[Summary]AI Threats and the Future of Financial System Resilience

Original article in Japanese by Makoto Shibata was published for FinTech Journal on May. 26, 2026) https://www.sbbit.jp/article/fj/185412

The emergence of frontier artificial intelligence (AI) systems capable of identifying and exploiting software vulnerabilities has triggered significant concern within the global financial sector. In particular, the pre-release AI model “Claude Mythos” demonstrated an unprecedented ability to discover vulnerabilities in major operating systems and web browsers, leading regulators and financial institutions in both the United States and Japan to reassess their cybersecurity strategies.

The fundamental impact of frontier AI is not simply that it accelerates vulnerability discovery. More importantly, it can automatically generate exploit code and conduct attacks at machine speed. This dramatically shortens the cyberattack cycle and increases the likelihood of large-scale zero-day attacks. As a result, traditional security approaches based on preventing intrusions and applying periodic patches are becoming insufficient.

The report argues that financial institutions must shift their focus from strengthening defenses to strengthening their ability to detect, respond to, and rapidly repair vulnerabilities. This represents a significant change in operational philosophy. Instead of assuming systems can be fully protected, organizations must assume vulnerabilities will inevitably be discovered and exploited.

Another important implication is the growing limitation of the long-standing objective of uninterrupted system operation. Financial institutions have traditionally pursued 24/7 availability, real-time processing, and non-stop services. However, in an AI-driven threat environment, the ability to safely suspend operations, isolate affected systems, and recover quickly may become more important than maintaining continuous availability at all costs.

The report also highlights risks associated with legacy systems and closed networks. Many Japanese financial institutions continue to rely on aging mainframe-based infrastructures built with legacy programming languages such as COBOL. While these systems have historically provided stability and reliability, frontier AI may be particularly effective at analyzing complex architectures, uncovering hidden vulnerabilities, and identifying attack paths. Consequently, system complexity and age may become liabilities rather than strengths.

Japan’s highly centralized financial infrastructure presents additional challenges. Critical platforms such as payment networks and shared banking systems create efficiency but also introduce concentration risk. A successful AI-enabled attack against these common infrastructures could disrupt large portions of the financial system simultaneously and generate systemic consequences extending beyond individual institutions.

The report further warns that regional banks and smaller financial institutions may face greater difficulties because of limited cybersecurity expertise, aging systems, dependence on vendors, and shared service platforms. Japan’s multi-layered outsourcing structure within financial IT may also delay vulnerability management and obscure accountability.

To address these challenges, several priorities are identified. Financial institutions should adopt integrated DevSecOps practices, strengthen identity and access management, conduct realistic cyber exercises, improve IT governance, and establish robust AI governance frameworks. Investment in human resources is equally important, particularly professionals who possess expertise across finance, AI, and cybersecurity.

Finally, the report emphasizes the importance of public-private cooperation, international information sharing, and supply-chain security. Since AI-driven cyber threats transcend organizational and national boundaries, effective responses will require collaboration among governments, financial institutions, technology providers, and AI developers.

In conclusion, the rise of frontier AI represents more than a cybersecurity challenge. It requires a fundamental transformation of financial system operations—from a culture focused on uninterrupted service to one centered on resilience, rapid recovery, and adaptive risk management in the AI era.

[Summary] Transformation of Cybercrime

Original article in Japanese by Makoto Shibata was published for FinTech Journal on May. 11, 2026) https://www.sbbit.jp/article/fj/184958

The article examines how cybercrime is evolving based on the FBI’s latest Internet Crime Report and discusses the implications for Japan’s financial sector. It argues that cybercrime is no longer primarily a technology problem, but increasingly a challenge of financial system design and customer behavior.

FBI Internet Crime Report 2025: https://www.ic3.gov/AnnualReport/Reports/2025_IC3Report.pdf

According to the FBI’s 2025 report, more than one million cybercrime complaints were submitted in the United States, with total reported losses reaching approximately US$21 billion, a 26% increase from the previous year. Cryptocurrency-related crimes accounted for the largest share of losses, exceeding US$11 billion. The report also introduced a dedicated section on artificial intelligence (AI) for the first time, highlighting nearly US$900 million in damages linked to AI-enabled fraud. Criminals are increasingly using AI to generate phishing messages, impersonate executives, and steal credentials.

A notable trend is the shift from traditional “system intrusion” attacks to social engineering. Investment scams, business email compromise (BEC), technical support fraud, romance scams, and identity theft now account for the majority of financial losses. Rather than hacking financial institutions directly, criminals manipulate victims through social media, messaging platforms, and other communication channels, convincing them to initiate legitimate-looking transactions themselves. The article notes that approximately 85% of reported losses are linked to such social engineering schemes.

The author argues that Japan is already experiencing the same structural transformation. SNS-based investment fraud, romance scams, and other forms of deception have caused substantial losses, demonstrating that cybercrime increasingly targets human decision-making rather than technical vulnerabilities. As a result, financial institutions must expand their focus beyond cybersecurity to include monitoring customer behavior and transaction intent. The article introduces the concept of “Know Your Purpose,” suggesting that institutions should assess the legitimacy and context of transactions, not merely verify customer identity.

Another key issue is the growing complexity of money flows. Criminals often move funds across multiple layers, including bank transfers, money transfer operators, and cryptocurrency exchanges. The report warns that as Japan develops a regulatory framework for stablecoins and digital assets, similar risks may become embedded within the financial system. Effective countermeasures will therefore require cooperation across banking, payments, and cryptocurrency sectors rather than institution-by-institution responses.

The article also highlights the importance of combating fraudulent account creation and account trafficking. Stronger identity verification through technologies such as My Number card IC-chip authentication, combined with industry-wide sharing of suspicious account information, could significantly disrupt criminal networks. Likewise, in an era of instant payments, the ability to detect and freeze suspicious transactions in real time becomes as important as payment speed itself.

Finally, the article emphasizes the dual role of AI. While AI enables more sophisticated fraud, it can also be used to enhance behavioral analytics and anomaly detection. The discussion references concerns surrounding advanced AI models such as Anthropic’s Claude Mythos, which reportedly demonstrated the ability to identify and exploit software vulnerabilities, highlighting the growing cyber risks associated with rapid AI development.

The article concludes that Japan’s financial industry should prioritize three actions: implementing customer-behavior-based risk management, strengthening real-time data sharing across the industry, and building infrastructure capable of immediately delaying, suspending, or freezing suspicious transactions. The ultimate challenge is to create a financial system that balances convenience with security and positions financial institutions as critical social infrastructure for preventing fraud.

[Summary] QR Payments Across Asia: Standardization and Cross-Border Connectivity | FinTech Topics #129

Original Video in Japanese was published on the FINOLAB CHANNEL on June. 23, 2026 by Makoto Shibata https://youtu.be/vANj5aDSK5c

QR-code payments have become one of the most important innovations in Asia’s digital payment landscape. Although QR codes were originally invented in Japan, their large-scale adoption for consumer payments began in China and has since spread throughout Asia. Today, QR payments are transforming how people make purchases, transfer money, and conduct cross-border transactions.

China played a pioneering role through the rapid growth of Alipay and WeChat Pay. Supported by the widespread adoption of smartphones, these services evolved into “super apps” that integrate payments with messaging, e-commerce, transportation, and many other daily activities. Together they dominate China’s mobile payment market and have expanded their usability across many Asian countries.

Other Asian countries have followed different paths but share a common trend: government-led development of real-time payment infrastructure linked to QR-code technology.

India’s Unified Payments Interface (UPI), introduced in 2016, is one of the most successful examples. UPI enables instant transfers and payments through mobile applications, phone numbers, and QR codes. It has become the dominant payment infrastructure in India and is often cited as one of the world’s largest real-time payment systems.

Singapore introduced PayNow for instant payments and later launched SGQR, a unified QR standard that allows multiple payment providers to be accepted through a single QR code. Similarly, Thailand’s PromptPay, Indonesia’s QRIS, Malaysia’s DuitNow QR, the Philippines’ QR Ph, Vietnam’s VietQR, Cambodia’s KHQR, and Myanmar’s MMQR all represent national efforts to standardize QR payments and ensure interoperability among banks, e-wallets, and payment providers.

Japan presents a unique case. Despite being the birthplace of QR-code technology, the country initially experienced fragmentation, with many competing payment services such as PayPay and others. To address this issue, the Cashless Promotion Council introduced JPQR, a unified QR payment standard. More recently, Japan has begun connecting JPQR with overseas systems, including those of Cambodia and Indonesia, improving convenience for international visitors and businesses.

A major trend highlighted in the presentation is the shift from national standardization to international connectivity. Singapore has taken a leadership role by linking PayNow with Thailand’s PromptPay and subsequently connecting with payment systems in India, Malaysia, and Indonesia. Additional links with other ASEAN countries are under development. Meanwhile, Alipay has established partnerships with more than 50 payment providers across Asia, creating a broad network of interoperable QR payment services.

Another emerging development is the integration of stablecoins into QR payment infrastructures. Pilot projects are exploring how stablecoins can serve as the settlement layer behind QR transactions, enabling 24/7 cross-border payments with lower foreign-exchange and transaction costs. Examples include stablecoin payment trials in Japan and initiatives by regional platforms such as Grab.

In conclusion, QR payments have evolved from a simple payment method into a strategic digital infrastructure for Asia. Governments have promoted common standards and interoperability, while cross-border connections are gradually creating a seamless regional payment network. Looking ahead, the combination of QR payments, real-time settlement systems, and stablecoin technology may further accelerate financial integration across Asia.

[Summary] Impact of Japan’s Revised Insurance Business Act on InsurTech and Digital Transformation| FinTech Topics #128

Original Video in Japanese was published on the FINOLAB CHANNEL on May. 19, 2026 by Makoto Shibata https://youtu.be/sHw7NkkiDTg

Japan’s revised Insurance Business Act, which will take effect in June 2026, represents the most significant reform of insurance regulation since 2014. The amendment is designed to address a series of misconduct cases that have undermined trust in the insurance industry and to promote a more customer-centric insurance distribution model. At the same time, the reform is expected to accelerate digital transformation and create substantial opportunities for InsurTech companies.

The regulatory changes were prompted by several high-profile scandals. These included allegations of premium coordination among major non-life insurers, fraudulent insurance claims associated with automobile dealer Big Motor, conflicts of interest within insurance agencies, and incidents involving the unauthorized sharing of customer information by secondees. Collectively, these cases exposed weaknesses in governance, compliance, and customer protection across the insurance sector.

In response, the revised law introduces stronger governance and compliance requirements for large-scale insurance agencies and insurance companies. Major agency groups will be required to appoint compliance officers, establish complaint-handling frameworks, strengthen internal controls, and implement whistleblowing and internal audit systems. Insurance companies will also face enhanced oversight responsibilities when outsourcing sales activities to agencies. Furthermore, the reform prohibits excessive benefits or incentives that could distort fair insurance recommendations.

Perhaps the most important change concerns insurance sales practices. Historically, many agencies recommended products based on their own internal criteria, commission structures, or preferred partnerships with insurers. Under the revised framework, agencies will be expected to recommend products based on customers’ actual needs and interests. They must provide clear explanations of why a particular product was selected, document comparison criteria, and maintain records of the recommendation process. This significantly increases the importance of transparency, accountability, and evidence-based sales practices.

As a result, the insurance industry is likely to undergo several structural shifts. Sales activities will move away from individual salesperson judgment and toward data-driven decision-making. Business models focused primarily on product sales will increasingly evolve into customer-value-centered models. Documentation, auditability, and evidence management will become critical capabilities. In addition, smaller agencies may face increasing compliance burdens, potentially accelerating industry consolidation.

These developments create a favorable environment for InsurTech innovation. Demand is expected to grow for AI-powered comparison and recommendation tools, explainable AI systems, compliance monitoring solutions, and software platforms that manage sales processes and regulatory requirements. Technologies such as eKYC, digital signatures, voice-recording tools, and RegTech solutions will become increasingly important. Embedded insurance models are also expected to expand as insurers seek more efficient and customer-friendly distribution channels.

Several Japanese InsurTech companies are already well positioned to benefit from these trends. Sasuke Financial Lab operates digital insurance comparison services that provide access to products from numerous insurers. Hokan offers SaaS solutions that integrate customer information, policy management, compliance controls, and sales records for insurance agencies. Finatext’s Inspire platform supports digital insurance distribution and embedded insurance services while enabling rapid product deployment and system integration.

In conclusion, the 2026 revision of Japan’s Insurance Business Act is more than a regulatory compliance initiative. It represents a fundamental shift toward customer-centricity, transparency, and operational excellence. As insurers and agencies adapt to these new requirements, digitalization and AI adoption are likely to accelerate. The ability to demonstrate customer benefit and maintain transparent decision-making processes will become a key competitive advantage, creating significant growth opportunities for InsurTech firms and technology providers across the insurance ecosystem.

FinovateFall 2026, Supporting as a Partner with Discount Code

FinovateFall 2026
September 9-11, 2026
THE MARRIOTT MARQUIS TIMES SQUARE, NEW YORK

Where decision-makers meet and see the future of fintech

About the event:

Mark your calendars – FinovateFall is back, September 2026 in New York City, and this year’s event is bigger, bolder, and more impactful than ever.

Join 2,000+ executive-level decision-makers from leading FIs, innovative fintechs, deep-pocketed VCs, and more, for a high-energy showcase of fintech’s cutting-edge.
 

Why attend?

  • Meet top industry leaders and decision-makers – including representatives from all the top 50 US banks like Bank of America, Citigroup, JP Morgan, Wells Fargo, and more.
  • 60+ live product demos from fintechs of every size – real solutions you can use today.
  • Network with over 1,000+ senior executives from banks and financial institutions.
  • Actionable insights from over 100+ experts.
  • Make meaningful connections with our intelligent matchmaking app and in-person networking, powering 26,000+ meetings that turn into real deals.

The ideas, connections, and technologies you need to succeed are at FinovateFall 2025.

FINOLAB to become a Partner of FinovateSpring

To book your place and claim a 20% discount click here or enter the code below

https://informaconnect.com/finovatefall/purchase/select-package/?vip_code=FKV2825FINO
★Discount code:FKV2825FINO