Risk Management
Benchmarks data reveals AI use gap in risk management
Central banks from the Americas are most concerned about deepfakes, data shows
Just under half of risk departments are sufficiently staffed
Units with satisfied staffing levels earn below global average annual salary
Mitigation and reporting are leading components of risk strategy
Decentralised teams more likely to embed philosophy in divisional decision-making
Most centralised risk teams prioritise cyber security
Decentralised teams primarily cover credit and counterparty, op and market risks
Risk policies widely reviewed by committee in larger teams
Central banks with larger teams favour risk committees over CROs
Middle income central banks have highest number of risk staff
But ratios of risk management employees to total headcount vary widely
BIS points to ‘structural transformations’ in markets
Quarterly review cites higher volatility and gold losing its status as a safe haven asset
Chief risk officers: a critical function or a distraction for central banks?
Institutions are divided on whether the role is needed, but it is becoming more common
Hedge funds scale back steepener positions as risks rise
Uncertainties around US Treasury issuance and timing of Fed rate cuts see investors trim ‘consensus’ trade
Risk Management Benchmarks 2025 – model banks analysis
Drilling into the data reveals patterns in risk prioritisation and department structure
Risk Management Benchmarks 2025 – executive summary
The benchmarks reveal an ongoing focus on cyber risk, but climate and AI risks are rising fast
Risk Management Benchmarks 2025 report – mind the techno-political gap
Responses show central banks’ shifting priorities as volatility increases
Privacy and security seen as greatest AI risks
Larger risk teams more likely to provide training to staff on risk types
Most central banks reviewed risk management in past year
Other aspects evaluated varied by risk team structure and departmental staff strength
Cyber and geopolitical risks are managers’ top risks
Geopolitical risks seen rising fastest, but cyber is the biggest concern currently
Central banks keep ISO 31000 and COSO-ERM as main approaches
Principles tend to vary slightly by central banks’ risk management philosophies
Central banks typically employ detailed business continuity plans
But institutional risk appetite is less commonly included, especially in Europe
A third of central banks lack key risk indicators
Most of those with KRIs conduct monitoring and employ feedback loops
Direct system breaches are top cyber risk
Main threats vary by cyber security staffing and economic groupings
Over 60% of risk departments face staff and resource shortages
Teams that face hiring challenges generally have to make do with smaller risk departments