Benchmarking
Two-thirds of central banks predict CBDC adoption in 5–10 years
Stablecoin launches seen as more likely by authorities without CBDC mandate
Central banks report 28 operational bitcoin ATMs on average
Jurisdictions with larger institutions have the most machines
CBDCs politicised in one in five jurisdictions
Public and private sectors mostly concerned about privacy of digital currencies
Fintech licences issued yearly remain below 10 on average
Number of fintechs in operation averages just over 60
Central banks keep trialling link between wCBDC and RTGS
Most respondents motivated to issue wCBDC to enable financial innovation
Majority of central banks still lack CBDC issuance powers
Legal mandates are scarce in both larger and smaller central banks
Two in five CBDCs designed to be programmable
Over half of respondents’ retail CBDC projects are at research phase
Some central banks expect CBDC to boost seigniorage
Result depends on design features of digital currency, with many central banks unsure of the outcome
Payment innovation is top fintech research priority
Recruitment and retention of talents is biggest tech challenge, but constraints vary somewhat by teams
Central banks facing fintech hiring challenges tend to have bigger teams
Private sector opportunity is most widely reported issue for fintech staffing
Risk Management Benchmarks 2026 – model banks analysis
Data breakdowns shed light on op risk drivers and incidents, AI use and department structures
Risk Management Benchmarks 2026 – executive summary
Benchmarks include new data on op risk, as well as the risk outlook, monitoring tools and more
Risk Management Benchmarks 2026 report – tracking op risk
Benchmarks include new data on op risk prevalence, drivers and monitoring tools
Risk management reviews are most common assessment method
Centralised teams are less likely to conduct external or management evaluations
UK’s Orange Book risk approach rarely used by central banks
Only three centralised risk management departments utilise principle
Privacy and security seen as top AI risk
Most risk managers more relaxed about potential financial losses caused by AI
Staff error is largest cause of op risk at central banks
Legacy systems tend to trigger most threats in jurisdictions with greater than average number of incidents
Op risk incidents average over 100 a year among central banks
Financial impact is risk managers’ strongest metric for gauging incidents’ severity
Phishing and ransomware are central banks’ main cyber threats
Teams widely use training, monitoring and privilege management to mitigate cyber threats
CBDCs versus instant payments
Are technological and ecosystem advances using CBDCs and instant payments complementary or substitutes?
Just under half of risk departments are sufficiently staffed
Units with satisfied staffing levels earn below global average annual salary