Meeting the moment: Strengthening internal controls and governance amid rapid FSI innovation

Talking points

• Rapid technological advances and changing regulations are fueling innovation in the financial services industry (FSI).
• New offerings like stablecoin payments, lending apps, and tokenized investments are driving collaboration among FSI sectors and convergence with other industries.
• Seizing these financial product opportunities requires effective financial internal controls and a strong product governance framework to manage the risks of complex offerings.

Groundbreaking technologies like artificial intelligence (AI) and blockchain  digital asset applications are reshaping the financial services industry with breathtaking speed. These innovations aren’t just changing the kinds of financial products being developed—they’re bringing together different sectors within financial services and forging new partnerships with other industries such as technology, travel, and transportation.

Banks and payment platforms, for example, have announced plans to let customers transact using stablecoins—cryptocurrencies attached to traditional currencies such as the US dollar and euro. Meanwhile, a popular food delivery company has expanded its services by offering lending options to participating restaurants, while commercial real estate firms harness tokenization to transform office buildings into fractional investment opportunities.

Important questions about risk and assurance

In light of this rapid innovation, we’re getting more questions from finance and accounting leaders in FSI organizations about how to navigate the transforming landscape. For instance, they’re asking:

• How can they manage the fast-changing regulatory environment for emerging financial products?
• What risks should they guard against, and are their controls and governance adequate?
• Do they have the talent and skills in-house to meet regulatory, accounting, reporting, and governance requirements?

Strong controls and governance frameworks are essential, as are professionals who can design and deploy them. Ahead, we’ll explore critical controls and governance considerations for emerging financial services and products.

Navigating the regulatory rapids

The pace of innovation in financial products often outstrips the speed at which regulations can adapt, creating a dynamic environment where both are evolving in tandem. Sometimes, swift regulatory changes actively spur the development of new offerings—such as digital assets like tokens and stablecoins.

Starting in January 2025, for example, the SEC adopted more flexible digital asset regulations to promote capital formation, accelerating growth in cryptocurrencies and other digital assets. New laws like the GENIUS Act,  effective July 18, 2025, set standards for stablecoins and are expected to increase their adoption by major payment providers and merchants. The Act specifies audit requirements for large stablecoin issuers, including requirements for expectations for internal controls over financial reporting (ICFR). Staying informed about these developments is vital for anyone creating new financial products.

Bolstering your processes and skills

Launching a disruptive new product or service especially in a new sector or industry requires not only new operational processes, but potentially new professionals  who understand regulatory, governance, and control requirements. Managing digital assets such as tokens, for example, requires specialized support in technical accounting, valuation, reconciliation, tracking, financial reporting, and so on. Equally critical is having a dedicated individual on your governance team with a strong background in risk process controls—someone who takes ownership of operational risk management for product launches, including ICFR.

Early adoption of governance and controls frameworks for low-risk growth

Faced with rapid innovation and frequent product launches, some FSI organizations fall into the trap of delaying the rollout of robust governance frameworks and controls for new products or sectors. However, moving too slowly on the implementation of internal controls can heighten vulnerabilities and risks—such as data integrity issues, cybersecurity threats, noncompliant reporting, financial misstatements, regulatory penalties, fraud, system downtime, and reputational harm.

Embedding governance and controls early into the product development life cycle significantly mitigates these risks. Investing in a strong enterprise risk management (ERM) and governance framework can allow organizations to efficiently identify and address both threats and opportunities.

The importance of change management

Effectively managing and adapting to change is one of the bigger challenges in financial product development. Establishing a robust change management framework is essential, providing a clear methodology for overseeing the pipeline and sequence of changes for each new product. Discipline in executing this methodology is important—establishing that controls are deployed and tested before products go live. Proactively managing risk and controls alongside these changes can help safeguard the integrity and effectiveness of new products.

Leading practices to consider

By proactively addressing risk and controls and adopting leading practices early, FSI organizations can launch new products with confidence and increase their chances of strong market performance. Consider these strategic governance, risk, and control practices:

• Assess your people to confirm that you have somebody on your overall governance team with the required controls experience and skill set. 
• Continuously review the regulatory landscape. Staying current with evolving regulations, especially in the digital asset and AI space, can help reduce risks and prevent future issues.
• Integrate risk management procedures and controls into product development from the start, rather than as an afterthought.
• Apply change management methodologies and mechanisms before launching products.
• Prioritize operational readiness and staff training so that governance and controls can be effectively managed.
• Invest in strong privacy and security controls for data protection and risk mitigation.

What role can Deloitte play?

As financial services organizations accelerate innovation and launch more   complex products, robust internal controls are increasingly important. Deloitte can provide guidance around governance and controls for these innovative services and products. For more information, check out our FSI Predictions. Or visit our FSI Audit & Assurance services page to reach out to our team.

The services described herein are illustrative in nature and are intended to demonstrate our experience and capabilities in these areas; however, due to independence restrictions that may apply to audit clients (including affiliates) of Deloitte & Touche LLP, we may be unable to provide certain services based on individual facts and circumstances.

This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.