The CRO’s mandate: Driving agility through innovation

Risk management has changed. Once seen as a back-office safeguard, it has now become a strategic lever; one that is central to agility, competitiveness, and institutional resilience.

Today’s banking environment is defined by a complex web of regulatory change, cyber threats, and geopolitical instability. In this high-stakes context, operational agility is no longer optional. It is foundational.

Within financial institutions, Chief Risk Officers (CROs) stand at the forefront of this shift. Armed with new technologies, they are reimagining how their respective institutions identify, assess, and respond to risk. The focus is moving decisively from reactive defence to proactive foresight. The result: stronger resilience and a more adaptive, forward-looking risk posture.

Technology as a strategic enabler

Technology is driving this evolution. CROs are deploying a powerful toolkit to modernise risk management, with artificial intelligence (AI) at its core – particularly generative AI, which is transforming functions from data management and risk modelling to compliance monitoring and credit assessment.

According to the 14th annual EY/IIF global bank risk management survey, 59% of CROs are already using AI for fraud detection, 44% for compliance, and 40% for credit risk. As AI becomes embedded into business processes, risk teams are responding with sharper predictive insights, faster interventions, and greater precision.

Beyond AI, advanced data analytics is helping banks uncover patterns and pre-empt emerging threats. Big data tools are enhancing early warning systems, enabling more targeted responses. With real-time analytics and predictive modelling, CROs can dynamically adjust risk appetites, tighten credit standards, and reallocate resources based on live, organisation-wide data.

Cybersecurity is another key pillar. Financial institutions are investing heavily in next-generation defences: real-time threat detection, penetration testing, and incident response frameworks. In a hyper-connected world, cyber resilience is fast becoming a strategic necessity.

Transformation friction: Barriers to progress

Despite clear benefits, the shift to tech-enabled risk management isn’t frictionless.

A key barrier is regulatory lag. Supervisory frameworks often struggle to keep pace with innovation, creating a “regulatory gap”. This disparity can create friction and slow down the adoption of innovative solutions. A recent Mckinsey report found that 30% of banks struggle with the implementation of digital transformation initiatives. Alongside the regulatory challenge is the fact that banks have substantial legacy systems that are ill-equipped to operate in today’s digital environment. The same report found that the average age of bank IT systems for universal banks is 14 years compared to three years for the average digital bank.

The first step for any proactive CRO seeking to effect change is to assess the institution’s technology stack. How extensive are legacy systems, in what areas, and what needs to be prioritised to begin modernisation?

Talent, culture and the human factor

Equally pressing is the talent challenge. While automation reduces some manual work, success still hinges on human expertise. Banks urgently need professionals who combine digital fluency with deep risk domain knowledge. Cybersecurity specialists, in particular, are in high demand and short supply.

Equally critical is culture. The ability to embed a risk-aware mindset across the organisation is what ultimately makes transformation stick.

As one CRO at a European stock exchange noted at RiskMinds International 2024: “People talk about culture a lot, but in my mind, I think it's the single biggest thing that you need to get right. If you are able to get a risk mindset permeating across the organisation, I think at that point you have a much better chance to actually get change happening in an agile way.”

However, culture can also be undermined by automation if caution is not exercised. CROs at RiskMinds International 2024 warned that the intersection of regulation and digitisation, particularly in areas like credit approval, could create “black-box” processes that meet regulatory requirements but lack human oversight.

Without intentional design, this could erode accountability and risk culture.

In order to thrive in this new era, banks must take a holistic approach. That means embedding advanced technologies while at the same time enhancing compliance frameworks and fostering a risk-aware culture at every level. As reported by Fintech Weekly, senior leadership has to “articulate expectations about the company’s vision for technological advancement and determine if there is appropriate staff in place who are empowered to follow through with the agenda.”

Tech priorities for 2025

To lead effectively, CROs must not only harness emerging technologies but also actively manage the risks they introduce: bias in algorithms, generative AI hallucinations, opaque decision-making, data privacy concerns to name just a few.

Some of the top technology priorities for CROs in 2025 include:

• Implement comprehensive AI governance to address both the benefits and ethical risks of AI-driven systems
• Incorporate cyber resilience and robust digital identity protection as core components of a risk strategy
• Expand the use of cloud-driven analytics for global data sharing, regulatory compliance, and real-time insights
• Position risk management as a strategic partner to the business, embedding technology throughout the risk lifecycle

Cloud computing and integrated risk platforms are also helping to break down data silos, improve collaboration across business units, and enable more cohesive, enterprise-wide risk management.

Cross-border payments: Innovation in action

One area where universal banks are actively leveraging digital innovation is in cross-border payments, with global flows expected to reach $290 trillion by 2030.

In January 2025, Swift launched an AI-enhanced fraud detection capability to help the global payments industry counter cyber attacks – part of a broader initiative involving more than 11,500 institutions exploring AI-driven solutions to cross-industry challenges.

J.P. Morgan highlights four key innovations transforming the experience as businesses turn to banks and fintechs for faster, transparent, secure payment solutions:

• APIs for real-time FX – enabling better risk management and pricing
• Enhanced visibility – Swift GPI, validation services and virtual account management are helping improve transparency
• Virtual accounts – using virtual accounts eliminates the need for businesses to have local accounts, helping them more effectively manage global cash flows on one centralised platform
• Partnerships and blockchain – solutions like J.P. Morgan’s Kinexys help improve liquidity, streamline settlements and boost visibility in international trade.

Citigroup’s view is that APIs are fundamental to enhancing digital client experiences.

They are the backbone of real-time solutions, ensuring seamless integration and delivering real-time rates, transaction tracking, and AI-driven advisory services directly to client interfaces. The US bank points out that the highly regulated nature of the financial sector necessitates “absolute accuracy in AI-generated responses”, which it has yet to consistently achieve.

Nevertheless, Citi is conducting more than 60 AI experiments within its Services business to understand and harness its potential.

In the short to mid-term, Citi regards the shift towards 24/7/365 operations as the most impactful innovation, with the bank embracing 24/7 clearing capabilities. This is helping Citi significantly enhance payment speed and accessibility.

Leading with technology, anchored in culture

CROs are no longer gatekeepers, they are catalysts for change. As they embed technology throughout the risk function, they are reshaping risk management into a strategic enabler of growth and resilience.

However, success will depend on more than just tools. A strong risk culture, clear governance, and cross-functional talent are critical for ensuring that innovation does not outpace control.

The future of risk management in banking will be defined by the ability to strike this balance. Done right, technology won’t just protect institutions, it will empower them to lead with confidence in an increasingly complex world.

Join the Cyber Risk, AI, and Technology Resilience Summit and discuss innovation challenges with risk leaders and industry experts at RiskMinds International.