What keeps risk leaders up at night? From AI to cybercrime, the answers are evolving fast. The 2026 CRO Outlook Survey, written in collaboration with ProSight Financial Association, gathers insights from more than 140 leading risk practitioners across Global Systemically Important Banks (GSIBs), super-regional, regional, and mid-tier banks. The survey highlights the accelerating pace and interconnected nature of risks facing financial institutions today.
In a year marked by economic uncertainty, geopolitical tensions, and rapid technological advancements, the survey reveals a host of telling insights about where chief risk officers are most focused — and concerned. Ultimately, three key themes emerged, centered around technology and cyber risk, fraud and financial crime, and financial institutions’ use of artificial intelligence.
Technology and cyber risk top CRO concerns
Seventy-four percent of respondents cited technology and cyber risk as one of their top-five risk categories. CROs said an increased focus on digitalization and AI gives bad actors more potential entry points into banks and customer accounts, while legacy systems connected to new technologies create potential integration vulnerabilities. One large bank CRO noted that the web of third parties that banks rely on for digital banking services is an expanding attack surface for cyber exploits. At the same time, geopolitical risk (cited by 22% of respondents as a top risk) is a key driver of cyber risk, as nation-states attempt to exploit critical infrastructure such as financial services.
The interconnection of fraud, financial crime, and sanctions risk
While 55% of the respondents cited fraud and financial crime as a top risk — making it the second-most frequently identified category — they emphasized that it does not exist in isolation, and can interact with cyber risk, AI, and geopolitical risk. Cyber exploits such as phishing, deepfakes, and ransomware enable fraud, while geopolitical tensions drive state-sponsored cyberattacks and sanctions risk.
Banks shift AI adoption from pilots to production
While CROs have been taking a cautious approach to AI, they are now transitioning beyond the stage of running pilots. The survey found that 54% of banks have adopted AI in production, with 48% expecting to have the technology deployed in risk in the next two years. Leading risk use cases include report generation, anti-financial crime automation, quality assurance/quality control, and emerging risk identification. Still, AI risk frameworks are making it challenging for CROs to enable more advanced AI use cases: For example, only 12% of respondents described their AI governance and approvals framework as “highly developed.”
As risk leaders navigate a landscape shaped by speed, complexity, and convergence, the need for integrated, forward-looking strategies has never been greater. The insights from this year’s survey serve as a valuable compass for CROs steering through uncertainty — and positioning their institutions for what lies ahead.
