Agentic AI and MCP Security for Fintech
Secure agentic AI and the Model Context Protocol in regulated finance: the autonomy spectrum, connector supply chain, scoped identity, and a kill switch.
ReadAI assurance evidence for auditors
AI assurance evidence is the gap most programmes ignore. Here is how to build a control-to-evidence map your internal auditor can test independently.
ReadAI governance and board accountability
AI governance in a regulated firm needs four targeted additions to your existing risk machinery, with named accountability attached before an incident.
ReadAI incident response and resilience
AI incident response needs its own playbook: extend your IR process, build a kill-switch decision tree, and design resilience for non-deterministic AI.
ReadData poisoning defences for fintech AI
Data poisoning is the quiet threat in fintech AI: planted in grounding data, it fires long after you stop looking. How to defend what you control.
ReadNIS2 and UK NIS for AI systems
NIS2 does not vanish for FS firms because DORA applies. Where NIS2 and UK NIS still bite on AI estates, supply chains, and group structures.
ReadQuantifying AI risk for the board
How to move from heat maps to money-denominated loss distributions when quantifying AI risk for boards and CROs, with autonomy as the key magnitude multiplier.
ReadRuntime monitoring for AI agents
Runtime monitoring for AI agents means more than application logs. What to instrument, how to detect abuse in production, and how to bound damage early.
ReadSecure by design AI agents and MCP
Secure by design for AI agents is not a post-launch phase. Identity, least privilege, MCP hardening, and the gateway control plane, in plain terms.
ReadSecuring decisioning copilots in finance
Decisioning copilots in credit, fraud, and disputes need per-domain autonomy ceilings, not just output filters. Here is the framework I use.
ReadThird-party AI risk management
A practical guide to third-party AI risk: how to vet providers, what to contract for, and how to manage concentration before a regulator asks.
ReadAI Security Guardrails for Fintech
Ship production AI agents in regulated fintech: the three guardrail layers, the model-risk register, and board-ready evidence that survives audit.
ReadDORA and the AI Rulebook for Fintech
DORA, the EU AI Act, SM&CR and PCI DSS mapped into one control layer, with evidence a board and an auditor both accept.
ReadvCISO vs Fractional CISO vs BISO
How a regulated fintech buys security leadership: vCISO, fractional CISO, or BISO, with engagement models, pricing, and a board-ready ROI case.
ReadImplementing ISO 27001 for regulated fintech
An end-to-end ISO 27001:2022 implementation for fintech operators on a 26-week timeline, covering scope, controls, audit, and an operating model.
ReadSecure CI/CD pipelines for regulated fintech
Seven baseline controls that turn a fintech CI/CD pipeline from supply-chain liability into an audit-ready asset, with practical auditor-focused patterns.
ReadMitigating insider threats in regulated fintech
Most insider-threat programmes default to surveillance. The ones that work default to design. A framework for fintech CISOs.
ReadCybersecurity risk frameworks for financial institutions
How fintech operators reconcile NIST, ISO 27005, FAIR, and DORA's risk requirements without running four parallel programmes.
ReadAgile risk management: integrating risk into agile boards
How to weave ICT risk management into agile delivery cadence without halting the team. Practical patterns for fintech CTOs and CISOs.
Read