CATEGORY
DORA, EU AI Act, NIST standards, third-party risk — the supervisory pressure shaping technology decisions.
INFRASTRUCTURE & CRYPTOGRAPHY
KyberLib turns the post-quantum banking migration from policy paper into inspectable Rust — FIPS 203 ML-KEM key encapsulation, hybrid classical-plus-quantum handshakes, no_std compilation for HSMs, crypto-agile abstraction boundaries, and the DORA Article 5 governance evidence boards now need.
APPLIED AI
CloudCDN is an open-source blueprint for the AI-native edge — a zero-trust MCP gateway with 42 tools, atomic Durable Objects rate limiting, WebAuthn passkeys, signed URLs, SLSA Level 3 provenance, and 3,185 tests at 100% coverage, mapped to DORA, BCBS 239, and Basel III.
POLICY & RESILIENCE
A 2026 banking resilience index — combining AI risk, cloud concentration, quantum-safe migration, payment continuity, and critical third-party dependency into one operational-resilience scoreboard the board and supervisor can both read.
APPLIED AI
A 2026 autonomous treasury readiness index — measuring agentic treasury workflows, programmable liquidity coverage, tokenised deposit integration, real-time payment orchestration, and automated cash control as one operating-model fabric.
APPLIED AI
An index framework for measuring wholesale-payments readiness in 2026: ISO 20022 structured-address compliance ahead of SWIFT's November 2026 milestone, tokenised-deposit settlement, BIS Project Agorá cross-border atomicity, real-time rail orchestration, and liquidity efficiency. Four percentages — structured-data completeness, rail-routing optimality, settlement-finality lag, and Agorá-corridor coverage — turn payment-operations posture into supervisory-ready evidence.
APPLIED AI
An engineering blueprint for cloud-native banking in DORA audit phase. Five platform-engineering primitives — Kubernetes paved roads, Backstage portal, GitOps via ArgoCD, Open Policy Agent admission, OpenTelemetry end-to-end — produce Article 8 register evidence at the speed of the pipeline. Tested exit-execution annually for CTPP-dependent CIFs against BIA-derived RTO targets. Sovereign-cloud options (AWS European Sovereign Cloud, Microsoft EU Data Boundary, Bleu, Thales / S3NS) addressed as engineering decisions, not branding.
APPLIED AI
An index framework for measuring quantum-safe banking readiness in 2026: cryptographic bill of materials, hybrid TLS deployment, NIST FIPS 203 / 204 / 205 migration progress, crypto-agility primitives, and harvest-now-decrypt-later exposure across long-lived confidential data. The Board-Level Quantum Scorecard defines four exact percentages — inventory completeness, HNDL exposure, NIST migration progress, crypto-agility readiness — that turn project statuses into supervisory-ready evidence.
APPLIED AI
An engineering blueprint for agentic AI in tier-1 banks: classify by permissions not intelligence, treat every production agent as an SR 11-7 / SS1/23 model from day one, and build the five-component control plane — OAuth-scoped service accounts, deterministic semantic routing, OPA policy gates, immutable WORM audit logs, and a tested kill switch — that turns autonomous workflows into auditable evidence.
APPLIED AI
Banking infrastructure in 2026 has reached the point where it needs an index, not another trend list. A Stanford AI Index-inspired framework for measuring bank readiness across agentic AI, quantum-safe security, cloud-native resilience, and wholesale payments — measured as one operating model.
APPLIED AI
FedNow demands pre-funded 24/7 liquidity. ACH is cheap but T+1. USDC clears atomically but needs wallet infrastructure. The 2026 multi-rail bank routes each payment by cost, finality, and liquidity cost — driven by an orchestration engine that reads ISO 20022 pacs.008 and decides.
APPLIED AI
Harvest-now-decrypt-later turns today's TLS-protected payment messages into tomorrow's decrypted exposure. ML-KEM and ML-DSA are an order of magnitude larger than the RSA and ECC keys legacy rails were sized for — retrofit triggers fragmentation, latency, and HSM exhaustion. The 2026 architectural decision is whether to patch or replace before the regulatory clock runs out.
APPLIED AI
The UK Wholesale Digital Markets Champion role makes tokenised gilts, DLT-based settlement, and digital wholesale finance a national competitiveness project. The 2026 strategic question for banks is design discipline — which tokenised assets sit on which platform, how settlement risk is evidenced, and how to defend the City's wholesale role against Singapore, Switzerland, and Frankfurt.
