Risk Benchmarking
Welcome to Risk Benchmarking, a new research service scrutinising op risk practices at a range of financial institutions. Each quarter, we’ll share some of the findings from one of four cohorts – G-Sibs, other banks, asset managers and insurers, and FMIs.
Participants get to see all the data – message us for details: benchmarking@risk.net
Bank ALM tech still dominated by manual workflows
Batch processing and Excel files still pervade, with only one in four lenders planning tech upgrades
Many banks ignore spectre of SVB in liquidity stress tests
In ALM Benchmarking exercise, majority of banks have no internal tests focusing on stress horizons of less than 30 days
Staff, survival days, models – where banks split on ALM
Liquidity and rate risks are as old as banking; but the 46 banks in our benchmarking study have different ways to manage them
Risk Benchmarking data
ALM Benchmarking: explore the data
View interactive charts from Risk.net’s 46-bank study, covering ALM governance, balance-sheet strategy, stress-testing, technology and regulation
Squashing CVA still dominates XVA desks’ priorities
Dealers favour options-based strategies to manage charges; some explore contingent CDSs amid rising exposures
Explore the data
ALM inequalities
In terms of core team sizes, bank ALM functions are all over the map: ranging from fewer than 10 at many large regional banks, and even some super-regionals, to 350 at one European G-Sib. At the average bank, one-quarter of staff is dedicated to setting policy, measurement and limits for IRRBB. The next biggest cluster is the 19% of staff engaged in data, technology and management information and reporting – which jumps to 25% at G-Sibs.
Check out a broad selection of the data from our full 46-bank ALM Benchmarking study here:
Enterprise risk
Fewer than half of banks rate their GRC vendor as ‘good’
Enterprise Risk Benchmarking study shows banks juggling multiple systems, adding costs and complexity
Most banks add ERM heads – but CROs keep control
Hiring tilts towards AI, cyber and model risk as enterprise risk’s remit grows faster than its reach
71% of banks automate escalation of appetite breaches
Automated processes are less common at banks where ERM sets overall risk appetite, research shows
North American banks outpace Europeans in ERM
New research shows US, Canadian banks have more developed enterprise risk management functions
Operational risk
Banks curb frequency of GRC vendor reviews
Data shows drop in plans to pitch or switch vendors, amid tighter third-party rules – but TPRM bucks the trend
In more than 90% of banks, second line tackles cyber risk
But some regulators would still like to see more 2 LoD risk staffing for infosec and IT disruption
Almost all banks mandate cyber security training
And unlike other risks, information security coaching moves the internal confidence dial
Regional banks favour scenario analysis over op risk modelling
Domestic and smaller regional players favour scenarios to gauge tail exposure; G-Sibs stick to modelling, for now
Top 10 Op risks
Top 10 op risks: AI arms race leaves risk teams playing catch-up
As firms invest for fear of being left behind, op risk managers urge caution on data, controls and access
Top 10 op risks: Why cyber risk looms larger than its losses
Fast-moving threat landscape and increased supplier concentration keep infosec top of the table
Top 10 op risks: For change management, the cloud is its own weather front
As lenders move legacy banking to the cloud, the risks of getting it wrong are exponentially greater
Top 10 operational risks for 2025
The biggest op risks as chosen by senior practitioners – and what they’re doing about them
XVAs
Squashing CVA still dominates XVA desks’ priorities
Dealers favour options-based strategies to manage charges; some explore contingent CDSs amid rising exposures
XVA desks prioritise core tech upgrades over AI
Vendor upgrades, cloud-native rebuilds and sensitivities tooling dominate 2026 budget road maps
XVA desks target capital in optimisation runs
US regulatory uncertainty leaves banks cautious on investing in new optimisation tools, Risk Benchmarking study finds
Almost two-thirds of banks now run XVAs on cloud
Risk Benchmarking study finds a majority of big dealers tapping cloud capacity, some exclusively, with others migrating
