From Rearview to Radar: Treasury Risk, Compliance, and Payments Modernization in 2026

How Treasury Teams Can Build a Fraud and Payments ‘Radar’ in 2026

Corporate treasury and B2B payments teams in North America are operating in a period where change is no longer sporadic. It is constant, complex, and built into the calendar. Compliance requirements are renewed annually; payment rails are coming online, and criminals are using automation with AI to scale attacks. Treasury leaders need something closer to a radar than a rearview mirror if they want to stay ahead of what’s coming.

That’s how Craig Jeffery, Founder and Managing Partner of respected treasury consultancy Strategic Treasurer, framed the current environment in a recent interview. He argued that the combination of regulatory pressure, technology shifts, and fraud risk has pushed vigilance from an abstract watchword into a core discipline for modern treasury.

Why Treasury Needs a Radar, not a Rearview Mirror

Jeffery described four overlapping forces reshaping the treasury space in the coming year: rising compliance demands, persistent payment fraud, structural changes in payment formats and rails, and rapid shifts in technology and workforce expectations.

Programs like PCI DSS and the Swift Customer Security Program are examples of how obligations have changed. What began as major projects are now recurring regimes with annual attestations, audits, and mandatory training. ACH rules are taking a similar path, extending more duties to corporate originators and receivers, especially higher-volume players.

These are no longer one-off events that can be considered ‘done and dusted.’ They are now part of the operating rhythm of business payments in the post-pandemic world. It’s Moore’s Law, but even more ingrained now than when it was first calculated in 1965.

At the same time, payment rails and standards are demanding richer and more structured data with each transaction. Freeform remittance text is giving way to specific fields and standardized information. That ripples back into ERP systems, treasury workstations, and bank connectivity. Tech that used to remain stable for years now changes frequently, creating a steady backlog of format and process adjustments.

Jeffery said this environment requires a more deliberate posture. Treasury needs a view of what is close and dangerous, what is approaching but not yet urgent, and what can be watched from a distance. He quipped that it’s akin to knowing “which alligator is closest to the boat and how big it is,” rather than simply responding to the most glaring issue.

Keeping on top of regulatory changes, payment rail updates, technology shifts, and workforce trends is now a permanent part of best practices for the treasury function.

Turning Vigilance and Technology into a Team Sport

Once vigilance is treated as a discipline, the question becomes how to organize it. The first step is ownership. High-performing teams don’t leave things to chance. They assign clear responsibilities for different domains so that someone is explicitly watching payment standards and scheme changes; someone else is tracking compliance and regulatory developments; others are observing tech trends affecting connectivity and security.

“You need to know who is following what,” Jeffery said plainly, so the team has a defined inventory of topics that matter and named owners for each.

Those individual efforts only become a treasury ‘radar’ when insights are shared on a regular basis. At least quarterly, treasury teams should be exchanging what they’re hearing from banks, technology vendors, regulators, and industry groups.

Without that rhythm, insights stay siloed, making it hard to set priorities. The organization can’t tell what’s urgent, what’s emerging, and what can wait until the next planning cycle.

Technology adoption patterns make this coordination even more important. Jeffery shared recent research from Strategic Treasurer showing a surprising “carrot-shaped” curve when API and AI usage are broken out by company size. Smaller firms and enterprises show higher adoption, while mid-sized organizations lag.

That pattern reflects both availability and organizational capacity. Smaller companies run on packaged solutions often (though not always) built for their segment. When vendors embed APIs or AI into those platforms, every customer on the system gains access, so adoption rises without each firm having to design its own integration strategy.

Enterprises typically stand at the other end of the curve. They combine vendor capabilities with internal API gateways and integration teams, which lets them connect systems in flexible ways and run more experiments.

Mid-sized firms, by contrast, may not have full API coverage and, in many cases, lack dedicated teams to manage connectivity. Jeffery said some adopt new capabilities as vendors roll them out, but usage can be patchy. That matters when real-time visibility, faster connectivity, and better data are central to cash and risk management.

In this context, vendor choice becomes a strategic lever. Treasury and finance teams need to think not just about what a bank or technology platform can do today, but how quickly it is evolving (if at all). “Will it be an asset that grows, or something that matures and shrinks?” Jeffery said. A solution that is slightly behind now (but still under active development) can quickly overtake a mature tool that’s no longer being enhanced. This trajectory is as important as the feature checklist and should be part of dashboard views.

None of this, Jeffery added, can or should be done alone. Even for a firm whose sole focus is treasury and payments, the volume of change is intense. That’s why he urges teams to lean deliberately on banks, technology providers, PSPs, and specialist advisers to help separate noise from signal and to put realistic timelines on emerging issues.

The Fraud Tsunami and Treasury

Fraud trends may be the most concerning blip on the ‘treasury radar.’ Drawing on results from Strategic Treasurer’s recent “Treasury Fraud and Controls” survey, a Bottomline collaboration, Jeffery said findings confirm that “across the board, fraud is worse” than ever. More companies are losing money often. Leaders say the threat is serious and rising.

Data on actual payment losses is stark. A growing share of survey respondents report at least one recent fraudulent low or high-value payment. Large companies already had high loss rates, and those have moved higher, to the point where a majority have experienced at least one major event. Smaller companies started lower on the fraud scale, but their loss rates have more than doubled in the past few years, edging closer to enterprise levels.

Jeffery called this convergence a warning sign. Criminals are using better data together with AI to extend attacks to organizations they might’ve previously ignored. For many of these firms, the risk is not a minor hit to earnings. It can threaten business continuity. Account Takeover (ATO) and Ransomware are very real. The result is a fraud tsunami that’s now reaching into segments that previously had fewer encounters with payment crime.

The response starts with discipline, Jeffery said. The most effective control is often the simplest: follow the process for account changes and new account setups every time. Most successful fraud occurs when organizations break their own rules because a request “feels urgent” or appears to come from a very senior executive. When callbacks or secondary verification steps are skipped, attackers are ready to pounce.

Technology and services provide the second layer. Jeffery said tools such as payee validation services, file encryption and hashing, tokenization of sensitive data, with stronger controls around bank portals, and payment files all reinforce human processes.

Some organizations use networks that centralize payee management and shift part of the liability framework. The goal is to build system-level checks that support frontline staff when they are under pressure to move quickly.

Training is a third area where Jeffery sees a major gap (and opportunity). Many organizations run regular cybersecurity awareness drills. Far fewer offer what he described as payment security training explaining how payment fraud works, what red flags look like, and how to respond to unusual requests. Companies that invest in that level of education, he said, have a “significantly better posture” against real-world attacks.

To close the loop, he recommended a payment security assessment that maps every payment flow from initiation through reconciliation, evaluating how data and approvals are protected along the way. Without that inventory, blind spots remain in secondary or less frequent payment types, and those are often where criminals probe for entry points first.

Given the threat level in 2026, Jeffery said it is “well past time for treasury teams to know their weaknesses,” or where they meet a baseline standard of good corporate conduct, and what else they can do to strengthen their position. In a world of constant flux, that kind of clarity is exactly what a working ‘treasury radar’ should provide.