Risk Management 2025
Privacy and security seen as greatest AI risks
Larger risk teams more likely to provide training to staff on risk types
Central banks typically employ detailed business continuity plans
But institutional risk appetite is less commonly included, especially in Europe
A third of central banks lack key risk indicators
Most of those with KRIs conduct monitoring and employ feedback loops
Direct system breaches are top cyber risk
Main threats vary by cyber security staffing and economic groupings
Over 60% of risk departments face staff and resource shortages
Teams that face hiring challenges generally have to make do with smaller risk departments
One-fifth of central banks lack defined risk tolerance and strategy
But majority of respondents apply risk management principles to policies and processes
Adoption of governance, risk and compliance systems still partial
Respondents mention main service providers and plans to upgrade
Decentralised risk teams less likely to have chief risk officers
CROs are also less common at Asia-Pacific and European central banks
Credit and counterparty risk gains relevance as most covered risk
But central banks’ top risks vary by geographical regions
Centralised risk teams tend to have more sub-units
Size of central banks with climate change risk unit steadies at 12%
Financial and op risk divisions maintain largest staff
Upper-middle income nations tend to have different staffing priorities