• Credit risk and financial crime return as top priorities
• Cybersecurity remains highest near term threat at 86 percent
• Private credit growth increases exposure complexity
• AI adoption advancing but constrained by data quality
• Digital skills and upskilling critical as teams face pressure
• Digital assets expand cyber and financial crime risk perimeter

Traditional banking risks are making a forceful return just as digital threats intensify, according to the 15th EY and Institute of International Finance Global Bank Risk Management Survey.

The study, based on responses from 101 banks across 31 countries, signals a decisive shift in priorities for chief risk officers.

Credit risk and financial crime have moved back to center stage, while cybersecurity, digital fraud, and artificial intelligence are expanding the scope of oversight.

Geopolitical tension is a defining force in several regions. In Europe, 95 percent of chief risk officers surveyed say geopolitical developments are shaping their strategic agenda.

The figure is 90 percent in the Middle East and North Africa. By contrast, only 57 percent of CROs in Latin America cite geopolitics as a primary driver, with 76 percent instead identifying rapid technological change as the dominant external influence.

Credit risk has reemerged as a leading concern, cited by 62 percent of respondents. Rising default risks and competitive pressures from non-bank lenders are driving renewed scrutiny.

Financial crime concerns have also climbed sharply, reaching 43 percent, up from 23 percent a year earlier. Digital fraud has jumped to 59 percent from 23 percent, underscoring the scale of technology-enabled threats.

The rapid expansion of private credit is adding complexity to banks’ exposure analysis.

More than one third of respondents say private credit growth has increased the difficulty of assessing risk, while 26 percent report rising concentrations of credit and counterparty exposure.

Many institutions are revisiting exposure limits and strengthening scenario analysis around non-bank financial intermediaries.

Cybersecurity remains the most pressing near-term threat, identified by 86 percent of CROs. The continued escalation of cyber incidents and their potential to disrupt critical operations are keeping cyber resilience at the top of board agendas.

Nigel Moden, EY Global Banking and Capital Markets Leader, said banks are navigating a pivotal period.

“Banks are facing a moment that demands both decisiveness and imagination. Traditional risks have resurfaced while technology driven threats are accelerating, and that combination is reshaping how CROs lead,” he said.

He added that institutions willing to act decisively can strengthen resilience and unlock the full value of AI and data while managing capability shifts within their workforce.

Despite growing technology ambition, implementation remains uneven. While 55 percent of CROs identify advanced technologies as a top priority, 72 percent report that AI adoption within the risk function is still in its early stages, a pace largely unchanged from last year.

Banks are most actively deploying AI in fraud and financial crime detection, where 61 percent report live applications.

AI is also being used to enhance cyber and operational risk monitoring, cited by 41 percent of respondents, and to support credit and market risk modeling, at 33 percent.

Data quality and availability remain the primary constraint, identified by 80 percent as the biggest barrier to broader AI deployment.

Tim Adams, President and CEO of the Institute of International Finance, said risk boundaries are increasingly blurred. “CROs are operating in a world where risks no longer sit in separate boxes.

“Cyber, technology transformation, fraud, financial crime and macro shifts are interconnected, and CROs are responding with stronger governance, better data and responsible tech deployment,” he said.

At the same time, talent pressures are intensifying. Thirty percent of CROs expect smaller risk teams over the next three years, nearly double last year’s level.

Digital capability is now considered the most critical skill set, cited by 71 percent of respondents. Adaptability is also rising in importance as geopolitical and technological shifts accelerate.

Automation is expected to play a larger role, with 64 percent planning to automate manual roles and 55 percent anticipating an increase in hybrid human AI positions.

Nearly four in five emphasize upskilling in data and AI as central to meeting rising expectations.

Digital assets are further expanding the risk perimeter. Cybersecurity risk related to digital assets is cited by 83 percent of respondents, while 78 percent highlight financial crime concerns.

Yet adoption remains cautious, with 60 percent of banks lacking a formal digital asset strategy.

Tom Campanile, EY Global and Americas Financial Services Risk Consulting Leader, said the CRO role has evolved beyond oversight.

“The role of the CRO has shifted. What was once oversight is now enterprise leadership. As banks balance credit pressures and emerging AI risks, CROs have an opportunity to move risk management from reactive to transformative,” he said.