.jpg)
Cedar on Banking
Cedar on Banking provides strategic perspectives on the business of banking in a changing global environment. The channel covers operating models, regulatory dynamics, risk, growth strategies, and transformation initiatives across retail, corporate, and wholesale banking. Each episode offers practical insights to help banks strengthen performance, adapt to disruption, and sustain long-term value.
Cedar on Banking
Staying Operational: A BankTech Playbook for Uncertain Times
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In the face of rising geopolitical risks, banking technology is experiencing unprecedented pressure. In this CedarView Podcast episode, we unlock how banks must adjust their technology strategies to maintain operations and mitigate new risks, including cyber threats & supply chain disruptions.
We cover practical strategies for resilience, such as strengthening business continuity plans and securing payment infrastructure. The conversation also explores the growing importance of stress-testing systems for simultaneous disruptions and adapting fraud detection to new challenges.
Banks that take action now to safeguard their operations will be in the best position to thrive in uncertain times. Tune in for insights on turning technology challenges into long-term strengths during times of disruption.
Imagine waking up tomorrow, you walk down to your local cafe, and you just try to buy a simple cup of coffee, you tap your phone, and the payment declines. Right. And it's not because, you know, your account is empty, or because your bank is insolvent, or facing some classic run where thousands of people are lined up around the block trying to withdraw physical cash.
SPEAKER_00No, there's no 1929 style panic in the streets.
SPEAKER_01Exactly. Your payment declines because a tiny, completely obscure software vendor halfway across the world.
SPEAKER_00Some company you've literally never heard of?
SPEAKER_01Right. A company that routes like a fraction of a data packet for a cloud server you've never heard of. Well, they just went offline due to a geopolitical conflict. Wow. The money is there, but the invisible pipes that move it are suddenly shattered.
SPEAKER_00Aaron Powell, which is an incredibly disorienting reality. I mean, we are culturally conditioned to think of banking crises in terms of liquidity, right?
SPEAKER_01Aaron Ross Powell Oh, totally. Crashing stock prices, plummeting assets.
SPEAKER_00Yeah, red numbers flashing on a trading floor. But the battlefield has um it's fundamentally shifted into the digital shadows. Trevor Burrus, Jr. Exactly. The real threat to the global financial system right now is entirely operational.
SPEAKER_01Aaron Powell And that operational threat is exactly what we are tearing into for today's deep dive.
SPEAKER_00Aaron Powell It's a big one today.
SPEAKER_01It really is. We are unpacking a highly detailed March 2026 report published by Cedar Management Consulting. It's titled Staying Operational, a Banking Technology Playbook for Uncertain Times.
SPEAKER_00Aaron Powell And this report, I mean, it drops a massive reality check on the industry.
SPEAKER_01Aaron Powell A huge one. It reveals how recent geopolitical developments, specifically the shock waves radiating out of the Middle East right now, are putting unprecedented strain on the world's financial plumbing.
SPEAKER_00Aaron Powell And the terrifying part is that this strain doesn't trigger the traditional warning lights on standard financial dashboards.
SPEAKER_01Trevor Burrus Because the standard dashboards are looking for the wrong kind of stress.
SPEAKER_00Aaron Ross Powell Exactly. They are measuring market volatility and capital reserves. Yeah. But the real friction is happening deep within the underlying digital infrastructure.
SPEAKER_01Trevor Burrus We are talking about that vast complex web of third-party dependencies. Trevor Burrus Right.
SPEAKER_00API integrations. And honestly, just the raw technological willpower required to keep cross-border financial flows moving. Trevor Burrus, Jr.
SPEAKER_01Especially when the geopolitical surface right above them is just fracturing. Okay, let's unpack this. Because to understand how the plumbing is breaking, we really have to look at how the banking sector historically designed its safety nets.
SPEAKER_00Aaron Powell Right, their whole backup plan.
SPEAKER_01Yeah. For decades, business continuity planning, or BCP, was built around the assumption of isolated sequential disasters.
SPEAKER_00Aaron Powell The traditional model was strictly linear. I mean, if a severe storm knocks out a data center in London, you fail over to a backup facility in Frankfurt. Exactly. Or if a specific vendor goes offline, you just switch to a precontracted alternate.
SPEAKER_01It's a one-for-one swap.
SPEAKER_00Right. The entire framework was designed under the assumption that the broader ecosystem remains totally stable while you fix one localized problem. You endure the event, you recover, and you return to a known baseline of normal operations.
SPEAKER_01It's like a it's like an old school municipal disaster plan.
SPEAKER_00Oh how so?
SPEAKER_01Well, it gives you a highly detailed checklist of exactly what to do if a building catches on fire.
SPEAKER_00Right. Step one, step two?
SPEAKER_01Exactly. But that manual completely falls apart if there's a fire and a massive flood and a coordinated cyber attack on the fire department's dispatch system all happening at the exact same time.
SPEAKER_00Wow. Yeah. The manual assumes you only have to fight one enemy.
SPEAKER_01Right.
SPEAKER_00What's fascinating here is that the CEDA report actually mathematically proves this shift.
SPEAKER_01Oh, really?
SPEAKER_00Yeah. The defining characteristic of the 2026 operational landscape isn't the introduction of new risks, it is the sheer speed and convergence of existing threats.
SPEAKER_01Convergence. They're all happening at once.
SPEAKER_00Exactly. Banks are currently facing elevated, highly coordinated cyber activity at the exact same moment. Their physical infrastructure is under threat from geopolitical tension.
SPEAKER_01Aaron Powell And then you add in global supply chain disruptions.
SPEAKER_00Right, which prevents the delivery of critical networking hardware, and you top it all off with rapidly evolving regulatory sanctions.
SPEAKER_01So the threats act as multipliers for each other.
SPEAKER_00You absolutely do.
SPEAKER_01Like a cyberattack on a logistics port delays the shipment of servers you desperately need to upgrade a data center.
SPEAKER_00Aaron Powell A data center that is currently buckling under a surge of panicked customer traffic.
SPEAKER_01Right.
SPEAKER_00Which means traditional BCP is effectively obsolete. The risk is no longer linear, it's exponential.
SPEAKER_01Aaron Powell So how do banks even handle that?
SPEAKER_00Aaron Ross Powell Well, the report says it requires a fundamental restructuring of how institutions govern themselves. They are adamant that the first step to survival is elevating technology risk out of the IT department and planting it directly into the boardroom.
SPEAKER_01Strategic governance.
SPEAKER_00Exactly. Strategic governance has to change before the conditions demand it.
SPEAKER_01But I want to push on that a bit. Strategic governance sounds great in a corporate memo, right?
SPEAKER_00Oh, sure.
SPEAKER_01But what does that actually look like in practice? I mean, if a board is largely made up of finance experts and former CEOs, how do they suddenly grasp the existential threat of interconnected digital plumbing?
SPEAKER_00Aaron Powell Well, it requires translating deeply technical exposures into immediate business consequences. So a board might not understand the intricacies of like a BGP routing vulnerability.
SPEAKER_01Most people don't.
SPEAKER_00Right. But they absolutely understand when you tell them if this specific digital corridor goes down, we lose the ability to process $80 million in cross-border trade tomorrow morning.
SPEAKER_01Oh yeah. That gets their attention.
SPEAKER_00And we will be legally liable for the failed settlements.
SPEAKER_01Yeah, that translates it perfectly.
SPEAKER_00The governance model has to match the reality of the threat. And that means leadership needs structured, scenario-based briefings that map these simultaneous stress tests before they happen.
SPEAKER_01Aaron Powell So if the board finally grasps that this interconnected web is fragile, where do they look first? What's the first piece of plumbing that actually bursts when the pressure builds?
SPEAKER_00Aaron Ross Powell The report points directly at the payments and transaction infrastructure.
SPEAKER_01Trevor Burrus The money moving.
SPEAKER_00Right. Specifically mapping out how international money movement is cracking under this pressure. Payments are the ultimate unforgiving litmus test of operational reality.
SPEAKER_01Unforgiving is a good word for it.
SPEAKER_00Especially in the Middle East right now, where cross-border flows and complex trade corridors are the absolute lifeblood of the regional economy. When the system is stressed, cross-border payment timelines begin to stretch.
SPEAKER_01They bottleneck.
SPEAKER_00Remittance corridors bottleneck, yeah. And for an exchange settlement, which is supposed to happen almost instantly in the background, well, it becomes incredibly complex.
SPEAKER_01And let's look at the mechanism driving that friction. The report highlights the strain on correspondent banking and Swift connectivity.
SPEAKER_00Aaron Powell Yeah, this is a huge point.
SPEAKER_01Now most people listening know that correspondent banking requires banks to essentially trust each other to hold accounts and process localized payments on their behalf.
SPEAKER_00Aaron Powell Right. It runs on trust.
SPEAKER_01But what the report explains is why this breaks down during a geopolitical crisis. It's not just that the wires physically get cut.
SPEAKER_00No, it's that the algorithmic trust evaporates.
SPEAKER_01Wait, explain that.
SPEAKER_00So the mechanism of failure here is driven by risk aversion. In stable times, a correspondent bank automatically routes millions of transactions based on established baselines of trust.
SPEAKER_01It's just algorithms talking to algorithms.
SPEAKER_00Exactly. But the second a geopolitical conflict erupts, that baseline shifts. Intermediary banks suddenly get spooked.
SPEAKER_01Their systems freak out.
SPEAKER_00Their systems stop automatically routing money and start flagging massive volumes of transactions for manual compliance reviews.
SPEAKER_01Manual reviews for millions of transactions.
SPEAKER_00Yeah. And they demand immediate prefunding for accounts that previously operated on credit.
SPEAKER_01Wow. So the friction isn't always a broken pipe.
SPEAKER_00No.
SPEAKER_01Sometimes the friction is the system actively deciding to freeze the water just to be safe.
SPEAKER_00That is exactly what happens. Interbank routing requires pre-tested contingency protocols because you can no longer assume your correspondent partner will actually accept your digital handshake tomorrow.
SPEAKER_01And this demand for absolute real-time visibility falls squarely on the shoulders of treasury desks.
SPEAKER_00Aaron Powell And capital markets, yeah. They have to manage trade finance platforms under concurrent demand, knowing that the pathways they rely on could close at literally any second.
SPEAKER_01Aaron Powell Here's where it gets really interesting. I want to bring up the data and cloud section of the CEDAR report because it completely shatters a massive tech industry narrative.
SPEAKER_00It really does.
SPEAKER_01The report explicitly states that the assumption that cloud hosting provides inherent insulation from disruption has been tested and found incomplete.
SPEAKER_00Tested and found incomplete, yes.
SPEAKER_01But wait a minute, isn't the entire multi-billion dollar sales pitch of the cloud that it is a decentralized, bulletproof backup?
SPEAKER_00That's the marketing, sure.
SPEAKER_01Like if an entire server farm in one country goes dark, another one seamlessly takes over without dropping a single packet.
SPEAKER_00Well, if we connect this to the bigger picture, we see the flaw in that promise. The cloud itself, like the massive data centers owned by the tech giants, might be incredibly resilient. Right. But your bank's operational continuity is only as strong as its unmapped vendor dependencies.
SPEAKER_01Break down unmapped vendor dependencies. How hidden are we talking?
SPEAKER_00Like of it as a nesting doll of vulnerabilities. Your bank might use a highly secure top-tier cloud provider, but to run your specific banking application on that cloud, you utilize a specialized third-party vendor for, say, a data analytics function.
SPEAKER_01Right.
SPEAKER_00That third-party vendor, unbeknownst to you, relies on a fourth-party supplier for a critical API that handles identity verification.
SPEAKER_01Oh no.
SPEAKER_00And that fourth party supplier has their physical infrastructure located in a region that just experienced a severe geopolitical disruption.
SPEAKER_01Because the top-tier cloud provider is perfectly fine.
SPEAKER_00Running at 100% capacity.
SPEAKER_01But the tiny crucial gears running inside it just seized up.
SPEAKER_00Exactly. Single points of failure almost always sit well beyond your formal vendor list.
SPEAKER_01The unmapped ones.
SPEAKER_00Right. The report stresses that dependencies that were never formally mapped out or audited are suddenly carrying direct operational consequences. When that fourth party API times out, your mobile banking app crashes. Even though your primary servers are totally fine.
SPEAKER_01It's like installing a state-of-the-art military-grade security system on your house, complete with backup batteries and encrypted feeds. But you didn't realize that the system's central processor relies on a continuous Wi-Fi signal from your neighbor's incredibly cheap faulty router.
SPEAKER_00Yes.
SPEAKER_01When their router reboots, your entire fortress shuts down.
SPEAKER_00That is a perfect analogy. And the current geopolitical environment is mercilessly exposing all of those hidden routers.
SPEAKER_01So we have this invisible back-end plumbing, the cross-border routing delays, the evaporating correspondent trust, the unmapped fourth-party cloud dependencies. Right. But let's shift to the visible front-end reality. How do these systemic abstract technology risks directly impact human behavior?
SPEAKER_00Oh, deeply.
SPEAKER_01Because the CETA report dives deep into the intense pressure placed on digital channels and customer service during these geopolitical shocks.
SPEAKER_00The translation from back-end latency to frontline panic happens almost instantly. I'm sure it does. In times of profound uncertainty, whether it's rumors of a conflict escalating or sudden economic sanctions being announced, customers crave reassurance. Their immediate reflex is to check their balances. So they flood their bank's mobile app and online portals.
SPEAKER_01And if that app is down because of a hidden fourth-party API failure, the customer doesn't know about the API.
SPEAKER_00They don't care about the API.
SPEAKER_01Exactly. They just see a loading screen that eventually times out. And in a crisis, a timed-out app is the modern-day equivalent of walking up to your local bank branch and finding the heavy steel doors padlocked shut with no explanation.
SPEAKER_00It really is. And the report is definitive on this. In the modern era, platform availability is institutional credibility.
SPEAKER_01If the app is down, the psychological jump for the customer is immediate.
SPEAKER_00Right. They don't assume a routing glitch. They assume the bank is insolvent.
SPEAKER_01Which forces banks to actively review platform stability and vastly expand service desk capacity.
SPEAKER_00And engineer proactive customer communication strategies that get ahead of outages before the rumor mill starts.
SPEAKER_01But while millions of anxious customers are legitimately trying to log in and check their savings, the ecosystem is being flooded by something else entirely.
SPEAKER_00Bad actors.
SPEAKER_01Bad actors. The report tracks a severe, measurable spike in fraud and social engineering OBMs during these exact periods of volatility.
SPEAKER_00This raises an important question about how our defensive systems are built. Organized threat actors know that during a crisis, attention is fractured.
SPEAKER_01Right. Everyone's distracted.
SPEAKER_00Bank staff are overwhelmed trying to maintain basic operations, and customers are highly susceptible to deception because they are operating out of fear.
SPEAKER_01Panic makes people vulnerable.
SPEAKER_00A panicked customer is far more likely to fall for a phishing email claiming their funds are about to be frozen and need to be transferred to a safe account.
SPEAKER_01Which creates an absolute nightmare scenario for the bank's automated fraud detection system. Oh, the total nightmare. Think about the mechanism of how fraud algorithms work. They are trained to look for anomalies, right? Deviations from a baseline of normal behavior. It's like a highly sensitive car alarm that's calibrated to go off if someone breaks a window. But suddenly a geopolitical hurricane hits. The wind is rattling every single window, so the alarm is just screaming nonstop, and you have absolutely no idea if it's the storm or an actual burglar breaking in.
SPEAKER_00That is exactly what happens. The baseline for normal is completely obliterated. During a crisis, legitimate customers start acting erratically.
SPEAKER_01They move large sums of money around.
SPEAKER_00Right. They log in from unusual IP addresses if they are fleeing a region. They wire funds to relatives across borders at three in the morning.
SPEAKER_01And to the algorithm, this looks exactly like fraud.
SPEAKER_00To the algorithm, they are all burglars.
SPEAKER_01So the bank is trapped in a mathematical dilemma.
SPEAKER_00A severe one. If they don't recalibrate their fraud detection rules on the fly, one of two things happens.
SPEAKER_01Okay. What are the options?
SPEAKER_00Either they loosen the rules and hemorrhage millions of dollars to opportunistic cybercriminals.
SPEAKER_01Yikes.
SPEAKER_00Or they keep the rules tight and trigger massive false positives.
SPEAKER_01And a false positive means freezing an innocent person's account.
SPEAKER_00Exactly. A false positive means the algorithm freezes the account of a panicked mother trying to legitimately wire money to her stranded child.
SPEAKER_01Oh, wow. That creates a catastrophic public relations crisis on top of the operational one.
SPEAKER_00Exactly. And while the tech teams are frantically trying to tune the fraud dials, the compliance teams are dealing with the absolute whiplash of international sanctions.
SPEAKER_01Right. Because during geopolitical conflicts, global regulators do not pause.
SPEAKER_00No, they accelerate. The velocity of regulatory change during these periods is staggering.
SPEAKER_01Sanctions lists update constantly.
SPEAKER_00Constantly. A bank's compliance technology must be incredibly agile to ingest and apply rapid updates to international sanctions databases.
SPEAKER_01Without causing massive bottlenecks in payment processing.
SPEAKER_00Right.
SPEAKER_01The mechanism here is brutal. If your compliance API takes, say, 24 hours to sync with the newly published sanctions list, and you accidentally process a multimillion dollar trade for an entity that was sanctioned 15 minutes ago.
SPEAKER_00Your bank is legally liable.
SPEAKER_01But if you pause all transactions to manually check the new lists, you bring regional commerce to a grinding halt.
SPEAKER_00The margin for error drops to zero at the exact moment the complexity reaches its peak.
SPEAKER_01So what does this all mean? We've painted a picture of a battlefield where the backups are outdated, the international payment routes are heavily restricted by fear, the cloud is vulnerable to hidden failures.
SPEAKER_00The customers are panicking, algorithms are freezing legitimate accounts.
SPEAKER_01And regulators are updating the rules by the minute. How do the banks that actually survive this pressure operate?
SPEAKER_00Well, the CEDA report provides a 10-point technology leadership playbook for moving from reactive panic to what they call a structural advantage.
SPEAKER_01Let's look at the critical steps in this playbook. They emphasize mapping every single vendor dependency, right?
SPEAKER_00Going three or four levels deep to find those hidden points of failure.
SPEAKER_01The fourth party routers.
SPEAKER_00Exactly. They also mandate stress testing for simultaneous overlapping disasters.
SPEAKER_01Not sequential ones.
SPEAKER_00Right. And they require securing payment rails and tightening compliance tech to absorb sanctions changes in real time.
SPEAKER_01Aaron Powell Okay, but I really want to zero in on point number eight in their playbook because it seems entirely counterintuitive.
SPEAKER_00Oh, I know which one you're talking about. Accelerate key projects.
SPEAKER_01Yes. And I have to push back hard on this.
SPEAKER_00Go ahead.
SPEAKER_01Wait, you're telling me that while my cross-border supply chains are breaking, my correspondent trust is evaporating, and my cloud providers are facing fourth-party outages? Right. My board should be approving a multi-million dollar AI infrastructure upgrade.
SPEAKER_00That is what they recommend.
SPEAKER_01How does any CEO stand in front of nervous shareholders and justify accelerating massive tech spending during a crisis? Shouldn't they batten down the hatches, freeze all nonessential budgets, and just focus on survival?
SPEAKER_00That instinct to pause, to freeze budgets and wait for the dust to settle is exactly what destroys long-term value.
SPEAKER_01Wait, really?
SPEAKER_00Yes. The CEDAR report highlights this as the most crucial conceptual shift for executive leadership. Deep uncertainty is not a reason to pause. It is a mandate to move aggressively on resilience-building projects.
SPEAKER_01What is the mechanism behind that logic? Why spend when everything is burning?
SPEAKER_00Because the underlying assumption of waiting for the dust to settle is flawed. The dust might not settle for a decade.
SPEAKER_01Wow.
SPEAKER_00The baseline operating environment has permanently changed. Geopolitical volatility is the new normal.
SPEAKER_01So if you freeze your upgrades.
SPEAKER_00If you delay migrating away from legacy on-premise servers, or if you hold off on implementing advanced machine learning for your fraud detection, you are choosing to fight tomorrow's simultaneous threats with yesterday's sequential tools.
SPEAKER_01Ah, I see where this leads. If you use the pressure of the crisis to force through vital system upgrades, you are building capacity.
SPEAKER_00Exactly. Meanwhile, your competitor gives in to fear, freezes their budget, and just tries to keep their head above water.
SPEAKER_01So when the market finally establishes a new turbulent equilibrium, you aren't just surviving, you are operating with unprecedented efficiency.
SPEAKER_00You have engineered a structural advantage. A structural advantage.
SPEAKER_01Yes.
SPEAKER_00Your systems can automatically route around localized outages. Your fraud algorithms can parse false positives in milliseconds.
SPEAKER_01Your compliance tech ingests sanctions instantly.
SPEAKER_00Right. And your competitor will take years and billions of dollars to close that operational gap. The technology decisions a board makes under maximum pressure will define their market dominance well beyond the current geopolitical cycle.
SPEAKER_01Which brings us to the ultimate takeaway here.
SPEAKER_00Yeah, bringing it back to the big picture.
SPEAKER_01Even if you, listening to this deep dive right now, have absolutely nothing to do with Middle Eastern banking. Right. Even if you work in global logistics or healthcare administration or international e-commerce, this report is an absolute masterclass in modern operational survival.
SPEAKER_00It really redefines what it means to be prepared.
SPEAKER_01It proves that in a hyper-interconnected digital economy, your resilience is only as strong as your weakest, unmapped third-party vendor.
SPEAKER_00That fourth party Wi-Fi router.
SPEAKER_01Exactly. And it proves that true continuity doesn't mean having a plan for a disaster. It means having a mechanism to absorb simultaneous, overlapping disasters without losing the trust of your user base.
SPEAKER_00The principles of resilience are universal across all sectors. It all comes down to speed, coordination, and the verifiable ability to maintain digital integrity when the physical environment around you is completely unpredictable.
SPEAKER_01Very true.
SPEAKER_00Which actually leaves us with a fascinating, broader concept to consider.
SPEAKER_01Oh lay it on us.
SPEAKER_00For the last century, we have valued companies based on very specific traditional metrics. We look at profit margins, quarter over quarter growth projections.
SPEAKER_01User acquisition costs, market share.
SPEAKER_00Exactly. But is overlapping global disruptions, whether they're geopolitical conflicts, massive technological shifts, or environmental crises become the absolute norm rather than the exception. Yeah. We might need an entirely new metric for valuation.
SPEAKER_01What kind of metric?
SPEAKER_00What if the ultimate measure of an organization's future worth becomes its chaos tolerance?
SPEAKER_01Chaos tolerance.
SPEAKER_00Yes. It's mathematically proven, battle-tested ability to maintain digital trust and uninterrupted operational continuity when the physical world around it is unraveling.
SPEAKER_01So the companies that can audit, prove, and expand their chaos tolerance will be the ones that command the most value in the markets of tomorrow.
SPEAKER_00That's the idea.
SPEAKER_01That is a completely new lens for evaluating corporate strength. And it brings us right back to the image we started with.
SPEAKER_00The cup of coffee.
SPEAKER_01Exactly. When you picture an institution in crisis, you no longer need to look for a plummeting stock ticker or a physical run on a local branch.
SPEAKER_00The signs are much subtler now.
SPEAKER_01The real test of an organization's survival is happening right now, silently, in the hidden digital architecture that keeps our world moving. The true crisis and the true victory are completely invisible.