Operations | Monitoring | ITSM | DevOps | Cloud

As we step into a new year, one truth stands firm in financial services: resilience isn’t optional – it’s expected. Markets fluctuate, regulations evolve, and technology accelerates. Amid this complexity, IT leaders carry the responsibility of ensuring that operations don’t just survive disruption, they thrive through it.

As we step into a new year, one truth stands firm in financial services: resilience isn’t optional – it’s expected. Markets fluctuate, regulations evolve, and technology accelerates. Amid this complexity, IT leaders carry the responsibility of ensuring that operations don’t just survive disruption, they thrive through it.

When I was invited to join one of our customer’s end-of-year team wrap-up sessions, it came as no surprise when the meeting opened with a familiar refrain: “Next year will be different. Next year, we’ll get ahead of the noise. Next year, tickets won’t pile up while we’re still triaging yesterday’s issues.

From the outside looking in, I have seen that year end in financial services is not for the faint-hearted. Markets tighten, trading volumes swell, payment systems hit their annual peak, and regulatory reporting deadlines stack up like dominoes. In this environment, even a few seconds of lag can mean missed trades, delayed transactions, frustrated clients, or worse, financial loss and reputational damage. This is precisely when IT needs to be at its calmest.

If there is one truth I have learned working with financial services firms in 2025, it is this: AI is no longer optional, it is operational. From risk modeling to customer experience, algorithmic trading to automated compliance checks, AI is now embedded into the fabric of modern finance. But there is a second, quieter truth. AI only creates value when it is used responsibly, measurably, and at scale.

I still remember the working with a leading insurance provider on an internal review of their IT estate and discovering a team quietly using an unapproved SaaS tool to speed up their reporting. It wasn’t malicious, they were trying to solve a problem faster. But as we stared at the dashboard, I could see the CIO’s mind racing: What data had they uploaded? Was it encrypted? Were they still compliant?

As the year winds down, I find that most cybersecurity and compliance teams are focused on closing projects, hitting targets, and maybe even planning a well-earned break. But regulators? They don’t take holidays. FCA, PRA, GDPR – they remain vigilant, and so should you. For IT leaders, this season often feels like walking a tightrope: balancing operational demands with the relentless need for compliance.

As the year winds down, my inbox is overflowing with Black Friday offers and festive greetings. It’s that time when Thanksgiving and the run-up to December holidays remind us to pause and appreciate what truly matters. Yet, in my recent conversations with IT leaders in financial services, I’ve noticed something: the time and calm need to do this feels elusive.

I wanted to share a story of a recent engagement with a law firm to highlight the strategic importance of compliance in today’s legal sector. It started with a single email. A mid-sized law firm received a regulator’s request for evidence following a client complaint. The issue wasn’t malpractice; it was a missed filing deadline caused by a system slowdown. The firm had no audit trail to prove the delay was technical, not procedural.

Every law firm I meet can explain its information security policy in minutes. Far fewer can tell me which AI tools their staff actually used last week, and what data those tools touched. That gap is where Shadow AI sits, such as unsanctioned, unmonitored use of generative AI slips in. It promises speed, but it quietly creates exposure: confidentiality breaches, weak auditability, and a risk to governance when the regulator (or a client’s GC) asks hard questions.