Navigating Uncertainty: Key Takeaways from the 2025 EY/IIF Bank Risk Management Survey

The financial sector continues to navigate an increasingly complex risk landscape, as highlighted in the 14th annual EY and Institute of International Finance (IIF) Global Bank Risk Management Survey. The survey, which gathered insights from Chief Risk Officers (CROs) across 115 banks in 45 countries, underscores the growing significance of external threats, technological disruptions, and regulatory complexities shaping risk management strategies. Cyber risks, cited by 75% of global CROs, remain the top concern for the year ahead, followed closely by operational resilience at 38% and geopolitical risk at 36%. Artificial intelligence (AI) is also becoming an increasing priority, with 49% of CROs identifying it as a key initiative for the next three years, particularly in transforming risk management practices. Here’s a deep dive into the critical takeaways from the survey:

1. Cybersecurity Dominates Risk Priorities

Cyber threats remain the top concern for both CROs and boards, driven by the increasing sophistication of cyberattacks, the expansion of digital banking services, and the heightened regulatory scrutiny around data protection. Operational resilience, closely tied to cybersecurity, remains a priority as financial institutions strengthen their defenses against systemic shocks and technology failures.

2. The Rise of Geopolitical Risk

Geopolitical uncertainty has surged as a primary risk, moving from the 12th highest priority last year to the third position in 2025. Armed conflicts, trade tensions, and shifting regulatory policies have created significant concerns about financial stability, market volatility, and the potential impact on global banking operations. CROs are increasingly incorporating scenario planning to mitigate these risks effectively.

3. Evolving Financial Risk Landscape

Interestingly, no financial risk ranked among the top 10 priorities this year, marking a shift in focus towards emerging non-financial threats. While liquidity risk, which was the fourth-highest priority last year, dropped to 13th place, wholesale credit risk emerged as the top financial concern. Banks are leveraging stress testing and enhanced credit risk management strategies to navigate evolving economic conditions.

4. Technology, AI, and Data Governance Take Center Stage

The rapid adoption of Artificial Intelligence (AI) and Machine Learning (ML) is reshaping risk management. While AI-driven automation enhances efficiency, it also introduces new challenges related to data quality, ethical considerations, and regulatory compliance. CROs are emphasizing governance structures to manage AI-related risks while leveraging data analytics for real-time risk monitoring.

5. Talent and Skills Gap in Risk Management

The demand for digital acumen and AI expertise is rising, with 63% of CROs prioritizing hires with generative AI capabilities. Attracting and retaining talent in cybersecurity, data science, and quantitative risk analysis remains a challenge, prompting banks to refine their workforce strategies and invest in upskilling initiatives.

6. ESG and Climate Risk Management

Although Environmental, Social, and Governance (ESG) concerns have slightly receded from previous years, they remain a significant focus, particularly for Global Systemically Important Banks (G-SIBs). CROs are integrating climate-related stress testing into risk frameworks, ensuring regulatory compliance with evolving sustainability disclosure requirements.

7. Regulatory Uncertainty and Compliance Challenges

With shifting political landscapes and evolving supervisory expectations, banks face growing regulatory complexities. The survey highlights the impact of Basel III capital requirements, data protection regulations, and sustainability disclosures on banks’ competitive positioning. CROs are prioritizing governance enhancements and compliance frameworks to meet these evolving demands.

8. Strengthening Operational Resilience

Operational resilience remains a top priority, as recent IT disruptions have underscored the need for robust risk mitigation strategies. Banks are enhancing their disaster recovery plans, third-party risk management, and business continuity frameworks to safeguard against cyber incidents and infrastructure failures.

Looking Ahead: The Future of Bank Risk Management

The survey results reinforce the need for banks to adopt agile, technology-driven risk management strategies. With the convergence of cyber threats, geopolitical risks, and regulatory changes, CROs must foster a proactive, forward-looking approach to risk oversight. The future of banking will be defined by institutions that can effectively balance risk mitigation with innovation, ensuring resilience in an era of uncertainty.

Reference

• 14th annual EY/IIF global bank risk management survey: Agility in volatility: Rebalancing CRO priorities in a shifting risk matrix - Five ways banking CROs are increasing agility | EY - US