Skip to content
computer generated illustration of the growth of an ecosystem

Five ways banking CROs are increasing agility

Authors

  • Nigel Moden

    EY Global Banking and Capital Markets Leader; EY EMEIA Banking and Capital Markets Lead

  • Tom Campanile

    EY Global and Americas Financial Services Risk Consulting Leader

  • Christopher Woolard CBE

    EY Partner, Financial Services Consulting, Ernst & Young LLP; EY UK FinTech Leader; EY Financial Services Regulatory Network Chair; EY EMEIA Financial Services Regulation Leader

8 minute read 18 Feb 2025
Related topics
Banking and capital markets
Risk and regulatory transformation
Enterprise protection in banking
Financial services
Transformation strategies for banking leaders

The results of the latest EY/IIF global risk management survey highlight the need for increased agility against diversifying risks.

In brief

  • Cyber risks, cited by 75% of global CROs, remain the top concern for the year ahead, followed by operational resilience (38%) and geopolitical risk (36%).
  • Artificial intelligence (AI) is an increasing priority, with 49% of CROs saying it’s a key initiative for the next three years, especially to transforming risk management practices.
  • The results show a fluid risk landscape and the influence of powerful external forces, from monetary policy to trade tensions and geopolitical conflict. 

Given the fluidity in risk priorities and the variety of stakeholders (including boards, business leaders and regulators) chief risk officers (CROs) must support and satisfy, agility has become more important to effective risk management today. The 2024 EY/Institute of International Finance (IIF) global bank risk management survey of CROs provides insights into how CROs are seeking to instill that agility in their operations. These efforts are multi-dimensional – involving enhanced policies, controls and frameworks, as well as new processes, technology and talent. These proactive actions will better prepare CROs and business leaders to respond more rapidly and purposefully to shifts in the risk landscape and other market developments.  

Download the EY/IIF global bank risk management survey

PDF (13 MB)

Top five ways CROs are increasing agility today

1. Expanding use of scenario planning

Expanding the use of scenario planning is crucial for gaining insights into how risks are likely to impact the organization and how they might evolve in the future. According to our results, CROs are increasingly using scenario analysis across multiple risk types, including geopolitical, financial and climate risks. A large percentage of CROs, especially from global systemically important banks (G-SIBs) and banks in Asia-Pacific, are placing a high priority on scenario planning.

  • 58% cite scenario analysis and/or stress testing as among the most important mechanisms to support management of climate-change risks. 
  • 56% of CROs say they are expanding political risk assessment and scenario planning to mitigate geopolitical risk, with much higher percentages from G-SIBs (82%), banks in Asia-Pacific (83%) and the largest institutions (86%).
  • 52% say risk measurement, stress testing and scenario analysis top the list of their planned enhancements to financial risk management capabilities.
CRO priorities
cite scenario analysis and/or stress testing as among the most important mechanisms to support management of climate-change risks.

Related Services

  • Global Regulatory Network

    Our Global Regulatory Network, consisting of former regulators and bankers from the Americas, Asia and Europe, provides strategic insights on financial regulation that helps clients adapt to the changing regulatory landscape.

    Read more

2. Deploying AI to transform risk management

The transformative potential of artificial intelligence is becoming clearer to banking executives, and more CROs are putting it to use in multiple contexts. Significant numbers of CROs told us they were using AI (including generative AI or GenAI) to more efficiently or effectively identify, manage, monitor and report on operational fraud (59%), compliance (44%) and credit (40%) risks.

 

Specific applications range from scanning the horizon for risk detection to streamlining routine activities. Interestingly, banks in Latin America are prioritizing the use of AI to automate operational tasks (59%) more than their peers in Europe (21%) and globally (41%).

 

Our results confirm that CROs, like their counterparts in the business, recognize AI’s versatility. AI will help banks respond more nimbly to emerging threats and free up risk management teams to focus on high-value analytical work – rather than routine administrative tasks.


Related Services

3. Enhancing financial risk management as a strategic response to shifting priorities

This year’s results indicate a notable shift in risk priorities for the next 12 months, driven by the rise of geopolitical risks and the increasing significance of non-financial threats, such as cybersecurity, climate change, and regulatory compliance. These factors have overshadowed traditional financial risks, which, for the first time in a decade, did not rank among the top 10 priorities. This shift can also be attributed to increased confidence in existing controls, following heightened scrutiny of financial risks in response to the events of Spring 2023.

 

Nevertheless, enhancing financial risk management measures remains a priority, even as non-financial risks take center stage this year. CROs recognize the ongoing importance of financial risks and are planning significant enhancements to their risk management strategies. Furthermore, the increasing emphasis on diverse, non-financial risks underscores the need for CROs to adopt a forward-looking approach and prioritize responsiveness.

In fact, CROs are acting on multiple fronts to prepare for potential downturns: nearly two-thirds (62%) are reducing the risk appetite or curtailing lending to certain high-risk industries and geographies, while more than half (56%) are tightening lending standards (e.g., reducing covenant-lite). Again, these forward-looking steps will allow banks to adapt quickly in the event of a slowdown.

 

CROs are planning other enhancements to financial risk management capabilities. Beyond more extensive risk measurement, stress testing and scenario analysis (cited by 52% of CROs), upgrading the risk technology and data modernization infrastructure is a priority for 51% of our respondents. Clearly, CROs are taking a “both/and” rather than an “either/or” approach to prepare for future evolution of financial risks.

 

CROs are also adopting forward-looking and proactive approaches to manage liquidity risk: stress testing, including severe but plausible scenarios, is the most important tool for managing liquidity risk, according to 77% of our respondents (and 83% of G-SIB CROs). This is followed by early warning indicators to detect emergent stress conditions, which was cited by 54% of our respondents (and 67% from G-SIBs).

 

4. Seeking new skills and talents

Though risk management is increasingly technology-enabled and data-driven, it remains highly reliant on human talent.

 

"To maintain their competitive position, banking CROs must prioritize both technology and talent; it’s not one or the other. Data shows that AI alone isn't enough; it's the human talent that complements it, ensuring rigorous risk management in an increasingly complex banking environment," says Nigel Moden, EY Global and EMEIA Banking and Capital Markets Leader.

 

That’s why CROs are aggressively looking to expand and diversify the talent base. Their top priorities for skills and talent include digital acumen (63%), followed by the ability to adapt in a changing risk environment (54%) and deeper specialization in at least one domain (51%). 


A notably greater proportion of G-SIB CROs (83%) say they are looking for risk professionals with the ability to adapt to a changing risk environment than do all respondents (54%), perhaps reflecting the impact of geopolitical risks on the largest global banks.

As with last year’s results, cybersecurity is still the most challenging skillset to attract, especially for G-SIB CROs (83% of whom say it was challenging) and those from the largest banks (75%), compared to 52% of their peers at all banks. Cyber and AI are expected to be the most in-demand skills in three years.

The focus on digital acumen—including technology, data, generative AI, and programming—highlights the essential role of skilled human talent in effectively harnessing AI to enhance risk management. Furthermore, adaptability and strong business knowledge will foster agility, driving robust practices and improved outcomes for organizations.

Data shows that AI alone isn't enough; it's the human talent that complements it, ensuring rigorous risk management in an increasingly complex banking environment.

Nigel Moden

EY Global Banking and Capital Markets Leader; EY EMEIA Banking and Capital Markets Lead

5. Optimizing the organizational model

Every year, our results highlight how CROs are adjusting their operating models to meet increasing demand from the business and adjust to evolving risk profiles. About two-thirds (64%) of our survey respondents expect to add more risk management resources in the front line during the next three years. A similar percentage (68%) predict more full-time employees will join the second line in that same time frame. There is also more frequent discussion of the best way to design operating models (e.g., centralizing essential services for enterprise support or embedding more capabilities directly into the business).

Currently, relatively few CROs are using outsourcing (16%) or right-shoring strategies (35%) to a significant extent in their talent management strategies. But they expect those figures to grow significantly – to 40% and 64%, respectively – during the next three years. Whether the primary motivation is to access specialized talent, take advantage of advanced tech or control labor costs, outsourcing and right-shoring, along with larger staffs, will help instill agility in risk management.

Nine recommended actions for banks

Insights from our survey reveal that CROs looking to instill operational agility should consider nine strategic actions.

  1. Develop comprehensive scenario planning for operational and geopolitical risks, conduct more extensive stress tests, enhance resilience strategies and monitor geopolitical developments.
  2. Use AI and machine learning (ML) to enhance scenario planning and stress testing capabilities to help simulate a wider range of scenarios and predict potential impacts on the organization.
  3. Implement a strategic hiring plan to enhance key capabilities in the first and second lines. Focus on emerging risk areas like cybersecurity and AI and provide continuous skill updates.
  4. Create a detailed AI strategy that aligns with overall risk management objectives and business goals, outlining specific use cases for AI, such as data analysis, fraud detection, compliance monitoring and operational task automation.
  5. Adopt tools that support continuous monitoring and real-time risk analytics to help assess risk exposure, analyze data in real-time and ensure compliance with regulatory requirements.
  6. Strengthen the analytics supporting the credit risk management framework to enable agile adjustments to lending standards, collateral requirements, and the management of exposures to high-risk industries and geographies.
  7. Promote a culture of risk awareness and accountability at all levels of the organization, with regular training, clear communication of risk policies and incentives for employees to report potential risks.
  8. Adopt proactive risk management techniques by implementing agile methodologies and fostering a mindset of continuous improvement and adaptability.
  9. Assess the current operating model to identify areas where shared services or new sourcing models could improve performance and create more flexibility.

Download the EY/IIF global bank risk management survey

PDF (13 MB)

Summary

The highly dynamic, occasionally volatile nature of the banking business demands that CROs expect the unexpected, model a broader range of scenarios and respond decisively when the unexpected inevitably occurs. The good news, as our survey results demonstrate, is that so many are taking holistic action to instill the agility their institutions need to thrive in a dynamic environment. 

Related content

Using AI to improve a bank’s agent effectiveness

Leveraging the power of AI and machine learning, one bank mined sales agents’ calls for performance-boosting insights. Learn more in this case study.

17 Jan 2023

    About this article

    Authors

    • Nigel Moden
      EY Global Banking and Capital Markets Leader; EY EMEIA Banking and Capital Markets Lead
    • Tom Campanile
      EY Global and Americas Financial Services Risk Consulting Leader
    • Christopher Woolard CBE
      EY Partner, Financial Services Consulting, Ernst & Young LLP; EY UK FinTech Leader; EY Financial Services Regulatory Network Chair; EY EMEIA Financial Services Regulation Leader
    Related topics
    Banking and capital markets
    Risk and regulatory transformation
    Enterprise protection in banking
    Financial services
    Transformation strategies for banking leaders

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
    You are visiting EY mena (en)
    mena en