CFOs under fire from targeted phishing attacks

A new spear-phishing campaign is targeting CFOs and other senior finance executives with the aim of stealing credentials and planting persistent malware on corporate systems, according to cybersecurity firm Trellix. The scam uses tailored emails that mimic legitimate finance communications, such as invoice queries or payment reminders, to lure recipients into opening attachments or clicking links that initiate a stealthy malware download.

The attackers are using a tool called NetBird to gain long-term access to company networks. While the name and delivery method may be unfamiliar, the goal is familiar: get in quietly, stay hidden, and steal valuable data over time. Trellix researchers say the campaign is still active and appears to be evolving.

What makes this threat especially concerning is the way it blends in. The emails are convincingly written and designed to appear routine. In many cases, the messages imitate the kind of correspondence finance teams see every day. One small misstep such as clicking the wrong link or enabling content in a document can grant attackers a foothold that’s hard to detect and even harder to remove.

Once inside, the malware can quietly map out the organisation’s systems, look for stored credentials or sensitive documents, and potentially launch follow-up attacks targeting payment systems or finance applications. Because the malware is designed to avoid triggering basic detection systems, its presence may go unnoticed for extended periods.

CFOs are often high-value targets because they sit at the crossroads of money and decision-making. They have access to treasury systems, confidential forecasts, investor communications, and external banking platforms. That makes their inboxes prime targets for attackers looking to breach corporate defences.

Trellix is urging finance leaders to work closely with their IT and security teams to strengthen defences. That includes reviewing how finance staff are trained to spot suspicious messages, auditing which accounts have access to what data, and ensuring software is regularly updated to close known gaps. Crucially, they also recommend investing in systems that go beyond basic antivirus tools, particularly those that can detect unusual behaviour, rather than just known threats.

The firm also notes that organisations should revisit how they handle document sharing and remote access. Attackers are increasingly relying on embedded files and covert network tools to stay undetected. Building controls around file types, download permissions, and network access rights can help contain a breach, even if the initial email gets through.

 

FCA seeks input on stablecoin and crypto custody rules

The UK’s Financial Conduct Authority (FCA) has published a set of proposals aimed at regulating stablecoin issuance, crypto custody, and financial resilience across cryptoasset firms. The new rules are designed to balance innovation with consumer protection as the country moves closer to a full crypto regulatory framework.

Stablecoins are cryptoassets that aim to maintain a consistent value by referencing fiat currencies such as the pound or dollar. While they are not yet widely used in the UK, regulators see potential for stablecoins to improve the speed and efficiency of cross-border payments using blockchain infrastructure. The FCA’s proposals aim to ensure that any regulated stablecoin maintains its value and is backed by transparent, well-managed reserves.

The consultation follows months of engagement with industry participants and builds on earlier discussion papers. The FCA is also considering incorporating stablecoins into its innovation support services.

“At present, crypto is largely unregulated in the UK,” said David Geale, executive director for payments and digital finance at the FCA. “We want to strike a balance in support of a sector that enables innovation and is underpinned by market integrity and trust.”

The proposals require firms offering crypto custody services to maintain secure, accessible holdings for their customers, and aim to reduce the risk and impact of firm failures. They also provide a foundation for how firms can transition into a future regulatory framework.

The FCA is working closely with the Bank of England to ensure consistency, particularly for stablecoins that could reach systemic scale. Sarah Breeden, deputy governor for financial stability at the Bank of England, said a complementary consultation will be published later this year, addressing industry concerns such as the treatment of returns on backing assets. The consultation runs until 31 July 2025. Final rules will be published in 2026 and are expected to align with HM Treasury’s legislative proposals issued in April.

 

Fintechs eye global growth as partnerships and payment tech take priority

A report from Endava has found that 77% of fintech firms are planning to expand into new markets in the next few years, with many already laying the groundwork to scale. The survey of 500 senior executives across EMEA, APAC and the Americas reveals strong global ambition, tempered by a clear-eyed view of the infrastructure and regulatory hurdles ahead. According to ‘Powering Growth in the Global Payments Race’, 85% of fintech leaders are actively considering cross-border expansion. Top challenges include forming local partnerships (38%), adapting to infrastructure differences (37%), and navigating complex regulatory environments (33%). These practical concerns are prompting many firms to invest in flexible, regionally tailored payment technology.

Nearly half of respondents have already deployed real-time payments (47%) and contactless or NFC capabilities (46%), with a growing number also exploring how artificial intelligence can enhance fraud detection and customer experience. More than half are trialling predictive analytics to anticipate payment trends (56%) and reduce security risks (55%).

Endava’s report highlights that regional payment trends vary significantly. While alternative payment rails are gaining ground in the EU, markets such as North America and the UK are shifting more gradually. In contrast, fintechs operating in Latin America, APAC and the Middle East report a relatively even split between traditional and alternative methods, underlining the need for agile infrastructure.

Partnerships are seen as essential to successful expansion, with 81% of firms rating external collaboration as important. These alliances are particularly valuable for integrating diverse payment technologies (45%) and creating competitive advantages (also 45%), especially in unfamiliar regulatory environments.

Matt Cloke, Chief Technology Officer at Endava, said the findings demonstrate the sector’s growing understanding of how to scale effectively. “While challenges around infrastructure and regulation remain, it’s clear that strong partnerships and the right use of AI will play a key role in helping businesses adapt and thrive in an evolving payments landscape,” he said.

 

Goldman sees upside in European stocks amid economic shift

After a strong start to the year, the prospects for European stocks look relatively positive, with Europe's STOXX 600 index forecast to rise 4% in the next 12 months (as of May 30). Increasing fiscal spending, an improving economic growth outlook, and falling interest rates could all support Europe's stock markets, according to Goldman Sachs Research. On a recent call, the bank’s analysts discussed the opportunities in Europe's broader stock market as well as in utilities, real estate, and food retailers.

Sharon Bell, a senior strategist in Goldman Sachs Research, says European companies that sell to their local markets are in a particularly strong position, in part because they are less exposed to foreign-currency fluctuations. “Domestic companies don't have that dollar exposure, they have underperformed for a long period of time, and they are trading at a deeper discount,” she says.

European utility stocks rose 20% relative to the STOXX 600 in March thanks to their defensive nature as well as signs of growing power demand. After 15 years of falling demand for electricity in Europe, power demand is up 1% in Germany, 1.5% in Italy, and around 4% in Spain so far this year, according to Goldman Sachs Research. “This is completely changing the outlook for topline growth in the industry,” says Alberto Gandolfi, head of European utilities research.

Real estate stocks, particularly German residential real estate, may be undervalued and poised to benefit from potential interest rate cuts, according to Jonathan Kownator, head of European real estate research. Kownator also points out that domestic real estate is less impacted by tariffs, because it faces the European market.

In the retail sector, there could be opportunities among grocers, and in UK food-retail stocks in particular, says Richard Edwards, head of Europe consumer research. Strong inflation, a growing population, and a broad shift from eating out to eating at home all make the UK a particularly attractive market for investors in this sector, he says.

 

Open banking gains ground as New Zealand upgrades payment standard

Payments NZ has launched version 2.3 of its Payment Initiation API standard, marking a key milestone in the evolution of open banking in Aotearoa New Zealand. The four largest banks in New Zealand, ANZ, ASB, BNZ and Westpac, are due to implement the upgraded standard as part of the Minimum Open Banking Implementation Plan. Kiwibank is also expected to adopt the standard by May 2026, extending coverage across the country’s major retail banks.

The new version introduces two significant features: enduring payment consent and decoupled authentication. These enable consumers to approve ongoing payments without re-authenticating each time, and to complete payment approvals separately from the transaction initiation process. Both enhancements aim to offer greater visibility and control, while creating a more flexible alternative to direct debits.

The update follows the recent introduction of the Customer and Product Data Act 2025 and reflects ongoing collaboration across industry stakeholders. Payments NZ reports growing engagement from the open banking community, with seven API providers, 27 registered third parties, and more than 500 contributors now involved in the ecosystem.

Alongside the technical changes, Payments NZ is continuing work on data governance and accessibility. In partnership with Māori data scientists from Nicholson Consulting, it has developed best practice guidelines for data handling, due for release in June. These will align with Māori Data Governance principles to support safe and inclusive digital innovation.

Additional initiatives include new customer experience guidelines, a performance standard to improve service reliability, and an upcoming consultation on version 3.0 of the API standards, expected later this year.

 

Lloyds and BNP Paribas partner on FX execution algorithms

Lloyds has partnered with BNP Paribas to offer its corporate and financial institution clients access to market-leading FX execution algorithms. The collaboration will see Lloyds deliver an FX algorithmic execution service supported by BNP Paribas’ technology, enabling clients to execute large FX trades more efficiently while retaining transparency and control through robust transaction cost analysis (TCA).

Execution algorithms are gaining traction in the global spot FX market, especially among buy-side participants, as demand grows for data-driven execution. These tools offer sophisticated capabilities for hedging large exposures and can provide clients with detailed analytics to support trading decisions and demonstrate best execution.

Clients will gain access to the full algorithmic technology stack, including flexible execution strategies tailored to individual trading objectives. This will allow users to define strategies aligned with their risk appetite, supported by interactive features such as limit pricing and start/stop times. Users can amend, pause, resume or cancel orders mid-execution, and benefit from real-time analytics, comprehensive TCA reporting and dedicated user support.

 

MillTech launches cash management solution through BlackRock partnership

MillTech has launched a cash management solution in partnership with BlackRock’s CacheMatrix, aiming to help investment managers and global corporates manage excess cash more efficiently. The solution provides direct access to a marketplace of tier-1 money market funds, automates investments, and offers transparency over costs and returns.

MillTech, which reports an average annual trading volume of over US$500bn and currently supports more than 250 client entities, is expanding its offering beyond FX risk management. The firm says it is targeting the operational complexity associated with optimising multi-currency cash positions. Treasury teams often struggle with fragmented systems, manual processes, and limited automation when managing global cash. Managing multiple relationships with fund providers adds further complexity, and idle cash frequently ends up underutilised.

The platform is designed to automate the trade lifecycle and simplify onboarding, while enabling access to a range of money market fund providers through a single interface. A rules-based framework supports compliance and control, aiming to reduce manual workload for treasury teams and improve decision-making.

The initiative is being led by recent hires Matthew Shapcott and Neil Gallacher, who both joined from State Street. Shapcott was previously EMEA Head of GlobalLink Business Development, while Gallacher served as Senior Business Development Director and APAC head for GlobalLink Fixed Income.

MillTech has also launched a risk advisory platform, Co-Pilot, as part of its broader expansion strategy. Co-Pilot offers tools such as a hedging simulator and carry-analysis functionality to support FX risk management and cash deployment decisions. To reflect its broader focus, the firm has rebranded from MillTechFX to MillTech.

 

TransferMate partners with Deutsche Bank to expand global payment infrastructure

TransferMate has entered a strategic partnership with Deutsche Bank to expand its B2B cross-border payments infrastructure, with a focus on enhancing local collection and payment capabilities in key global markets. The partnership will allow TransferMate to extend its in-country services, including local collections, cross-border payments, and stored value solutions, starting in selected Asia-Pacific markets. The collaboration is expected to broaden over time to include additional regions, leveraging Deutsche Bank’s international banking network.

By integrating with Deutsche Bank’s systems, TransferMate gains access to local payment rails that reduce friction in global transactions. The agreement also supports TransferMate’s goal of expanding its embedded infrastructure-as-a-service offering across sectors such as education, financial services, and e-commerce.

TransferMate claims the partnership gives it the most extensive local collection coverage of any B2B cross-border payments provider. The firm, which offers white-labelled payments infrastructure to global partners, has built a network designed to simplify and accelerate international transactions by removing the need for multiple banking relationships or intermediaries.

For Deutsche Bank, the partnership supports its strategy of working with fintechs to broaden access to tailored cash management and transaction services. The collaboration reflects a broader trend of banks and fintechs joining forces to scale across markets while offering more efficient and transparent payment solutions.

 

Stripe expands global money management tools for UK firms

Stripe has expanded its money management and international payments offering for UK-based businesses, as part of a broader push to support firms trading globally. The updates allow UK users to hold, manage, and spend balances in multiple currencies within their existing Stripe account, and to make payouts to third parties in 50 countries using just an email address. Businesses can also offer 25 new local payment methods, including UPI in India and Pix in Brazil, file and collect taxes in 102 jurisdictions, and present prices in local currencies across 150 markets.

Stripe’s latest updates also include the launch of what it claims is the world’s first AI foundation model for payments. Designed to detect fraud and other risks, the model has reportedly improved the company’s detection rate for card testing attacks at large businesses from 59% to 97%.

The company is further expanding its embedded finance offering. Businesses in the UK will soon have access to tools such as Stripe Capital, Charge Cards issued through Stripe, and Stripe Treasury, which enables integrated banking capabilities.

“We’re on the cusp of two giant leaps for the economy: stablecoins and AI,” said Stripe cofounder John Collison. “Stablecoins are the underdog that everyone’s sleeping on, and AI is on the cusp of rewiring how commerce takes place online through agentic transactions. Our intent is to pull the future forward for all of you building on Stripe.”

 

NBB launches digital supply chain finance platform

The National Bank of Bahrain (NBB) has launched a fully digital supply chain finance solution aimed at helping corporate buyers and their suppliers improve liquidity and working capital efficiency. The new platform enables suppliers to receive early payment on approved invoices, while allowing buyers to extend payment terms and manage cash flow more effectively. Built on the DigiCorp platform, the solution automates key interactions across the supply chain, reducing manual processes and improving turnaround times.

NBB said the offering is particularly beneficial for small and medium-sized suppliers, giving them access to working capital without taking on additional debt or drawing on existing credit lines. The bank is offering competitive rates and a transparent process to make the service more accessible.

Buyers benefit from improved balance sheet management, more predictable payment cycles, and closer ties with strategic suppliers. Automating the payment process also supports stronger governance and operational efficiency. The launch forms part of NBB’s broader efforts to digitalise its transaction banking services, and aligns with its environmental, social and governance (ESG) goals by supporting financial inclusion and SME development.

 

Sage expands embedded accounting services to North America and Europe

Sage has expanded its Embedded Services offering beyond the UK to include North America and Europe, enabling banks, fintechs and software platforms in these regions to integrate accounting tools directly into their products. The embedded services allow small businesses to access core financial tools including bookkeeping, reporting and compliance without leaving the platforms they already use. For providers, the integration offers a way to boost customer engagement, reduce development costs and offer value-added services without building accounting functionality from scratch.

The expansion comes in response to growing demand among small businesses for more seamless business management solutions. As firms increasingly expect real-time financial insights from within their daily apps, embedded services are emerging as a strategic differentiator for platforms serving the SMB sector.

Sage’s solution includes modular features like a general ledger, real-time financial reporting, and customisable analytics. Depending on the region, it may also support additional tools such as carbon accounting and accountant collaboration. The service is aimed at providers serving self-employed workers and small businesses, with Sage offering headless APIs and other tools to reduce development time and ensure a brand-consistent user experience.