The Payments Modernisation Trap: Why Banks Keep Investing and Keep Falling Behind

On 22 April 2026, the IMF published a note titled "How Agentic AI Will Reshape Payments." It outlined a future where autonomous AI agents initiate, route, and reconcile transactions with minimal human oversight. That same week, SWIFT reminded the industry that 65 percent of cross-border payment messages still contain unstructured address data, six months before the November 2026 ISO 20022 deadline that will reject those messages entirely. And buried in the EU Instant Payments Regulation small print: only a third of European payment service providers are fully ready for the reporting obligations that came due in April.

Three converging deadlines. One overstretched payments team. And a growing suspicion, among heads of payments and COOs across European banking, that the modernisation programme they started years ago has not actually modernised very much at all.

The treadmill that never stops

Payments modernisation inside a bank rarely follows the clean narrative that consultancies and platform vendors would like. The pitch is always the same: migrate to ISO 20022, unlock richer data, enable instant payments, reduce costs. The reality is that most banks have spent the past three years treating ISO 20022 as a messaging migration, swapping MT for MX, rather than a strategic data transformation. The SWIFT cutover in November 2025 was completed, yes, but largely through translation layers and minimal enrichment. As J.P. Morgan noted in its migration guidance, the structured data that was supposed to unlock fraud analytics, sanctions screening, and straight-through processing remains, in most institutions, a project on the backlog.

Now the goalposts have shifted again. The November 2026 SWIFT deadline will reject any cross-border payment message containing unstructured postal addresses via CBPR+ messaging. This is not a soft deadline or a best-effort target. Messages that fail the structured-address requirement will simply not clear. With approximately 65 percent of current messages still using the old format, the remediation effort is not trivial. It touches client onboarding systems, core banking platforms, correspondent banking data, and every channel through which a payment instruction enters the bank. Citi has warned that the downstream impact on trade finance and treasury operations could be significant for institutions that leave this late.

In parallel, the European Central Bank and the European Payments Council have been tightening the SEPA instant credit transfer rulebook. The Instant Payments Regulation requires that every PSP offering standard credit transfers must also offer instant credit transfers, at the same or lower price. The first standardised reporting submissions to the EBA were due in April 2026, covering adoption metrics, Verification of Payee readiness, and sanctions screening performance. According to EY's analysis, two-thirds of PSPs still face material gaps in at least one of those areas.

For the head of payments sitting inside a mid-tier European bank, one also navigating DORA operational resilience requirements and preparing for PSD3, this is not a prioritisation exercise. It is a capacity crisis. Every regulatory deadline absorbs the same pool of budget, the same integration team, and the same change management bandwidth. And just when the roadmap looked like it might start to stabilise, agentic AI arrived.

The third wave no one budgeted for

Agentic payments - transactions initiated, authorised, and settled by AI agents acting on behalf of a user or a business - are no longer a research curiosity. Visa launched its Intelligent Commerce platform in early 2026. Mastercard followed with its Agent Suite in Q2, including a "Know Your Agent" verification framework built to address the identity challenges that regulators have flagged under the AI Act. OpenAI embedded checkout capabilities directly into ChatGPT via its Agentic Commerce Protocol. The infrastructure for machine-initiated payments is being built, and it is being built fast.

The IMF note frames the challenge precisely: regulators will need to reconcile the probabilistic behaviour of agentic AI with the deterministic requirements of payments infrastructure. The proposed solution is a three-layer model, an upstream "intent and orchestration" layer where AI agents operate, sitting above strict, rule-based controls in authorisation and settlement layers. This is sensible in theory. In practice, it means every bank's payments architecture will need to accommodate a new class of payment initiator that does not behave like a human, does not use traditional channels, and operates at a speed and volume that batch-processing systems were never designed to handle.

For banks still working through their ISO 20022 remediation and instant payments compliance, this is the worst possible timing. But the market is not waiting. According to Fenwick's analysis, 53 percent of financial institutions already have AI agents running in production, mostly in compliance, fraud, and operations. The leap to payment initiation is a matter of quarters, not years. And the European Commission's broader digital finance agenda, spanning MiCA, DORA, and the forthcoming Financial Data Access regulation, is creating a regulatory environment where machine-readable, structured data is not optional, it is foundational.

Three strategies banks are using and the trade-offs of each

Faced with this triple pressure, most banks default to one of three approaches. Each has defensible logic. None is sufficient on its own.

The first is sequential compliance: tackle each deadline in order of regulatory urgency, treat each as a standalone project, and move on. This is the most common approach, and it is the reason banks keep investing without gaining strategic ground. Each migration is treated as a cost-of-doing-business exercise rather than a platform investment. The structured data from ISO 20022 never gets connected to fraud models. The instant payments infrastructure never gets extended to new revenue products. The bank passes the audit and misses the opportunity.

The second is the big-bang platform replacement: rip out the legacy payments engine and replace it with a modern, cloud-native stack that handles ISO 20022 natively, supports instant and cross-border rails, and is designed for API-driven initiation. This is the right long-term answer for some institutions, but the execution risk is severe. Multi-year timelines, nine-figure budgets, and the requirement to keep legacy rails running in parallel make this an option for Tier 1 banks with deep pockets and strong executive sponsorship. For everyone else, it is a PowerPoint strategy.

The third is the overlay approach: deploy middleware, translation layers, and API gateways that sit on top of existing infrastructure and abstract the complexity. This is pragmatic and quick, but it creates its own technical debt. Every overlay is another integration point to maintain, another vendor to manage, and another layer of latency in a world where the SEPA instant credit transfer rulebook requires end-to-end processing in under ten seconds. Banks that accumulate too many overlays find themselves with a payments architecture that is modern at the edges and fragile at the core.

Turning compliance investment into strategic advantage

The question that rarely gets asked inside a payments transformation programme is: what are our peers actually doing? Not what they announced at a conference. Not what their vendor partner published in a case study. What are they operationally deploying, and what have they learned from the first six months of running it?

This is where the payments modernisation conversation needs to shift. The banks that are pulling ahead are not the ones with the biggest budgets. They are the ones that treated the ISO 20022 migration as a data quality programme, not just a format conversion. They invested in structured address remediation early, not because they anticipated the November 2026 deadline, but because they understood that richer data drives better sanctions screening, fewer false positives, and lower operational cost per payment. They are now using that same data infrastructure to prepare for agentic payment initiation, because an AI agent that can read structured payment data is fundamentally more useful than one working with free-text fields.

The institutions that benchmark effectively, not against industry averages in a Capco or EY report, but against operational peers in comparable regulatory environments overseen by bodies like ESMA and the FCA, tend to make faster, more confident investment decisions. They know whether their instant payments adoption rate is an outlier or in line with their market. They know whether their Verification of Payee implementation is ahead or behind. They know whether the structured address remediation they are planning is more or less ambitious than what their correspondent banking peers are doing.

Peer intelligence at this level does not come from vendor briefings or analyst reports. It comes from structured, confidential conversations between practitioners who share enough common ground to be candid. Formats like The Connector's Discovery Innovation Meeting, Peer Forum, and the editorial coverage in Finance X Magazine exist specifically to create that space, bringing together heads of payments, COOs, and transformation leads from banks, insurers, and payment institutions to exchange operational intelligence on exactly these kinds of converging pressures. Not as a sales exercise, but as a decision-support mechanism for institutions navigating the G20's transparency agenda and Europe's increasingly demanding regulatory calendar.

Why the next six months are decisive

The November 2026 SWIFT deadline is not negotiable. Banks that have not completed their structured address remediation by then will see cross-border payments rejected. The EBA reporting framework under the Instant Payments Regulation will only get more granular. And the agentic payments infrastructure being built by Visa, Mastercard, and the major tech platforms will not wait for banks to finish their current change programme before it starts generating transaction volume.

The risk is not that any one of these deadlines is unmanageable. The risk is that they are being managed in isolation, by separate teams, against separate budgets, with no shared view of the strategic end state. A bank that treats structured address remediation as a compliance checkbox will do the work and learn nothing. A bank that treats it as the foundation for richer data, better screening, and AI-ready payment processing will do the same work and be in a fundamentally stronger position twelve months from now.

The same logic applies to instant payments. The EU Instant Payments Regulation is forcing banks to offer instant credit transfers at parity pricing. That is a margin compression event if treated in isolation. But it is also a product opportunity, for instant treasury sweeps, for real-time supplier payments, for embedded payment propositions, if the infrastructure is built with extensibility in mind.

The real question

Payments modernisation has been on the strategic agenda of every European bank for the better part of a decade. The institutions that are genuinely modernising, not just migrating — are the ones that have found ways to see clearly what their peers are deploying, to separate signal from noise in an increasingly crowded vendor landscape, and to connect compliance-driven investment to strategic outcomes.

If your payments roadmap for 2026 still reads like a list of regulatory deadlines, it may be worth asking a different question: who else is facing this exact set of pressures, and what are they doing about it that you are not?

The answers are out there. They are just not in the places most banks are looking.