Fintech

 
As enterprise and consumer markets demand further efficiencies across financial services, the technologies enabling these advancements are becoming more innovative—spurring dealmaking and regulatory change.

Areas to watch

M&A

Financial institutions continue to look at the acquisition and development of technological solutions to create efficiencies, optimize customer experiences and manage risk. In the U.S., tech spending among banks has increased steadily with reports estimating that large banks spend approximately 14% to 20% of their noninterest expenses on technology-related spending¹. In Canada, financial institutions are actively partnering with fintechs and adopting emerging technologies into their operations: in the first three quarters of 2025, close to C$1 billion has been invested in Canadian fintechs².

Digital assets

Digital assets are continuing their integration into the mainstream financial market as investment instruments. Traditional investor appetite for cryptocurrencies is growing alongside a steady uptick in tokenized assets, an emergence of hybrid products and an increasing interest in stablecoins.

The global exchange-traded fund for Bitcoin has surpassed US$153B—showcasing strong institutional interest and growing momentum behind digital assets as an option for financial portfolios³. Tokenization of real world-assets is also accelerating. In H1 2025, US$23B in new assets were tokenized and traded on digital rails, offering dealmakers quicker access to liquidity⁴. This tokenization is driving an influx of hybrid financial products, where traditional assets such as stocks are being represented as digital assets on blockchains and other distributed ledger technology protocols.
 

 
 
Stablecoins, in particular, have taken centre stage and are poised to transform the payments space. The recent release of the draft Stablecoin Act (Canada) coupled with the implementation of the GENIUS Act (Guiding and Establishing National Innovation for U.S. Stablecoin Act) and Markets in Crypto Assets Regulation (MiCA) in the E.U. have led to a surge in regulatory discourse, industry advocacy and entrepreneurial momentum related to payment stablecoins. A recent survey of global financial institutions found that 13% of respondents currently use stablecoins, while 54% of non-users plan to adopt them within the next 12 months, positioning stablecoins as the “gateway for institutional crypto adoption”⁵.

The impact of stablecoins among traditional financial institutions is already being felt across the global banking landscape. Ten major global banks from across Canada, the U.S., the U.K., Switzerland and Japan have announced plans to work together to explore the creation of a blockchain-based asset tied to G7 currencies⁶. Japan’s three megabanks are collaborating on a stablecoin tied to the Japanese yen and U.S. dollar in a bid to create a unified standard for client transactions and cross-border payments⁷. As digital assets continue to grow, we can expect to see increased regulatory and investor focus, with traditional financial services companies and startups finding additional ways to collaborate on consumer-facing products.

Fintech and AI

Globally, early-stage AI-enabled fintechs are securing 45% higher venture capital deal values than their non-AI counterparts, with pre-money valuations running 242% higher⁸. AI is being used in wealth management (both directly by consumers and by wealth advisors), dispute resolution, fraud prevention and identification, and advisor support. Of these uses, agentic AI has been classed as a revolutionary technology for financial institutions, offering the ability to process data, automate customer service and execute tasks more efficiently.

AI use within insurance continues to increase, with AI models assisting with the identification and reduction of fraud and providing an improvement in customer experience. However, there are several risks associated with using AI in insurance analysis, including around bias and discrimination, data breaches and non-compliance with regulations. As such, financial institutions should consider taking certain steps to mitigate these risks.

Governments are introducing guidelines for ethical AI use in financial services. In Canada, the Office of the Superintendent of Financial Institutions (OSFI) has published a final guideline for financial services companies employing high-risk AI models. The guidelines, which take effect in May of 2027, operate on a risk-based proportionality principle with expectations for compliance dependent on an institution's size, complexity and model risk profile, among other things. Québec’s Autorité des marchés financiers (AMF) recently released draft guidelines on the use of AI systems for authorized insurers, financial services cooperatives, trust companies and deposit-taking institutions that, once launched, will present a framework for risk assessment, testing and monitoring, governance, transparency and the ethical treatment of customers.
 

 
Regulatory tech

In 2024, banks paid US$19.3B in global fines, the highest the industry had seen to date⁹. Class actions within financial services are also increasing, with many spurred by alleged non-compliance. To help manage and improve risk and compliance processes, financial institutions are increasingly turning to regtech (i.e., technology that improves regulatory processes). The use of AI-powered regtech is also quickly expanding, with 85% of compliance processes expected to incorporate AI by 2026¹⁰.

Regtech is shaped by several international and regional laws. These include the E.U.’s newly-in-effect Digital Operations Resilience Act (DORA), which creates a unified framework for managing ICT risks and provides regulators with direct oversight of ICT third-party providers, and the General Data Protection Regulation (GDPR), which has spurred on products that help financial institutions conduct privacy assessments, monitor compliance and protect data.

The Canadian regtech industry’s value is expected to reach US$877.60M by 2029¹¹. As more financial services organisations further integrate third-party tools to help them manage their compliance, they should monitor governance, risk management and resiliency requirements OSFI has set out for both financial institutions and the third-party regtech products they employ.

Mitigating risk

Evolving regulations

Fintech regulation is complex—with players within the space having to balance multi-jurisdictional rules and varying industry standards. For digital assets, the introduction of the GENIUS Act in the U.S., coupled with differing stablecoin regulatory approaches in other major economies, has ignited conversation about the best approach for Canadian federal regulations, particularly around alignment with international standards.

Anti-money laundering regulatory changes are also afoot, with several amendments across the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), and additional considerations for payment services providers (PSPs) and money services businesses (MSBs)—including those who deal in virtual currencies.

As innovation accelerates, driven by open banking initiatives and steps to reduce interprovincial regulatory barriers in the financial services sector, provincial and federal governments are updating the guardrails that protect consumers. While these developments provide opportunities, regulatory changes also present a growing set of compliance obligations that startups and financial institutions must manage. In the recently-announced budget, the Canadian federal government reaffirmed its objective to modernize Canada’s payment systems by committing to launch Canada’s Real-Time Rail in 2026 and to implement two new legislative frameworks: one governing consumer-driven banking and the other governing fiat-backed stablecoins.

Cybersecurity and privacy

As the digital transformation of financial services continues to rise, so too do threats from bad actors. As a result, there are a number of key cybersecurity and privacy considerations that financial institutions should take into account. Private-sector organizations that are collecting, storing or managing personal information must abide by the rules set out under the Personal Information Protection and Electronic Documents Act (PIPEDA). Financial institutions and startups are also subject to Canada’s Anti-Spam Legislation (CASL) when using digital channels for marketing purposes. OSFI has specific guidelines on technology and cyber risk management, which outline how financial institutions should manage data governance, company-wide operations and cybersecurity. Looking ahead, financial institutions may be required to adopt robust cybersecurity programs, rapid incident reporting and implement third-party risk mitigation under the newly-introduced Bill C-8. The bill will also provide regulators with sweeping powers to enforce compliance.