This week, fintech’s direction was unusually clear: stablecoins moved deeper into regulated territory, cross-border payments kept compounding, and the industry’s risk conversation shifted from “security as a function” to security as a systemic constraint—especially as new AI capabilities raise the speed of exploit discovery.
Macro & Micro Trends in Fintech
Hong Kong issues its first stablecoin licences (and keeps approvals tight).
Hong Kong granted its first fiat-backed stablecoin licences—an explicit “regulated rails” step that’s likely to shape how stablecoins plug into consumer and merchant payments in Asia. Source: Reuters — Hong Kong grants first stablecoin licences
US Treasury advances the GENIUS Act implementation for payment stablecoins.
Treasury proposed rules that would treat permitted payment stablecoin issuers as financial institutions for BSA purposes and require AML + sanctions compliance programs—another signal that “stablecoins as infrastructure” now comes with bank-grade expectations. Source: U.S. Treasury — Treasury proposes rule to implement the GENIUS Act’s stablecoin framework
Federal Register: payment stablecoin issuers pulled directly into AML/CFT scope.
The proposed rule outlines AML/CFT and sanctions obligations for permitted payment stablecoin issuers—turning compliance from “future guidance” into concrete rulemaking. Source: Federal Register — Permitted Payment Stablecoin Issuer AML/CFT rulemaking
Wise shows cross-border volume strength ahead of Nasdaq trading (May 11).
Wise reported a 26% jump in quarterly cross-border volume and reiterated margin expectations—evidence that cross-border consumer + SMB flows remain durable even as pricing and compliance costs stay in focus. Source: Reuters — Wise reports cross-border volumes surge ahead of Nasdaq debut
Policy pressure rises around “X Money” and big-wallet compliance.
Sen. Elizabeth Warren demanded information about X’s digital wallet plans—highlighting how quickly new consumer wallets get pulled into scrutiny on compliance, consumer protection, and financial controls. Source: Payments Dive — Warren pounds X Money plans
Security & Cyber Trends
ECB prepares to question banks on AI-driven cyber risk (Anthropic “Mythos”).
ECB supervisors are gathering information and plan to ask banks about preparedness—an important escalation: AI model capability is now being treated as a direct supervisory concern. Source: Reuters — ECB to quiz bankers about new Anthropic model risks
BoE Governor Bailey flags major cybersecurity danger from the same model shift.
Bailey urged central banks and regulators to rapidly understand implications—reinforcing that the next wave of threats is about speed + scale, not just sophistication. Source: Reuters — BoE’s Bailey sees major cybersecurity risks in new Anthropic model
Reuters analysis: AI-boosted hacking could hit banks’ legacy systems hardest.
The analysis frames the risk as a multiplier on vulnerability discovery and exploitation—especially across older stacks and sprawling internal tooling. Source: Reuters — AI-boosted hacks could have dire consequences for banks
OpenAI reports a third-party tool security issue (no user data accessed).
Even without data exfiltration, third-party tooling remains a persistent fintech risk pattern: integrations expand the attack surface faster than most programs can inventory. Source: Reuters — OpenAI identifies security issue involving third-party tool
Russia rejects claims its hackers teamed up with Iran—geopolitical cyber risk stays elevated.
Regardless of attribution disputes, the practical takeaway for fintech is the same: threat activity and “spillover” targeting increase during geopolitical tension, raising baseline risk for financial infrastructure. Source: Reuters — Russia denies hackers teamed up with Iran for cyberattacks
Startups, Funding & Product Innovations
Airwallex launches a global POS push to bring in-person payments into its platform.
A notable move: Airwallex is going after the physical world, aiming to simplify multi-country in-person acceptance without onboarding local vendors in each market.
Source: TechCrunch — Airwallex is about to take on Stripe in the physical world
Fintech funding: more dollars, fewer deals (Q1 trendline).
Crunchbase data points to a “barbell” market: capital is there, but it’s concentrating—fewer deals, bigger winners, tighter selection. Source: Crunchbase News — Fintech startups raise more money in far fewer deals
Paysafe + MoonPay launch ‘Pay with Crypto’ for US iGaming deposits.
A practical stablecoin/crypto utility case: turning crypto deposits into USD for merchants—showing how stablecoins keep creeping into “normal” payment flows via niche, high-frequency verticals. Source: Paysafe Newsroom — Paysafe launches Pay with Crypto
MoonPay positions the same launch as a “native crypto funding experience.”
The messaging matters: payment UX is shifting from “workarounds” to more integrated onboarding and verification flows for crypto-funded deposits. Source: MoonPay Newsroom — MoonPay powers Pay with Crypto deposits for Paysafe
VC activity hits record levels—driven by mega-deals, not broad-based expansion.
Axios frames the 2026 dynamic as concentration: headline numbers look huge, but they’re skewed by a small number of massive rounds—useful context for how hard “normal” fintech fundraising may still be. Source: Axios Pro Rata — VC surge is increasingly concentrated
Final Words
This week’s theme: rails are getting regulated, and risk is getting faster. Stablecoins are becoming licenced products (not experiments), payments platforms are expanding into new channels (like in-person POS), and regulators are treating AI-accelerated cyber risk as a frontline stability issue—not a back-office concern.
If you want a practical, attacker-minded view of where your fintech is most exposed—APIs, auth flows, payment journeys, internal admin tooling, partner integrations, and third-party access paths—the ONSEC team can help with fintech-focused penetration testing and a prioritized remediation plan your engineering team can execute quickly.
Book a call with Us
Fintech Cyber Weekly 
Leave a comment