an appropriate return on investment. Calculating their tech ROI is a major opportunity: 68% of bank senior executives and board members responding to Bank Director’s Technology Survey said their bank does not track return on investment for technology projects. To measure ROI, executives can start with clear goals and objectives, which will inform how to measure the project’s scope and impact and identify what information they need to track.
Another area where institutions could manage expenses — and potentially improve ROI — is finding and minimizing technology bloat. It’s not unusual for community financial institutions to have hundreds of vendors, says Patrick Sells, the founder of True Digital Group, which has a platform that helps banks manage their technology vendors. Those hundreds of names can hide outdated, redundant or complex software or systems. Reducing these redundant capabilities and systems can simplify technology stacks and save institutions significant dollars.
Experimenting with AI
Executives are increasingly curious about AI tools and exploring use cases within their institutions, even as bank regulators have yet to roll out formal guidance or regulations. One important way to govern the use of this technology is by establishing an AI acceptable use policy, says Vincent Maglione, chief information security officer at New York-based Grasshopper Bancorp. But only 33% of respondents said their bank had developed a policy, according to Bank Director’s survey.
Cybersecurity Improvements
Of course, not all executives are comfortable with the risks that come from using more powerful AI tools within their institutions. However, malicious actors may have no such qualms. AI lowers the barriers to entry for attackers, increases the sophistication, believability and automation of their attacks and allows them to launch attacks faster. Regulators are concerned about the speed and increasingly sophisticated capabilities of artificial intelligence and the threats to banks.
“I’m actually at a point in my cybersecurity career where I’m scared,” says Chris Silvers, the founder and principal consultant of security consulting firm CG Silvers Consulting. “And it takes a lot to scare me in cybersecurity.”
It’s worthwhile to continue bolstering cybersecurity defenses and training, since employees remain the first line of defense against attacks such as social engineering or phishing. Phishing is when a fraudster attempts to gain sensitive information by impersonating a legitimate person, website or company. An effective phishing awareness program can engage employees and emphasize that scammers often play on human emotions like fear, guilt or curiosity.
New Standards for Payments and Open Banking
The payments space continues to evolve in 2025 toward faster speeds and richer data. The Federal Reserve is migrating the language and format that its Fedwire Funds Service currently uses to the ISO 20022 standard in March. The ISO standard offers greater interoperability among global payment systems and types of payments, and richer data that could improve anti-money laundering and sanctions screening, according to the Federal Reserve. The migration is a chance for banks and credit unions to think about the opportunities that come with better payment information, says Sergio Aguilar, director of PayCenter at Jack Henry.
And while the changing of regulatory agency heads is expected to impact rulemaking, potentially including the Consumer Financial Protection Bureau’s open banking rule, it won’t stop the proliferation of the technology that the rule governs. Open banking is an approach that gives consumers more flexibility when it comes to sharing their financial data with providers of their choice. The CFPB’s open banking rule was finalized in October. The work to comply with this rule might be a hard sell for banks and credit unions that see open banking as relinquishing control of their customers’ data, but standardized technology could level the playing field for banks big and small, says John Pitts, the then-global head of policy at Plaid, during the September episode of Reinventing Banking. He points out that open banking technology is already used by a number of big institutions and nonbank players and would persist even in the absence of formal rules.