Fintech trends: Shaping risk and assurance in 2026

What is fintech? A brief history

Fintech refers to the use of innovative technology to deliver financial services, such as payments, lending, investing, or insurance, more efficiently, affordably, or inclusively. Fintech’s origins can be traced back to the late 19^th century with the development of the telegraph and transatlantic cable system. Placing the cables deep within the ocean enabled the transmission of financial information across borders, facilitating faster and more efficient communication between financial institutions.

The 1950s marked another key technological milestone with the introduction of the Diners Club card – one of the first universal credit cards. This innovation helped reshape how consumers spent money and utilized credit. In 1967, Barclays in London introduced the very first ATM, combining vending machine technology with banking.

Other early innovations focused on automating traditional banking processes, such as electronic payments and online banking, laying the groundwork for more sophisticated developments, including the establishment of the first state-chartered, FDIC-insured online banking institution. The 2008 financial crisis created distrust in traditional financial institutions, which spurred the expansion and advancement of fintech. This, combined with the rise of smartphones and mobile applications, led to the emergence of new digital financial products and services. The COVID-19 pandemic further accelerated the fintech boom. As people sheltered in place and minimized contact with others, the demand for digital payments and services continued to grow.

Key definitions of fintech

When auditing a business area, it’s important to understand the control environment. Here are the key terms and definitions you need to know:

Embedded finance

Embedded finance is the integration of financial services into non-financial platforms, such as offering loans through e-commerce sites or payments in ride-share apps, allowing users to access financing without leaving the platform. Embedded finance enables customers to store, receive, or send funds. Buy-now, pay-later lending apps, such as Klarna, or digital wallets, like Apple Pay, are examples of embedded finance.

Banking-as-a-Service (BaaS)

Banking-as-a-Service is a model in which regulated banks provide financial infrastructure (via an application programming interface) to fintechs or platforms, enabling them to offer services such as accounts, payments, or lending without requiring a banking license. An application programming interface (API) is a set of protocols and tools that allow software applications to communicate with each other, which is critical for connecting fintechs to banks and other infrastructure providers.

This model benefits fintechs by allowing them to avoid the time-intensive and costly process of obtaining a banking license, while the bank benefits from this relationship by earning revenue on the deposits or loans it houses.

Neobank

Neobank is a fully digital “bank” with no physical branches, offering services such as checking accounts, credit cards, and loans through a mobile app and in partnership with a licensed bank. Some examples of neobanks are Varo, GreenFi, Simple, Chime, and Greenwood.

What does the fintech industry landscape look like?

There is currently a more welcoming environment for fintech companies interested in seeking bank charters, with regulators reducing barriers to entry and lowering compliance costs. Against this backdrop, fintech innovations are transforming nearly every corner of financial services:

• Banking and personal finance - Fintech has enabled mobile-first banking, real-time budgeting tools, and personalized financial insights for consumers.
• Payments, remittances, and transactions - Digital wallets, instant cross-border transfers, and low-fee payment platforms have transformed how money moves globally.
• Lending and credit - Fintech lenders use alternative data and AI to deliver faster, more inclusive, and personalized credit decisions.
• Investment and wealth management - Robo-advisors, micro-investing apps, and AI-powered analytics have democratized access to investment strategies once reserved for the wealthy.
• Capital markets and asset management - Algorithmic trading, tokenization of assets, and digital platforms have streamlined market access and investment operations.
• Insurtech and Proptech - AI-driven underwriting, digital claims processing, and property valuation tools have simplified insurance and real estate transactions.
• Blockchain, cryptocurrencies, and DeFi - Decentralized finance protocols, crypto assets, and blockchain infrastructure enable transparent, programmable, and borderless financial services.
• Regtech, compliance, and security - Automated compliance workflows, real-time risk monitoring, and AI-driven fraud detection have improved regulatory efficiency and security.
• Infrastructure - Cloud-native cores, open banking APIs, and embedded finance platforms have modernized the financial ecosystem’s underlying technology.

What are the key risks of fintech?

Fintech companies face several key risks that must be carefully managed to ensure their success and long-term sustainability. Cybersecurity has emerged as one of the most significant risks, making it critical to understand where your data is stored, shared, and protected. While many fintechs employ sophisticated engineers and robust information security programs, this is not universally true. Therefore, assessing the cybersecurity measures of your fintech partners is essential to safeguard sensitive information.

Regulatory and compliance risks, as well as fraud, are other areas of significant concern. Fintechs that provide banking services or products are not exempt from regulatory risk and must ensure compliance with all applicable requirements. Operating your business entirely online introduces a significant risk of fraud, making your organization vulnerable to various types of scams.

Other risks include:

• Technology risk involves evaluating the reliability and security of the tech solutions used, while third-party risk requires scrutiny of the fintech’s partners and their affiliations.
• Model risk, particularly with the increased use of AI, requires assessing the models employed.
• Financial risk is pertinent to understanding the financial strength of your partnerships.
• Reputation and conduct risk, along with contagion risk, highlight the importance of reputation and trust in the fintech industry.
• Jurisdictional risk highlights the importance of understanding and complying with local regulations and requirements.

What are the key trends in fintech? How are they reshaping risk and compliance strategies?

There is currently a more welcoming environment for fintech companies interested in seeking bank charters by reducing barriers to entry and compliance costs. Against this backdrop, fintech innovations are transforming nearly every corner of financial services:

U.S. regulatory shifts

Changes in regulatory leadership have also shifted more positively toward bank and fintech partnerships, as well as cryptocurrency and other digital assets. New FDIC Acting Chairman Travis Hill’s recent statements indicate a desire to cut unnecessary red tape in support of innovation and economic growth. This change could mean a more favorable business environment for banks, particularly those engaged in fintech partnerships or other innovative activities.

While this evolving environment presents new opportunities for fintech innovation and market expansion, it isn’t the right time to lessen your compliance and risk management efforts around this new technology. Reputational risk should also remain a priority because it’s the foundation of your brand and what attracts people to do business with you.

Decentralized finance (DeFi) and stablecoins

Decentralized finance (DeFi) refers to a set of emerging financial products and services that operate on decentralized platforms, utilizing blockchains to record and share data. DeFi products and services are conducted without a trusted central intermediary, such as a bank. The benefit of DeFi is speed and potentially lower costs, however, the downside is that these transactions can be riskier without the protections that traditional banks provide.

Stablecoins are a type of cryptocurrency designed to offer price stability by pegging their value to other traditional reserve assets or fiat currency (your local currency) like the U.S. dollar. Stablecoin eliminates the risk of volatility that other digital assets, such as Bitcoin, often have.

The GENIUS Act

In July 2025, the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act) was signed into law. This landmark stablecoin bill is the first major crypto legislation in the United States. The GENIUS Act establishes a federal framework for stablecoins, providing regulatory oversight for stablecoin issuers and providers. The bill aims to establish clear rules for issuers and reserves while also protecting consumers and maintaining financial stability.

New bank charters and fintech IPOs

Currently, there’s been a resurgence of new bank charters and fintech IPOs. Historically, new bank charter activity has been low in the U.S., particularly after the 2008 financial crisis. Currently, there is a permissive stance on financial innovation, an upward trend that will likely continue.

Strategic insights for navigating fintech trends in internal audit

The use of Generative AI, or GenAI, is becoming increasingly mainstream in the financial services sector, with applications including personalized financial advice, conversational banking, and chatbots, as well as enhanced risk and compliance monitoring. While there are many solutions available to make internal auditors’ jobs easier, it is essential to take a step back and ensure your organization has clear policies regarding AI usage. Organizations should establish processes to identify and manage the risks associated with GenAI, including a sound risk management program and ongoing monitoring.

RegTech and compliance tech growth

Regtech, short for "regulatory technology," refers to the use of technology—such as automation, AI, and data analytics—to help businesses efficiently manage regulatory compliance, reporting, and risk management.

While RegTech and compliance technologies can benefit organizations, they also introduce new risks that must be carefully managed. To effectively monitor these technologies, you should:

• Identify the new technology.
• Classify the risks.
• Ensure proper monitoring and oversight of the risks by experts.
• Escalate any deviations.

Digital identity, authentication, and innovation

As digital identity and authentication technologies advance, identity verification becomes increasingly challenging and complex, particularly with the development of deepfake technology. Organizations must adapt their risk management strategies to ensure risks are promptly escalated and managed.

Setting internal audit up for success

Understanding existing control structures or regulatory guidance will help you apply your knowledge to new or emerging fintech trends. Most importantly, remember that the fundamental principles of auditing still apply. You’ll need to understand the risks and controls and determine if the controls are operating effectively.

Some additional guidance on learning new technology includes:

• Ask questions. Talk to tech teams and product owners.
• Attend demonstrations. Join internal walkthroughs or trainings.
• Review documentation. Read system or process documentation or technology specs.
• Join projects. Participate in pilot projects or cross-functional initiatives.
• Follow industry news. Stay current on trends relevant to your organization.

Finally, it’s critical to be aware of potential audit areas and apply your leadership to propose new test steps. This includes:

• Fintech (products, compliance, third parties, data and security, marketing, fraud and monitoring, AI/models, complaints, financials and resilience).
• AI (governance, data quality, model risk management, compliance, access and change controls, third-party AI, security, privacy, and impact assessment).
• Stablecoin (governance, reserve assets, peg mechanism, transparency, custody and safekeeping, redemption process, and regulatory compliance).

To successfully audit areas of emerging technology or fintech trends, it’s critical to adopt a continuous learning mindset and allow yourself to step outside of your comfort zone. You’ll need to be more proactive and put a greater emphasis on your own personal learning growth and development.