Risk Benchmarking

Data-driven intelligence for risk and finance professionals

Enterprise risk

Operational risk

Top 10 op risks

XVAs

Charts

About

Schedule

Welcome to Risk Benchmarking, a new research service scrutinising op risk practices at a range of financial institutions. Each quarter, we’ll share some of the findings from one of four cohorts – G-Sibs, other banks, asset managers and insurers, and FMIs.

Participants get to see all the data – message us for details: benchmarking@risk.net

A glowing 3D rendering of a golden dollar sign sitting on the top of a circuit board

XVAs

XVA desks prioritise core tech upgrades over AI

Vendor upgrades, cloud-native rebuilds and sensitivities tooling dominate 2026 budget road maps

XVA desks target capital in optimisation runs

Almost two-thirds of banks now run XVAs on cloud

Most banks stick to tried-and-trusted XVA models

Blue transparent arrow standing out among metallic ones, showing decisive direction of travel

XVAs

XVA desks target capital in optimisation runs

US regulatory uncertainty leaves banks cautious on investing in new optimisation tools, Risk Benchmarking study finds

A cloud, representing cloud computing, has flowing lines moving through it to represent usage

XVAs

Almost two-thirds of banks now run XVAs on cloud

Risk Benchmarking study finds a majority of big dealers tapping cloud capacity, some exclusively, with others migrating

Risk Benchmarking data

Foreign exchange trading graph lines superimposed over computerised rendering of a flattened map of the earth

XVAs

Most banks stick to tried-and-trusted XVA models

Black Scholes- and Heath-Jarrow-Morton-based approaches dominate, with some exploring Copulas for wrong-way risk, post-Archegos

Abstract montage of financial chart data

XVAs

XVA Benchmarking: explore the data

Take a deep dive into the findings of our 30-bank study, with interactive charts covering XVA optimisation, regulation and tech stacks

Explore the data

Two-speed FRTB

European banks are four times more likely to incorporate the Fundamental Review of the Trading Book into their XVA capital calculations versus their North American peers – reflecting the US’s continued delays in implementing Basel principles. The EU is set to go live in 2027 – but some of its banks are already factoring the potentially hefty portfolio impacts into calculations.

Take a deep dive into the findings of our 30-bank XVAs study, with interactive charts on optimisation, regulation and tech:

Explore the full dataset

Enterprise risk

Enterprise risk

Fewer than half of banks rate their GRC vendor as ‘good’

Enterprise Risk Benchmarking study shows banks juggling multiple systems, adding costs and complexity

By Michael Paterakis

Customer satisfaction rating of three-and-a-half stars out of five

Enterprise risk

Most banks add ERM heads – but CROs keep control

Hiring tilts towards AI, cyber and model risk as enterprise risk’s remit grows faster than its reach

By Fabio Santos

Enterprise risk

71% of banks automate escalation of appetite breaches

Automated processes are less common at banks where ERM sets overall risk appetite, research shows

By Jin Ye

Enterprise risk

North American banks outpace Europeans in ERM

New research shows US, Canadian banks have more developed enterprise risk management functions

By Alex Krohn

Operational risk

Operational risk

Banks curb frequency of GRC vendor reviews

Data shows drop in plans to pitch or switch vendors, amid tighter third-party rules – but TPRM bucks the trend

By Tom Osborn

Pen hovers over calendar, as person hesitates to write on it

Operational risk

In more than 90% of banks, second line tackles cyber risk

But some regulators would still like to see more 2 LoD risk staffing for infosec and IT disruption

By Fabio Santos

Operational risk

Almost all banks mandate cyber security training

And unlike other risks, information security coaching moves the internal confidence dial

By Fabio Santos

Operational risk

Regional banks favour scenario analysis over op risk modelling

Domestic and smaller regional players favour scenarios to gauge tail exposure; G-Sibs stick to modelling, for now

By Jin Ye

Top 10 Op risks

Risk management

Top 10 op risks: AI arms race leaves risk teams playing catch-up

As firms invest for fear of being left behind, op risk managers urge caution on data, controls and access

By Menghan Xiao

Risk management

Top 10 op risks: Why cyber risk looms larger than its losses

Fast-moving threat landscape and increased supplier concentration keep infosec top of the table

By Paulina Pielichata

Risk management

Top 10 op risks: For change management, the cloud is its own weather front

As lenders move legacy banking to the cloud, the risks of getting it wrong are exponentially greater

By Luke Clancy

Risk management

Top 10 operational risks for 2025

The biggest op risks as chosen by senior practitioners – and what they’re doing about them

By Risk.net staff

XVAs

XVAs

XVA desks prioritise core tech upgrades over AI

Vendor upgrades, cloud-native rebuilds and sensitivities tooling dominate 2026 budget road maps

By Jonathan White

XVAs

XVA desks target capital in optimisation runs

US regulatory uncertainty leaves banks cautious on investing in new optimisation tools, Risk Benchmarking study finds

By Michael Paterakis

XVAs

Almost two-thirds of banks now run XVAs on cloud

Risk Benchmarking study finds a majority of big dealers tapping cloud capacity, some exclusively, with others migrating

By Jonathan White

XVAs

Most banks stick to tried-and-trusted XVA models

Black Scholes- and Heath-Jarrow-Morton-based approaches dominate, with some exploring Copulas for wrong-way risk, post-Archegos

By Fabio Santos

Chart with multiple lines of duplicated financial data

XVA desks prioritise core tech upgrades over AI

Vendor upgrades, cloud-native rebuilds and sensitivities tooling dominate 2026 budget road maps

XVA desks target capital in optimisation runs

Almost two-thirds of banks now run XVAs on cloud

Most banks stick to tried-and-trusted XVA models

XVA desks target capital in optimisation runs

Almost two-thirds of banks now run XVAs on cloud

Risk Benchmarking data

Most banks stick to tried-and-trusted XVA models

XVA Benchmarking: explore the data

Explore the data

Two-speed FRTB

Enterprise risk

Fewer than half of banks rate their GRC vendor as ‘good’

Enterprise Risk Benchmarking study shows banks juggling multiple systems, adding costs and complexity

Most banks add ERM heads – but CROs keep control

71% of banks automate escalation of appetite breaches

North American banks outpace Europeans in ERM

Operational risk

Banks curb frequency of GRC vendor reviews

Data shows drop in plans to pitch or switch vendors, amid tighter third-party rules – but TPRM bucks the trend

In more than 90% of banks, second line tackles cyber risk

Almost all banks mandate cyber security training

Regional banks favour scenario analysis over op risk modelling

Top 10 Op risks

Top 10 op risks: AI arms race leaves risk teams playing catch-up

As firms invest for fear of being left behind, op risk managers urge caution on data, controls and access

Top 10 op risks: Why cyber risk looms larger than its losses

Top 10 op risks: For change management, the cloud is its own weather front

Top 10 operational risks for 2025

XVAs

XVA desks prioritise core tech upgrades over AI

Vendor upgrades, cloud-native rebuilds and sensitivities tooling dominate 2026 budget road maps

XVA desks target capital in optimisation runs

Almost two-thirds of banks now run XVAs on cloud

Most banks stick to tried-and-trusted XVA models

Op Risk Benchmarking 2025

Our benchmarking service compares bank op risk frameworks – from staffing to AI safeguards, key controls to board reporting packs.

You are currently on corporate access.