Treasury and payments leaders are entering a phase where risks are no longer isolated events but interconnected forces that reinforce and amplify each other. Geopolitical tensions, persistent inflationary pressures, elevated borrowing costs, and the rapid evolution of fraud, particularly AI-driven threats are converging to reshape priorities across the function.

The challenge is no longer identifying individual risks. It is understanding how they interact, and how treasury must respond with greater control, visibility, and coordination across payments, liquidity, and risk management.

Four areas, in particular, will define treasury and payments strategy, control, and execution through the rest of 2026.

Payments security: the defining challenge of 2026 and beyond

If one area stands out as the most immediate and persistent concern, it is payments security.

The evolution of payments fraud is no longer incremental, it is exponential. AI-driven attacks, including voice cloning and deepfake-enabled social engineering, are shifting fraud from opportunistic to highly targeted and scalable. The emergence of advanced AI capabilities such as Anthropic’s Mythos AI further underscores how rapidly the threat landscape is evolving, and how dangerous it is becoming.

According to recent reporting by Reuters, Anthropic’s Mythos Preview has demonstrated an ability to identify and exploit previously unknown vulnerabilities across major operating systems and web browsers. In internal testing, it reportedly uncovered “thousands” of high and critical-severity vulnerabilities—exposing pathways that could lead to data compromise, operational disruption, and systemic financial risk.

This marks a significant shift. AI is no longer just enabling more convincing fraud narratives, it is increasingly capable of identifying the technical weaknesses that make such attacks possible in the first place.

The result is a step-change in both sophistication and speed. Fraud attempts now move rapidly across channels, exploit organizational silos, and increasingly target the payments layer, where the financial impact is immediate and often irreversible.

At the same time, defensive capabilities are not keeping pace. Findings from the Association for Financial Professionals 2026 AFP® Payments Fraud and Control Survey Report reveal that only 17% of organizations are currently using AI to combat payments fraud, despite its demonstrated benefits in detection and efficiency.

Many cite the immaturity of the technology, lack of awareness of available AI tools, cost constraints, and reliance on existing controls or banking partners as key barriers to adoption, as per the 2026 AFP ® Payments Fraud and Control Survey Report.

This gap between rapidly advancing threats and slower adoption of advanced controls is creating a widening exposure, one that malicious actors are increasingly exploiting.

A consistent pattern across treasury and payments analysis is that organizations are not losing funds because controls do not exist, but because controls are fragmented, inconsistently applied, or bypassed through human manipulation.

This is why payments security can no longer sit solely within Accounts Payable, Accounting, or Controller functions. It must become a core treasury responsibility, embedded within payment workflows, approval hierarchies, and bank connectivity.

The AFP Survey findings reinforce this shift. Treasury is most frequently responsible for detecting payments fraud—identifying 83% of attempted and 55% of actual fraud cases. At the same time, treasury is typically the primary owner of fraud reporting, response, and recovery, working in coordination with AP, accounting, risk, legal, and banking partners, as highlighted in the AFP ® Payments Fraud and Control Survey Report.

This central positioning gives treasury a unique vantage point across payment initiation, bank activity monitoring, and control enforcement, making it the natural function to lead an integrated payments security strategy.

Training, too, must evolve. Static awareness programs are insufficient against dynamic, AI-enabled threats. Treasury teams require continuous, scenario-based training aligned with real-world fraud patterns, combined with stronger validation protocols, segregation of duties, and real-time monitoring.

The implication is clear: for treasury and payments leaders, payments security is no longer a supporting function. It is the front line of financial defence—and likely the single biggest source of concern through 2026 and beyond.

Liquidity, working capital, and cost of capital: A renewed financial discipline

At the same time, tightening financial conditions are redefining the discipline required to manage liquidity, working capital, and capital allocation.

Inflation continues to ripple through corporate balance sheets, raising input costs, extending cash conversion cycles, and placing pressure on margins. When combined with elevated interest rates, the result is a significantly higher cost of capital and a sharper focus on liquidity efficiency.

This dual pressure is forcing treasury to return to fundamentals, while simultaneously operating at a higher level of sophistication.

Working capital metrics such as DSO (Days Sales Outstanding), DPO (Days Payable Outstanding), and Working capital as a percentage of sales remain important but are no longer sufficient on their own. Treasury must now integrate these with forward-looking liquidity indicators, stress scenarios, and dynamic cash forecasting models that reflect real-time business conditions.

Cash forecasting itself is undergoing a transformation. Expectations are rising: forecasts must be more accurate, more frequent, and more responsive to volatility. AI and advanced analytics offer promise, but they also require clean data, integrated systems, and disciplined processes to deliver value.

At the same time, higher borrowing costs are reshaping capital allocation decisions. Organizations are reassessing funding strategies, optimizing liquidity buffers, and balancing the trade-off between holding cash and deploying it efficiently.

In this environment, liquidity is no longer just a safeguard, it is a strategic asset. Treasury’s role is to ensure that this asset is visible, accessible, and optimized across the enterprise.

Interconnected and interdependent risk: From disruption to risk propagation

One of the most important shifts in recent years is how risks propagate.

Geopolitical events—such as a potential escalation in the U.S.–Israel war against Iran, do not remain confined to a single domain. They cascade across energy markets, the semiconductor industry, agriculture, aviation, supply chains, inflation dynamics, and financial conditions.

A disruption in oil supply can drive energy prices higher. This, in turn, can increase production and transportation costs, contributing to inflationary pressures. Suppliers may face margin compression and liquidity strain, raising counterparty risk. At the same time, currency volatility and capital flow shifts can impact funding costs and hedging strategies.

This is the reality of interconnected and interdependent risks.

CTMfile’s recent analysis on a dynamic risk framework highlight that the value lies not just in identifying risks, but in connecting them across financial and operational layers.

For treasury, this requires a more integrated approach:

• Linking market risk, credit risk, and operational risk.
• Monitoring supplier health alongside liquidity metrics.
• Stress-testing scenarios that reflect multi-factor shocks.

It also requires closer collaboration across functions—finance, procurement, risk, and operations—to ensure that signals are shared and responses are coordinated.

In a world where disruptions are inevitable, resilience depends on how quickly and effectively treasury can translate risk indicators into action.

Payments as strategic control layer: ISO 20022 and the “superintendent of payments” model

Against this backdrop, payments themselves are being redefined.

Historically viewed as an operational process, payments are now emerging as a strategic control point, and increasingly, the centrepiece of corporate finance and treasury, driving visibility, risk management, and decision-making.

The adoption of ISO 20022 is a key enabler. Richer, structured data improves reconciliation, enhances transparency, and provides additional data insights to support fraud detection and cash forecasting. For corporates, this is not just a compliance exercise, it is an opportunity to modernize payment infrastructure and unlock greater value from transaction data.

At the same time, robust payments governance is becoming critical.

The concept of treasury acting as the “superintendent of payments,” as articulated by Craig Jeffery, Managing Partner at Strategic Treasurer LLC in a recent CTMfile interview, reflects a shift toward centralized oversight and coordination. In this model, treasury is responsible for ensuring that payments are not only executed efficiently, but also secured, optimized, and aligned with enterprise-wide objectives. ⃰   

This includes:

• Mapping all payment flows across systems, payment methods, banks, and accounts.
• Defining a formal payments framework with clear roles, processes, and controls.
• Embedding role-specific payment security training for all involved personnel.
• Documenting banking structures and payment flows across accounts and entities.
• Strengthening payment data governance across its lifecycle and exposure points.
• Leveraging enterprise-wide payment security services from banks and third-party providers.
• Conducting regular payment security assessments (internal and external).
• Maintaining structured updates on payment formats, regulations, and industry developments.

In an environment defined by risk and complexity, this level of oversight is no longer optional. It is essential.

Conclusion

Taken together, these four pressures—payments security, liquidity discipline, interconnected risk, and payments strategy—will define how treasury and payments functions operate through the rest of 2026.

Individually, each demands attention. Collectively, they require a more integrated, systematic, and forward-looking approach to managing payments, liquidity, and risk.

In navigating these forces, treasury is evolving beyond its traditional role in cash management and transaction execution into a control centre, one that connects payments, liquidity, and risk across the enterprise with greater visibility, coordination, and control.

For treasury and payments leaders, the mandate is clear: to move faster, gain deeper visibility, and exercise greater control, while operating in an environment where risks are more dynamic, more interconnected, and more consequential.

The rest of 2026 will not be defined by any single risk, but by how effectively treasury and payments understand and act on the connections between them.

 

⃰ Disclosure: Strategic Treasurer owns CTMfile.