Risk Management 2025
Risk Management Benchmarks 2025 – model banks analysis
Drilling into the data reveals patterns in risk prioritisation and department structure
Most central banks reviewed risk management in past year
Other aspects evaluated varied by risk team structure and departmental staff strength
Cyber and geopolitical risks are managers’ top risks
Geopolitical risks seen rising fastest, but cyber is the biggest concern currently
Central banks keep ISO 31000 and COSO-ERM as main approaches
Principles tend to vary slightly by central banks’ risk management philosophies
Central banks typically employ detailed business continuity plans
But institutional risk appetite is less commonly included, especially in Europe
A third of central banks lack key risk indicators
Most of those with KRIs conduct monitoring and employ feedback loops
Direct system breaches are top cyber risk
Main threats vary by cyber security staffing and economic groupings
Over 60% of risk departments face staff and resource shortages
Teams that face hiring challenges generally have to make do with smaller risk departments
One-fifth of central banks lack defined risk tolerance and strategy
But majority of respondents apply risk management principles to policies and processes
Adoption of governance, risk and compliance systems still partial
Respondents mention main service providers and plans to upgrade
Decentralised risk teams less likely to have chief risk officers
CROs are also less common at Asia-Pacific and European central banks
Credit and counterparty risk gains relevance as most covered risk
But central banks’ top risks vary by geographical regions
Centralised risk teams tend to have more sub-units
Size of central banks with climate change risk unit steadies at 12%
Financial and op risk divisions maintain largest staff
Upper-middle income nations tend to have different staffing priorities