Patrick Opet, global CISO at JPMorgan Chase, is urging the software industry to prioritize secure development practices over speed to market, warning that increasing supply-chain disruptions are weakening the global economic system. He warned in an open letter that global companies are dependent on interconnected technologies and warned that software needs to be secure by default. Opet said that because global companies are increasingly reliant on a small number of software-as-a-service providers, a hack or other disruption can disrupt critical infrastructure providers around the world. JPMorgan Chase officials have seen the warning signs up close, Opet said. “Over the past three years, our third-party providers experienced a number of incidents within their environments,” Opet wrote. “These incidents across our supply chain required us to act swiftly and decisively, including isolating certain compromised providers and dedicating substantial resources to threat mitigation.” Modern identity protocols like OAuth create direct connections between third-party services and sensitive internal resources at companies, making it easier for attackers to gain access to confidential data or internal communications, Opet noted in the letter. Opet said he wanted to see improved security standards and more transparency in how suppliers use privileged access. He also said technologies like confidential computing could reduce risks when suppliers use sensitive information.
TD Bank reimagines customer engagement by presenting investment insights to clients while also highlighting the life-changing work of a community nonprofit
When TD Bank planned a customer event in Miami last month, no one expected it to unfold in a sprawling apparel manufacturing plant instead of a glitzy ballroom. But that was precisely the point. “We’re not just building the bank—we’re building our community,” said Kimrey Newlin, Executive Credit Officer at TD Bank and a longtime board member at Goodwill South Florida. What began as a brainstorm to tour the Goodwill South Florida facility quickly evolved into something far more meaningful: a full-fledged customer event highlighting not only the bank’s investment insights, but also the life-changing work of a community nonprofit. Most companies would’ve opted for steak dinners and live entertainment. TD chose eggs, croissants, and a facility tour showing off Goodwill’s employees, a large majority of whom are living with a disability or barrier to work, the Spirit of Goodwill Band and how they give back to the Miami community in so many ways. Cathy Alexander, Private Client Relationship Manager for Miami-Dade County, helped them find their hook: a presentation from Sid Vaidya, TD’s Chief Investment Strategist, who would offer timely insight on economic trends and political changes. Cathy added, “This partnership highlights a shared commitment to empowering individuals through financial knowledge and community support. The clients walked away with a renewed perspective about how we support the businesses we serve, but more importantly, how we give back to the community.” For many attendees, the real revelation came from learning what Goodwill truly is. “When people think of Goodwill, they think of the drop boxes for used clothes,” said Nick Miceli, Regional President of Florida Metro at TD. “But that’s just one aspect. The core of their mission is job readiness—especially for individuals with disabilities. They train them, they employ them, they give them purpose.” Inside Goodwill South Florida’s massive facility, attendees saw rows of sewing machines creating military uniforms under government contracts.
Goodwill South Florida also runs a commercial laundry business serving hospitals, and a janitorial service cleaning over 130 government buildings, all employing individuals with disabilities or barriers to work. In fact, Goodwill South Florida makes nearly 1 million garments for the Departments of Defense and Veterans Affairs annually, and 85,000 of those are interment flags for the families of fallen soldiers. At the end of the day, the Goodwill South Florida event is a microcosm of a bank trying to be different, unique and make an impact for the better in the community it serves. At its heart, the TD-Goodwill event wasn’t just about community service. It was about redefining what corporate engagement looks like.
Wells Fargo gets another federal penalty lifted, but still has two penalties (AML violation and Gramm-Leach-Bliley Act privacy violation) to clear; analysts expect asset cap could be lifted in the second quarter of 2025
Wells Fargo & Co. has reduced the number of federal enforcement actions against it on one front, but it still faces three outstanding issues, including its $1.95 trillion asset cap. The bank said that Consumer Financial Protection Bureau’s (CFPB) 2018 consent order — stemming from its compliance risk management program — has terminated. The Office of the Comptroller of the Currency lifted its consent order for the same issue in February. Wells Fargo Chief Executive Charles Scharf said the bank “is a different and stronger company today” after he took the helm in 2019 to correct its compliance problems. The three major disciplinary actions that remain against Wells Fargo include two from the Office of the Comptroller of the Currency — one last year for violating regulations against money laundering; and a 2015 action by the OCC for violation of the Gramm-Leach-Bliley Act to protect consumer information. For the third, Wells Fargo still faces a $1.95 trillion asset cap imposed by the U.S. Federal Reserve Board in 2018. The bank has been working through deeper scrutiny from regulators in the wake of a phony-accounts scandal that arose nearly a decade ago. Gerard Cassidy, an analyst at RBC Capital Markets, wrote in a research note that he believes the asset cap could be lifted in the second quarter of 2025 “and possibly real[ly] soon.” He pointed not only to the bank’s brisk progress with regulators so far this year, but also to recent comments by Treasury Secretary Scott Bessent. Meanwhile, Wells Fargo’s critics are urging caution about lifting the asset cap, arguing that the scandal-tarred bank hasn’t demonstrated enough progress. In addition to the asset cap, Wells Fargo is operating under a 2015 agreement with the OCC, which states that the bank violated part of the Gramm-Leach-Bliley Act that deals with the consolidation and management of bank subsidiaries. Also still in place is a 2024 formal agreement with the OCC involving what the regulator called “deficiencies” in the bank’s anti-money-laundering controls.
Accenture introduces Trusted Agent Huddle enabling seamless agent-to-agent interoperability across multiple partners including Adobe, AWS, Databricks, Google Cloud, Meta, Microsoft, NVIDIA, Snowflake and others
Accenture has introduced Trusted Agent Huddle™ to allow first-of-its-kind multi-system agent collaboration across the enterprise. Part of AI Refinery,™ the Trusted Agent Huddle will allow secure and seamless agent-to-agent interoperability across partners including Adobe, AWS, Databricks, Google Cloud, Meta, Microsoft, NVIDIA, Oracle, Salesforce, SAP, ServiceNow, Snowflake and Workday. Agents developed by enterprise users will be able to seamlessly work together in a single platform, allowing organizations to select and manage the right agents for specific tasks and business objectives. Lan Guan, chief AI officer of Accenture, said, “With the proliferation of AI agents across the enterprise, trust is the only limit to AI reaching its full potential, and seamless and secure multi-system collaboration between agents will further the impact and promise of what agentic AI can achieve. With the launch of Trusted Agent Huddle, for the first time, companies will be able to connect and orchestrate agents from different enterprise platforms within AI Refinery, enabling boundaryless capability and unprecedented levels of innovation.” With the use of Trusted Agent Huddle to publish and onboard agents into AI Refinery through open standardization protocols, such as Agent2Agent and Model Context Protocol, organizations can transform entire workflows, rather than isolated processes within single domains or systems. Additionally, the Trusted Agent Huddle will leverage a proprietary algorithm to evaluate and align agent performance. This certification process lays the foundation for future development of an agent trust score. Organizations with pre-existing agents based on cloud-hosted models would seamlessly integrate those agents into AI Refinery without impacting functionality, enabling future agents to be built on the platform. Accenture’s agent builder can be used to adapt agents as business requirements change. FedEx is working with Accenture and NVIDIA to explore uses of Trusted Agent Huddle to drive greater resilience. Sriram Krishnasamy, chief transformation officer and chief digital & information officer, FedEx Corporation said, “The Trusted Agent Huddle enables agents from different platforms to collaborate as one team and will help FedEx seamlessly engage and orchestrate information across the supply chain to accelerate innovation.” “With the launch of Trusted Agent Huddle, we’re helping enterprises like FedEx future proof their innovation and AI investments,” said Karthik Narain, group chief executive—Technology and chief technology officer, Accenture. “Collaboration is the competitive differentiation of the future. Companies can best address today’s volatility, while positioning themselves for future innovation and resilience, if they are able to harness AI innovation from across the ecosystem and not be limited to a single agent ecosystem.” Accenture AI Refinery—which is built on NVIDIA AI Enterprise—helps accelerate AI across the SaaS and cloud AI ecosystem. The new Trusted Agent Huddle can be used with the NVIDIA Agent Intelligence toolkit which provides seamless, heterogeneous connectivity between agents, tools and data.
Future of work: Microsoft’s survey predicts human-plus -agent teams will cause traditional org chart to be replaced by a “work chart”; dynamic, outcome-driven teams would form around goals and projects, not functions
Microsoft’s 2025 Work Trend Index predicts that corporate organizational charts will rapidly change in the coming years, centered on AI agents. The report highlights that AI has gone beyond a simple work assistant to performing work flexibly as a team member in collaboration with human staff. Some companies are already restructuring their organizations to foster greater teamwork between people and AI. The report is based on a survey of 31,000 employees in 31 countries and predicts that most organizations will shift toward becoming frontier companies in the next two to five years, redefining employee roles. Major examples include Bayer, Dow Chemical, and Wells Fargo, which are introducing AI agents into product development, delivery operations, and customer service at more than 4,000 branches. Microsoft sees a new form of leadership called “agent boss” arising, where all employees will have the same mindset as the CEO of an agent-based startup, creating their own agents and delegating and managing tasks. Additionally, Microsoft suggests that organizations previously organized around functions such as finance, marketing, and engineering are likely to be reorganized around goals and projects to be achieved. Other recent surveys have suggested that 92% of IT jobs will be transformed by AI, and 74% of IT pros see AI making their skills obsolete. As the introduction of AI agents spreads, companies will need to adapt their organizational structures accordingly.
PayPal 1Q 2025 reports TPV increased 3% to $417 billion; Active accounts increased 2% to 436 million; 40% Venmo debit card monthly active account (MAA) growth
PayPal beat Wall Street estimates for first-quarter earnings and stuck to its annual profit forecast even at a time when U.S. President Donald Trump’s tariffs have fueled economic uncertainty. “PayPal had a great start to the year and our strategy is working. This is our fifth consecutive quarter of profitable growth with progress across branded checkout, PSP, omnichannel, and Venmo. We are transforming into the leading commerce platform connecting consumers and merchants globally. Our foundation is solid and we have multiple ways to win.” Alex Chriss President and CEO said.
1Q’25 Financial Results
- Net revenues increased 1% to $7.8 billion; 2% currency-neutral (“FXN”)
1Q’25 Operating Results
- . Total payment volume (“TPV”) increased 3% to $417.2 billion; 4% FXN
- Payment transactions decreased 7% to 6.0 billion. Excluding payment service provider4 (“PSP”), payment transactions increased 6%.
- Payment transactions per active account (“TPA”) on a trailing 12-month basis decreased 1% to 59.4. TPA ex-PSP4 increased 4%.
- Active accounts increased 2% to 436 million. On a sequential basis, active accounts increased by 0.3%, or by 1.5 million
- 45% of US branded checkout traffic on new experience
- 50% Pay with Venmo TPV growth in 1Q
- Added ~2M first-time PayPal and Venmo debit card users in 1Q
- 40% Venmo debit card monthly active account (MAA) growth in 1Q
- Meaningfully increased TM $ growth contribution from PSP in 1Q
- Launched optimized debit routing with Wayfair and Upwork & Fraud Protection Advanced with Regal Cinemas
- Added Solana and Chainlink to PayPal and Venmo wallets & enabled rewards for PYUSD holders
- Launched first remote Model Context Protocol (MCP) server for agentic commerce
- Branded checkout TPV growth driven by continued strength across large enterprise platforms, marketplaces within PayPal checkout, and Pay with Venmo
Citizens Financial elevates Brendan Coughlin, Vice Chair and Head of Consumer, Private Banking and Wealth, to President; hads developed and launched merchant POS financing partnerships with Apple and Microsoft
“Brendan has a long track record of strong leadership and execution against some of our most important initiatives, and he has earned the trust and respect of our stakeholders, including the Board and our colleagues,” said Van Saun. “His efforts have contributed significantly to our transformation into a top super-regional bank, and I am confident that his passion and leadership will continue to propel Citizens forward.” Over his 20 years at Citizens, Coughlin has developed and launched several of the bank’s most innovative offerings, including merchant point-of-sale financing partnerships with Apple and Microsoft, national education refinance products, and expansion of the consumer franchise into new markets. His focus on growth, driving innovation, and improving customer experience has directly contributed to the strong performance and market share gains of the consumer franchise. In 2023, Brendan was instrumental in the national launch of Citizens Private Bank, which continues to deliver strong performance, recently reaching $8.7 billion in high-quality deposits and $5.2 billion in assets under management (AUM). The bank has also made meaningful strides in broadening its Wealth Management capabilities under Coughlin’s leadership, including the addition of new advisory teams in California, Boston and Florida. Citizens also announced that current Vice Chair and Chief Financial Officer John Woods has decided to depart from Citizens to accept another opportunity. He is expected to leave in August 2025. The company will initiate a formal internal and external search and John will continue to work with the bank’s strong Finance team to ensure a smooth transition.
Citizens Bank’s open banking API, has seen “significant” use both by consumers and business clients since it launched in March; reports a 95% reduction in screen scraping
Taira Hall, the head of enterprise payments strategy at Citizens Bank, told the practice of “screen scraping,” poses several risks to customers. To address these issues, Citizens built an open banking API, or application programming interface, a type of technology that allows software to “plug in” and access data from other software. The tool is designed to let customers securely access their financial data, such as balances and recent transactions, on external platforms without the need for screen scraping. The new tool relies on the concept of open banking, an idea that emerged in the early 2000s when online banking became more common. In its most basic form, open banking allows customers to share their financial data with service providers other than their bank. Citizens’ commercial customers, such as stores, restaurants, and business service providers, may use open banking data to automate expense tracking or verify income for gig workers, while other banks can use the data to assess borrower risk in real time instead of relying on credit scores. The API provides access to a wide range of financial data in one place, allowing customers to easily gather information from sources like invoices and payrolls. “Normally, commercial customers need to go through time-consuming and complicated processes involving paperwork and implementation in order to get their data from bank to external platform,” Hall said. “But with the open banking API, all that’s needed is linking their Citizens accounts from within the external platform, and the data starts to flow automatically.” Other banks, such as Deutsche Bank and Wells Fargo, have also developed opening banking APIs for their commercial customers. Citizens’ API uses a data aggregator as a middle layer between the bank and the external platform. Instead of the bank connecting to each individual platform, it connects to a central data aggregator that can then transmit customer data, once the customer has given permission. Hall said the API removed the need for clients to work with anyone from Citizens to share their data. It also eliminated the security risks associated with practices such as screen scraping. The API was built largely in-house through a collaboration between Citizens’ technology, product, risk, legal, and cyber teams. Hall said the primary challenges were getting the tech to work and forming relationships with the companies that aggregate the data. Hall said the API had seen “significant” use both by consumers and business clients since it launched in March. She added that the bank had also seen a 95% reduction in screen scraping, which they measured by tracking how often financial data aggregators accessed their website.
Capital One is eliminating passwords for its employees with multi-factor authentication using a x.509 device certificate and a FIDO2 passkey
Capital One is on track to eliminate the use of passwords for most internal and external employee-facing applications by the end of this year. One major effect of drastically reducing the use of passwords by employees is that it will “effectively eliminate entire classes” of cyberattack against the company, according to the bank’s chief technology risk officer, Andy Ozment. Specifically, going passwordless will eliminate phishing attacks, in which attackers steal employees’ passwords and one-time login codes, and password guessing attacks. For Capital One specifically, the implementation of passwordless authentication is multi-factor authentication using a x.509 device certificate and a FIDO2 passkey. X.509 is a specific standard for these certificates. In some cases, devices unlock passkeys using a short PIN that the user must enter. Although this approach is still more secure than a password because the PIN does not leave the device, and the device keeps the passkey being unlocked private, the use of PINs has generated complaints at Capital One that the bank isn’t truly going passwordless. Passwordless helps protect Capital One against specific attack vectors by blocking attempts where an attacker obtains a password or multifactor authentication (MFA) code from a text or app. More broadly, passwordless eliminates man-in-the-middle attacks, in which an attacker poses as the bank or intercepts communications that are meant to be secure. Passwordless eliminates these threats through asymmetric encryption, which ensures that the only way to decrypt a message is with a private encryption key, which devices manage automatically and much more carefully than users can manage passwords. As a concrete example, “probably the largest single reduction in risk we’ll get from this initiative” out of Capital One’s passwordless journey, according to Ozment, was transitioning the company’s virtual private network (VPN) to passwordless. With passwordless VPN, Capital One employees connect to the bank’s network to begin their work not by entering a username and password but using their preferred passwordless authentication. For many employees, this means using a device biometric — for example, facial recognition on their iPhone or the fingerprint scanner on their computer. Employees who prefer other methods can plug in their USB security key or tap their NFC device to their phone. While the passwordless journey is expected to end this year for Capital One, there are more gains the company can make in simultaneously simplifying and securing the employee experience. Indeed, it could lead to eliminating the use of a VPN.
J.P. Morgan is working on an in-vehicle wallet system with Qualcomm, as an integrated platform from hardware to the display piece
J.P. Morgan is working on an in-vehicle wallet system with Qualcomm, where they’re doing everything from the in-car, from hardware to the display piece, JP Morgan payments, orchestrating the payments end to end financials with it and it works as one integrated platform. Running end to end has the JP Morgan payments piece, the dash that’s actually there with third party merchants, a complete end to end user experience as a partnership. Rob Abrams, CEO of J.P. Morgan Mobility Payments Solutions says, ” So on the dash, which is then branded by whatever automaker you’re driving, you have the same thing you have today, like the mapping application where you not only can do that, but you have a quick service restaurant that’s also one of the apps on that experience where you can then order your burger and fries or your milkshake, whatever your preference is to order ahead and do the full payment checkout so that when you arrive it’s all paid for, just take the order and go just one example. One of the things that the car has now that the technology is further along today than it was still coming along is it actually knows how long it’s taking because the MAP app says it’s going to take 22 minutes between here and there. It knows based on traffic, here’s when you’re going to arrive approximately. So it can actually put the order in, send it with here’s when penny is going to arrive. The restaurant then can get it ready so that it’s not sitting cold, but it’s also you’re not waiting for it for 15 minutes, the phone out. You’re sort of timing it of when do I actually click the button for order to hope that you get the equation right. Paying for parking would be a good use case for this technology. But through a network of partnerships with various parking providers, some aggregators should be able to just say, go from here to there and reserve the parking, pay for the parking or at least pay for the parking as you drive into the lot or the street parking instead of then having to take your phone out, put in which actual site you’re in and then pay it actually did it all in one step. Certainly everybody’s used to the tolling pieces, going through tolls, not paying, not taking out your credit card to go pay for tolls even in some other places. Having it driven because the car then becomes the credit card in that use case. And then you have some other things like car washes where you drive up instead of having to take out the money or the credit card that it opens up the wash bay and it already knows. So the vehicle is certainly dependent on the vehicle technology for things like strong authentication, so having the fingerprint reader in there, the face recognition is the next and it makes it easier, which also will drive customer adoption. Instead of having to enter in a pin to verify that it’s actually you making a purchase or anything else the same way you would do on your phone, the car needs that same facial recognition or fingerprint authentication in order to make it seamless. I think a lot of it is actually going to be curated to where the vehicle is and provide extra signals that eventually, maybe not in the beginning will actually help reduce the fraud as well. So it knows your vehicle, it knows your driving patterns, it knows where you go, potentially the kinds of purchases. There is some good ability to harness that to reduce, but in the beginning it’ll be about the same. We’ve used credit card as the example for payments here. Pay by bank, larger and larger portion of the payment ecosystem over in Europe it would be directed, but in the US straight pushed by the banks and then can you actually then do this with real-time settlement between the merchants, the automotive manufacturers, et cetera. Eventually it will come more into the states and it’s starting to, they’re all looking at how do I commoditize not only the in-car transaction for while I’m driving, but also the in-car experience for things like subscriptions coming to the vehicle. Because in a very tight margin, business subscriptions are certainly one of the next avenues that they’re going to. So in order to do that, you also need this same ecosystem that allows for driving up to the pump.