MCPs in Banking: What Executives Need to Know

Larger banks have long relied on Application Programming Interfaces (APIs) to streamline operations, enhance interoperability, and enable digital transformations. Yet, as we enter a new era dominated by agentic artificial intelligence (AI)—AI that autonomously executes actions on behalf of users—traditional APIs are increasingly showing limitations. Banks need to begin thinking differently, considering the adoption of a Model Context Protocol (MCP) as either a complement or replacement to their existing API-driven infrastructure. In this article will explain MCPs in banking, what bank executives need to know to set strategy and how MCPs now plays into vendor selection. For banks that have not started to execute an API strategy, now is the time when you can leapfrog ahead of other banks to place your bank in a better competitive position.

Understanding the Limitations of APIs

APIs have been a cornerstone of digital transformation, enabling integrations between diverse systems and software. All modern core systems, for example, allow an API integration so that you can move data between your core, digital banking platform, CRM system, fraud system, and various other platforms within the bank. Many banks have already “extracted” layers from their core system to reduce reliance on their core and have done so via an API.

In a similar fashion, many banks have used an API strategy to allow their customers to connect to their banking platforms to enable payments, open accounts, integrate their accounting systems, or ingest account data. Every banking-as-a-service bank has some form of an API strategy.

While APIs are structured, predictable, and widely adopted, the technology faces several critical limitations in an increasingly AI-driven world:

• Non-Standard Rigidity: APIs are designed to be static interfaces. They require exacting documentation, careful maintenance, and significant manual intervention when updates or modifications are needed. When we code to an API, we need to know the endpoint’s name, and every vendor and every bank has a different name for the endpoint that handles the sending of a payment, for example.  As such, coding to an API takes time.
• Complexity of Integration: APIs often lead to point-to-point integrations, causing complexity in architecture and higher overhead when managing multiple API endpoints.
• Limited Contextual Awareness: APIs typically lack context-awareness and intelligence. They transmit instructions but rarely carry extensive context, limiting their effectiveness in dynamic, agentic AI scenarios. An API-based payment fraud detection endpoint would test for a specific set of criteria, such as limits, transaction size, and location of the request. As such, an API endpoint is static and considered “dumb.”

Traditional APIs are analogous to having a house with various locked doors, each with a different lock and a set of tools for opening those doors. If you want your commercial customer to be able to access your payments hub and your core system to obtain balance and account information, it will likely be two programing efforts.

These constraints underscore the necessity for a more advanced, dynamic, and flexible solution: the MCP.

What is a Model Context Protocol (MCP)?

MCP is a novel digital communication framework specifically designed to make programming easier for both humans and agentic AI.  Unlike APIs, which primarily handle static requests, MCP dynamically embeds context into every interaction, allowing humans and agentic systems to communicate intentions, constraints, and contextual nuances more effectively.

In simple terms, an MCP provides “why” alongside the “what,” ensuring systems understand not only the action but also the intent and circumstances behind it. In this context, an MCP is considered “smart” compared to an API. Where a human coder would have to know what a specific endpoint is called to process the sending of a payment, now they can query the MCP to automatically connect to the payment send endpoint.

Why MCPs in Banking Are Ideal for Agentic AI

While MCPs are easier to program to than an API by humans, where MCPs really shine is when agentic AI is involved as these agents are capable of autonomous decision-making and actions and can code themselves to an MCP. Banks increasingly rely on these intelligent agents for tasks such as customer service automation, fraud detection, and personalized financial advice. As such, banks can use MCPs to allow their vendors and customers to connect while creating agentic AI that can connect to vendor MCPs.

MCP is inherently suited to this agentic environment because it:

• Enhances Contextual Understanding: MCPs transmit richer metadata with every transaction, empowering AI agents to interpret and act on comprehensive contextual clues, enhancing decision-making quality.
• Reduces Integration Friction: MCP simplifies integrations by standardizing context exchange formats, significantly reducing complexity compared to traditional point-to-point API integrations.
• Enables Autonomous Adaptability: MCP-driven systems dynamically adjust their behavior in real-time, responding autonomously to shifting contexts without manual updates, thus significantly reducing downtime and increasing agility.

Efficiency Gains: Programming MCP vs. API

One of the most compelling arguments for MCP is the reduced programming and deployment time compared to APIs. Here’s how MCP streamlines the process:

1. Standardization of Contextual Data:
   • MCP employs standardized data formats for contextual information, eliminating the guesswork that often accompanies API integrations.
2. Rapid Adaptation and Scaling:
   • MCP systems quickly adapt to new business requirements and contexts without exhaustive reprogramming. This results in a quicker go-to-market timeline and reduced IT maintenance.
3. Reduced Documentation Overhead:
   • Since MCPs embed context directly, extensive documentation (a hallmark of traditional APIs) becomes less critical, thus freeing up development resources.

Graphically, here is a comparison of programing time benchmarked around a commercial treasury customer connecting to a bank’s API vs. MCP.

Banks can thus accelerate innovation, significantly reducing their time to market for new products and enhancements while making it easier for their customers and vendors to integrate into the bank.

Risks and Mitigates of Implementing MCPs – JPM’s Open Letter

Transitioning to MCP in banking from established API systems is not without risks. With richer context transmission and automation comes increased sensitivity and vulnerability. As such, MCPs are more complex to stand up.

JP Morgan Chase (JPM) recently issued an industry-shifting open letter to third-party suppliers that is a must read for every bank CIO and CTO (HERE). In it, JPM highlights the need at all banks to modernize security architecture and increase security layers as many API and other connectors grant attackers another vector of attack while providing unprecedented access.

MCPs, if constructed correctly, can mitigate third-party attack vectors. Doing so requires the following mitigants:

• Implement strict encryption protocols.
• Deploy continuous monitoring and adaptive cybersecurity practices.
• Employ robust authentication and authorization frameworks specifically designed for MCP contexts.

Risk: Complexity and Misinterpretation

The sophistication of MCPin banking increases the potential for miscommunication between systems if improperly implemented.

Mitigants:

• Standardize MCP frameworks through internal guidelines.
• Adopt thorough testing practices to validate contextual interpretations.
• Regularly update contextual models with supervised machine learning feedback loops.

Risk: Integration Costs and Technical Debt

Transitioning from APIs to MCP could initially require significant investment.

Mitigants:

• Phased implementation to control costs.
• Integrate MCP alongside APIs initially, using a hybrid model to gradually transition.
• Leverage cloud platforms offering MCP-supportive infrastructures.

Real-World Banking Examples of MCP Usage

Consider the following scenarios showcasing MCP’s advantages:

• Payment Hubs: Fintechs and commercial customers can leverage bank MCPs to quickly connect enterprise systems to integrate payment streams, accounts payable and receivables to a bank’s payment hub enabling not just a variety of payments but the handling of fraud, exceptions, reporting, and post-transaction processing.
• Fraud Detection: An MCP-enabled fraud detection system can autonomously adjust security checks based on real-time transaction contexts, such as unusual geolocations or suspicious transaction behaviors, improving response times and reducing false positives. Where this layer of security is often at the transaction layer, now it moves to the perimeter providing better bank fraud risk mitigation.
• Automated Financial Advisory: Agentic financial advisors utilizing MCPs can dynamically interpret customer contexts—like changes in spending behavior or market conditions—to provide proactive, timely financial recommendations.

Embracing the MCP Opportunity

Banks face intense competitive pressure to innovate, improve customer experiences, and leverage AI. Adopting MCP technology enables banks to deliver enhanced agentic capabilities, streamline integration complexities, and significantly reduce operational friction.

Banks must recognize that APIs alone may soon become inadequate to meet the demands of advanced agentic AI environments. By investing now in MCP, forward-looking banks position themselves strategically at the forefront of financial innovation, customer engagement, and operational excellence.