Internal audit can help financial firms address today’s volatile risks.
Internal audit can provide forward-working assurance that helps financial institutions navigate economic, technological, and geopolitical uncertainty.
Auditing Banks in Uncertain Times
Articles Logan Wamsley Feb 17, 2026
Although 2026 is only a month old, the headlines already say a lot about how things are changing in the financial sector. Instead of clear answers, the news reflects uncertainty that may influence how internal audit functions set priorities and adjust their plans this year. This uncertainty shows up across many areas of the financial services industry and different parts of the world, experts say.
Deloitte’s 2026 Banking and Capital Markets Outlook highlights a few risk areas that are getting attention in the industry, including:
- Macroeconomic uncertainty, diverging consumer sentiment, and persistent inflation.
- Artificial intelligence (AI)-based innovations that demand robust, enterprise-level strategies, governance, and disciplined approaches to overcome steep initial investments.
- Escalating financial crimes fueled by AI-enabled fraud and rising costs.
- Geopolitical tensions and tariff repercussions.
Facing such uncertainty across multiple fronts, internal auditors must adjust their audit plans to prioritize organizational resilience. “The environment is very fluid, very dynamic,” says Luis de la Fuente, head of Internal Audit for Governance, Strategy, and Human Capital at BBVA in Madrid. “In Europe, sometimes our systems are not prepared for major macroeconomic changes, such as tariffs. So, we have to make sure that the organization is looking at the environment against its risk appetite and is prepared to address these kinds of things.”
According to Hazem Keshk, chief internal auditor at a financial institution serving the Middle East and Africa, the approach organizations take should be measured yet forward-looking. “Organizations cannot afford to remain static,” he says. “They must find a way to move forward responsibly, balancing agility with resilience.”
Internal audit plays a pivotal role in shaping this path. Its mandate must go beyond providing traditional assurance to encompass strategic foresight and advice, Keshk adds. “Audit is no longer confined to reviewing the past,” he notes. “Our responsibility now is to anticipate risks before they materialize and to ensure that every initiative is aligned with the organization’s strategy.”
This evolution positions internal audit as a trusted partner to boards, audit committees, and executive management, providing not only assurance, but also insight and foresight that strengthen governance, risk management, and organizational resilience.
AI Drives Attacks
Another theme for 2026 is technology, especially AI. Although AI is evolving rapidly, it has already become a core component of how financial services organizations operate, as well as a serious risk driver.
For example, on the consumer side, AI is giving bad actors new tools to commit fraud, putting financial firms on higher alert. That is forcing institutions to scramble to stay on top of schemes such as fraudulent checks, account takeover, and mule accounts used to receive and transfer illegally obtained funds.
JPMorgan Chase recently collaborated with New York-based fraud prevention company Trustpair on a survey of 250 U.S. chief financial officers and senior finance executives. Fraud in the Cyber Era: 2026 Fraud Trends & Insights reveals a dangerous gap between the speed and scale of AI-powered attacks and the manual processes many institutions still use to defend them. Findings include:
- 71% of U.S. companies have experienced an increase in AI-powered fraud attempts over the past 12 months, and 47% of finance leaders say AI-generated fraud is one of their biggest fraud prevention challenges.
- Business email compromise is the leading fraud channel, affecting 62% of organizations, followed by fake websites (48%) and text message scams (45%).
- Companies relying primarily on manual validation decreased from 69% to 48% year-over-year. However, such dependence on human reviews and manual checks cannot handle the scale of AI attacks.
- One in four companies reported six-figure losses due to fraud, and 45% spent multiple days responding to a single incident.
Particularly concerning, de la Fuente notes, is how AI is using data seemingly acquired from within financial institutions to make fraud appear much more authentic. “The methods fraudsters are using now are calling into question some organizations’ approach to data privacy and cybersecurity, because the bad actors are clearly getting information from somewhere,” he explains.
One possibility could simply be the result of human error. According to Trustpair’s report, 17% of organizations have had to terminate employees because of fraud-related mistakes. “AI has raised the baseline of fraud,” says Baptiste Collot, co-founder and CEO of Trustpair, in the report. “The risk keeps increasing, but internal processes haven’t moved fast enough.”
Companies want to act, but they often don’t know how, Collot adds. “The reality is that manual callbacks and email checks simply cannot defend against attacks that are generated at scale,” he explains.
At smaller institutions, limitations in assessing the right parameters might result in a more conservative approach. That usually results in fewer product offerings or limiting the money movement capabilities of customers to prevent fraud exposure.
A Voice of Clarity
For financial services companies, uncertainty does not necessarily mean confusion. Indeed, one of the key characteristics of a resilient organization is clear direction from its leadership. Internal audit is a key element of this, delivering clear, consistent insight that leaders can rely on.
“When decisions are made, internal auditors have a responsibility to understand the organizational consequences of those decisions and keep the board informed,” de la Fuente says. “This way, we can be all but certain the decisions the board makes are the right ones.”