Why the Model Context Protocol Isn't Quite Ready for Banks and Regulated Industries

The Model Context Protocol (MCP) has been gaining users rapidly since its launch in November. This popularity surge suggests a potential industry-wide adoption of the protocol. However, it’s interesting to note that key players seem to have a certain reticence - these are the regulated industries, particularly financial institutions.

Banks, lenders, and other finance-related firms may already be well-acquainted with AI, some even leveraging machine learning to offer clients innovative solutions such as robo-advisors. Yet, hesitation persists in getting onboard the MCP and Agent2Agent (A2A) hype train. Whilst several of these regulated enterprises have started utilizing AI internally, most are mindful of staying on the right side of the compliance line.

As companies start to set up MCP servers and develop multi-agent systems, the challenge lies in control. Banks and similar entities are seeking stronger assurances about integration. They need to be certain that only approved tasks and tools are being utilized.

John Waldron, senior vice president at Elavon, a U.S. Bank subsidiary, expressed some of these concerns in a recent interview. While they are exploring MCP utilization, there are many questions about standards, traceability, and the potential for risk leakage.