The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

EY/IIF Global Bank Risk Management survey.

No longer defined by traditional oversight alone, CROs are now strategists, futurists, technologists and change agents rolled into one.

Cyber tops the agenda, again – but with new twists

Cybersecurity continues to dominate CRO priorities globally, fuelled by increasingly sophisticated attacks and expanding vulnerabilities across digital ecosystems. This year's findings highlight how cyber risk is now deeply intertwined with geopolitical tension, technology dependencies and third‑party exposure, meaning CROs need broader, scenario‑based thinking to get ahead of emerging threats.

Financial risks re‑emerge as volatility rises

After a period of relative calm, financial risks have climbed back up the agenda. Market uncertainty, shifting economic conditions and fast‑moving regulatory expectations are adding pressure on risk teams to strengthen frameworks and respond with greater agility. CROs report that achieving efficiency while preserving robust oversight is a mounting challenge. 

Regulatory change remains relentless

New global and jurisdiction‑specific rules continue to reshape the risk landscape. Compliance is still a major time‑intensive area, but the survey shows CROs are increasingly approaching regulation through a strategic lens, looking for smarter, tech‑enabled ways to manage obligations and unlock organisational value.

Seven roles every CRO must now master

The research points to seven distinct roles CROs must now embody to lead effectively in a world defined by interconnected risk types and persistent volatility, from crisis anticipator to data‑driven advisor. These roles reflect a shift from reactive guardrail to proactive business partner. 

Future‑fit capabilities are non‑negotiable

To stay ahead of tomorrow’s risks, CROs are prioritising:

• Critical thinking and multidisciplinary skills
• Advanced analytics and stronger data infrastructure
• Organisational agility across risk functions
• Intelligent automation and technology adoption

Together, these investments aim to create a risk function capable not only of managing today’s challenges but of confidently navigating what’s around the corner. 

Final takeaway

The message from this year’s survey is clear: uncertainty is now the defining feature of banking risk management. And the CRO sits at the centre of it, expected to guide strategic decision‑making, anticipate emerging threats and enable future‑ready transformation.

Read the full report here.