← Return to Blog

10 Jul, 2025

CEO Update - Q3 2025

The largest banks in the nation are employing Artificial Intelligence (AI)- powered "digital employees." A recent Wall Street Journal article spoke about two of the nation's largest banks utilizing AI to replicate human employee capabilities and workflows, primarily in areas of coding and payments processing.[1]

However, there is no standard definition of what an "AI agent or digital employee" is. AI Agents are mainly thought of as systems that take actions on behalf of humans. But what is an "action," and how are decisions made based on the available context?[2]

You may already be using AI. Whether it's your employees or vendors, your bank is likely already benefiting from and accepting the risks associated with Artificial Intelligence. Collectively, we are at the early stages of AI. If your bank is one of the 96% of community banks in the country and you are exploring the use of AI, consider the following as the first steps in assessing AI utilization.
  • Discovery: Ask your staff if they are using tools such as ChatGPT, Microsoft Copilot, or a multitude of other AI tools, and how they are utilizing those applications.
  • Determine: Determine how your bank should be using AI. You may be OK with some AI uses, but you likely do not want confidential customer information input into any AI applications. Involving the board in this discussion and documenting your decisions in the IT committee and board minutes is recommended.
  • Policy and Risk Assessment: Develop a policy regarding the use of AI. For the use of various AI applications, perform a risk assessment and document that assessment.
  • Controls: Implement controls, such as web content filtering, to limit access to applications that the bank has determined are not suitable for its use. Employees have many ways to access AI outside of the bank's control (on their phones, from home, tablets, etc.); incorporate approved uses of AI into employee acceptable use statements and employee training.

Equate technology investments to the power of compound interest. With compound interest, your money grows exponentially over time. Utilizing private cloud computing, AI, and other technological advancements results in a compounding effect, where your capabilities and desired outcomes grow exponentially over time. Technology is more than a tool; it is a foundational building block for gaining and keeping a winning edge to achieve your goals.

When considering next steps with AI, ask these two questions first:
  • What are we trying to solve for?
  • How does this help the customer?

There is a flood of vendors with all types of AI-powered tools that promise to make your life better, make you more money, make you younger, etc. Be cautious.

Survey Says: Consumers have less trust in AI-powered offerings. Recent research reflects that the use of AI in product marketing is a turn-off for consumers; however, the impact is less pronounced among younger generations.[3]

Speaking of the 96% of banks in the nation that are community banks. Your biggest asset when competing against others are the personal relationships you have with your customers. That is something that AI at the big banks is going to have a hard time competing with.

Another state bank trade association fell victim to a business email compromise (BEC) attack. Attackers are targeting trade associations for one reason: these targeted attacks are successful. Through compromising the email account of a person at an entity that bankers know and trust (such as a trade association) the attacker can then send malicious emails from the compromised account to bankers who are then likely to open the email and click on links or open attachments at a higher rate than if the email was to come from a less trusted source. Banks are stronger together; the more banks that join the BankOnIT community, the greater the ability to identify and take action on events such as this one, creating better outcomes for everyone.

"Evolving cyber threats by sophisticated malicious actors continue to target banks" was the lead into the Operational Risk segment of the OCC's Semiannual Risk Perspective for Spring 2025.[4] The OCC continues to observe cyber threat actors targeting banks of all sizes with ransomware attacks, emphasizing the importance of operational resilience, including testing business continuity and incident response plans.

Geopolitical Risk is Increasing.
  • Iranian Cyberattacks. The Department of Homeland Security has warned of an increased risk of cyberattacks from Iran and the Iranian government.[5]
  • Cyber Security Warnings. Multiple state banking supervisors have warned of the increased risk of cyberattacks.[6] [7]
  • North Korean spies want you to hire them…and companies are doing just that. North Korea has a heavily sanctioned economy and, as a result, has a need for hard currency. The FBI estimates that thousands of North Korean workers have been hired remotely by US companies while working for the North Korean government for the purposes of theft, extortion, and espionage. When Amazon's CSO was asked about this issue and what could be done about it, he said, "…you could have your employees come in five days a week". You could also hire in person instead of remotely.[8] BankOnIT's employees are hired in person, come to work, and are all in the USA.

Bank robberies down, cybercrime up. During the 1990s, there were about 9,000 bank robberies a year in the United States. By the 2000s, robberies were reported at around 8,000 per year, in 2010, the number decreased to approximately 6,000 per year, and in 2023, there were 1,362 reported robberies. Could it be that criminals now prefer cybercrime for its bigger payoffs and lower risk of being caught?

How many languages can you speak? Google announced an AI-powered speech translation capability for Google Meet.[9] The linked article contains sample video from Google of the translation. The AI translation shows a person speaking English with the translation occurring in near real time to fluent Spanish, it even mimics the speaker’s voice, tone, and inflection. One report said that when Google was asked how many of the world’s languages do they plan to interpret the reply was all of them; no detail on if that reply was AI generated.

We are here to help your bank win. Are you a financial institution Chairman, CEO, or President with questions about technology at your institution? Contact us at solutions@bankonitusa.com or 405-653-1920. Let us share with you how we are helping other banks and how we can help your bank win.

[1] Wall Street Journal June 30, 2025
[2] Wall Street Journal March 29, 2025
[3] Wall Street Journal June 29, 2025
[4] OCC Semiannual Risk Perspective Spring 2025 [PDF]
[5] National Terrorism Advisory System Bulletin - June 22, 2025 | Homeland Security
[6] Texas Department of Banking Industry Notice 2025-01 [PDF]
[7] New York State Department of Financial Services Industry Letter
[8] Wall Street Journal May 30, 2025 [Podcast]
[9] Google Meet Speech Translation

← Return to Blog

Disclaimer

This publication attempts to provide timely and accurate information concerning the subjects discussed. It is furnished with the understanding that it does not provide legal or other professional services. If legal or other expert assistance is required, the services of a qualified professional should be obtained.

Related Posts

Information Security Brief - July 2025

Have you gotten a call that looks like it’s from your local police department? Scammers are faking caller ID to imperson...

Read more

Information Security Brief - May 2025

Think that text message is from USPS? It could be a scam Have you ever gotten a text message about a package coming via ...

Read more

CEO Update - Q2 2025

What Does Winning Look Like at Your Bank? For some banks, it is achieving specific ROE or ROA metrics, while for others,...

Read more