Regulatory concerns are top of mind for bankers, risk officers, and other financial leaders nationwide. That’s the main message in key surveys released over the past several months. Coupled with persistent challenges in cybersecurity, which has remained a top concern over the past several years, operational risks, and rising costs, financial institutions (FIs) face mounting pressure to navigate these complexities.
Let’s examine these findings more deeply and explore strategies for effectively managing these evolving risks in 2025 and beyond.
Regulatory scrutiny is a recurring theme in industry surveys, with financial institutions feeling the squeeze of ever-changing compliance requirements in a fast-paced risk environment.
The 2024 Conference of State Bank Supervisors (CSBS) Annual Survey of Community Banks highlights this pressure: regulation tied with funding costs as the top concern for community bankers, with nearly 89% of respondents rating it as “extremely important” or “very important.” That’s a big shift from past years when many bankers adopted a more “wait and see” attitude about regulatory changes.
Why the shift? Rising regulatory expectations and deeper examinations are driving these concerns. According to the Risk Management Association (RMA) Chief Risk Officer Outlook Survey, CROs flagged increased scrutiny in key areas like governance and oversight, enterprise risk management, credit risk, fair lending, and concentration risk as significant factors.
Bank Director and Moss Adams’ 2024 Risk Survey backs this up, showing that 65% of banks have faced regulatory exams since Silicon Valley Bank’s collapse in 2023. Reuters also reported that bank supervisors are taking a more proactive approach to examining lenders’ risk management practices and increasing scrutiny.
Unsurprisingly, more than 75% of respondents—including directors, CEOs, risk officers, and senior executives—said they’re worried about regulatory risk. Evolving compliance requirements are also on the rise as a strategic challenge, jumping from 11% to 39% in just one year.
Although these surveys were conducted before the 2024 election, and it’s uncertain how the Trump administration might address regulatory oversight, one thing is clear: regulatory risk is here to stay. The second Trump administration may bring shifts in regulatory priorities, but compliance management will remain essential for financial institutions. While some regulations could see less emphasis or slower implementation, like Basel III Endgame or CRA reform, existing rules tied to consumer protection, privacy, and flood insurance are here to stay. Institutions must stay proactive, balancing evolving risks with effective compliance strategies to navigate regulatory changes, safeguard operations, and remain resilient in a dynamic environment.
The good news? The compliance management software can make a difference. By helping financial institutions track regulatory changes and stay ahead of requirements, it allows teams to streamline their processes and focus on what really matters.
For the past several years, cyber risk has been cited as the number one risk concern among banks, and 2024's survey results reflect this trend.
According to the CSBS, roughly 42% of bankers expect cybersecurity risks to pose the most difficult challenge to implementing new technologies over the next five years. Cyber risk was also the top cited risk among CROs, with 63% of respondents naming it a top-tier risk in RMA's survey. The EY/IIF global risk management survey reflected the same CRO sentiment, with cyber being the leading risk by 37%.
One reason cyber risk is such a major concern is that it includes multiple risks, from ransomware attacks to artificial intelligence and third-party vendor relationships.
The 2024 Risk Survey revealed that 95% of bank directors said they assess the cybersecurity practices of their banks' third-party vendors, while just 40% assess cybersecurity practices for fourth-party vendors. As financial institutions have learned from the Interagency Guidance on Third-Party Relationships: Risk Management, they are responsible for ensuring their vendors comply with applicable laws and regulations, further underscoring their cyber-related vendor risk concerns.
The problem: vendors are sending major red flags. According to respondents in RMA's Model Risk Management Survey, vendors still fail to explain the black-box components of their solutions. Just 3% of banks said vendors describe these "very well," while 97% said they did so "moderately well" to "not well at all."
There can be risk and unintended consequences when FIs aren't fully aware of their vendors' internal risk management practices and compliance standards. That's why they should closely monitor vendor relationships and address current or emerging red flags.
Related: How to Review Critical Vendors' Cybersecurity
Fraud remains a significant risk at financial institutions with fraudsters using sophisticated tactics. Among CROs, fraud was the second-most significant non-financial risk, reported by 44% of RMA survey respondents.
Almost two-thirds (62%) of financial institutions reported an increase in manipulation of authorized parties' incidents (where fraudsters use social engineering to convince someone to reveal sensitive information or transfer money to a fraudster’s account), according to the 2024 Payments Fraud Survey from the Center for Payments. More than half reported an increase in check fraud (58%) and debit card fraud (51%).
Financial institutions need to continue to strengthen their fraud management programs. They need to regularly assess fraud risk and determine whether existing controls are working effectively and if more or better controls are needed.
Operational risk, or the risk of financial loss when processes, people, or systems fail, is constantly changing. Multiple factors, including emerging technology like AI, fintech, and advanced cyber threats, contribute to an increased operational risk environment.
According to the Federal Reserve’s Supervision and Regulation Report released in November 2024, information technology/operational risk findings were the most cited category of outstanding issues for community banks.
Operational risk is also among the three main categories in the Office of the Comptroller of the Currency’s (OCC) 2025 Bank Supervision Operating Plan, highlighting areas examiners will focus on in the coming year. As part of its focus on operations, examiners will evaluate how banks manage risks related to change in operating environments and whether their governance and risk management practices are commensurate with the activities they’re participating in, from new products and services to staffing changes.
To address growing operational risk, the OCC and other regulators emphasize the importance of effective enterprise change management and operational resilience to mitigate risk from third-party issues, technology outages, and other events. An integrated risk management (IRM) approach is ideal to maximize these efforts.
The days of a siloed approach to risk management are long gone. Strategic and cross-disciplinary, IRM encourages a more holistic and dynamic approach so FIs can enhance their decision-making and respond more effectively when the risk environment changes.
Related: Integrated Risk Management 101: What and Why?
The fallout of Signature Bank and Silicon Valley Bank led to the "liquidity crunch" of 2023, forcing FIs to assess liquidity risk with contingency funding plans (CFPs) to avoid facing similar fates in the future.
The CSBS survey shows a notable decline in concerns about liquidity risk, with the percentage of bankers citing it as either "extremely important" or "very important" falling from 84% in 2023 to 78% in 2024. Furthermore, despite the Bank Term Funding Program (BTFP) ending in March 2024, many banks continue to maintain advances that support liquidity through collateralized securities.
However, liquidity is still a significant concern for many financial institutions and their leaders. According to the 2024 Risk Survey, liquidity risk-related concerns increased by 5% from last year. Many banks plan to implement liquidity management strategies, such as borrowing from the Federal Home Loan Bank or raising deposit interest rates.
This focus on liquidity risk is backed by CROs, with one-third of EY survey respondents citing liquidity risk as a top priority for next year. Two thirds (66%) view it as the primary financial risk, overshadowing other concerns like consumer credit and interest rate risk.
While the perception of liquidity risk has slightly improved, it remains a looming concern due to ongoing regulatory scrutiny and the ever-looming impact of major regional players that failed because of poor liquidity management.
Asset-liability management (ALM) will remain a key focus of regulators' exams. Ensure your FI regularly tests your CFP, takes stress tests seriously, and keeps your ALM risk assessment current.
Related: Compliance Strategy: Does Your Policy Need a Tune-Up?
Financial risk, including credit and capital risk, is another continued area of focus for regulators. According to the OCC's most recent Semiannual Risk Perspective, both commercial and retail credit risks are viewed as moderate and are expected to stabilize due to improved risk identification and management practices. The NCUA is also prioritizing credit, liquidity, and market risk in 2025, according to the letter outlining the NCUA’s 2025 Supervisory Priorities.
According to the CSBS survey, community banks are putting more emphasis on credit risk than last year, with 72% regarding it as extremely or very important.
In the RMA survey, CROs identified credit risk as the area where they most expected an increase in regulatory pressure in 2025, followed by capital risk, which was ranked fourth behind liquidity and third-party risk. The EY survey corroborated these findings. In 2023’s survey, 59% of CROs cited credit risk as a top-five near-term concern, making it the second-highest priority. In 2024, respondents maintained a similar level of concern, with 29% focused on wholesale risk and 25% on retail or consumer risk.
In early 2024, the Fed's outstanding supervisory findings at community and regional banks increased in areas related to credit risk and risk management, among others. Concerns in credit administration, asset concentration levels, and the adequacy of credit loss reserves contributed to this rise.
Overall, the landscape of financial risk is evolving, with increased attention on credit risk management and liquidity strategies essential for future stability.
Rising costs are the other central theme for emerging risks in 2025, along with increased regulatory scrutiny. From technology to compliance, FIs are concerned about the capital resources they're spending to thrive in a shifting environment.
According to CSBS, bankers are citing rising costs as some of their top concerns. Notably, 81% of respondents identified high technology costs as a significant external risk, reflecting an increasing trend over the past few years. In addition, compliance costs related to legal, accounting, and auditing have risen, partly due to new standards like the current expected credit loss accounting, further straining banks' budgets.
Also, many banks are changing fee structures in response to the Consumer Financial Protection Bureau (CFPB) 's crackdown on overdrafts and other consumer banking fees. The 2024 Risk Survey revealed that 40% of respondents are altering fees in anticipation of this scrutiny.
Concerns about staffing also exist, as many bank respondents in RMA's Model Risk Management Survey report being understaffed or lacking the necessary skills to manage model risk management (MRM) effectively. The high demand for quantitative talent has made it hard for even large banks to hire and retain these pros on staff. According to the EY survey, 66 percent of CROs say attracting and retaining talent will be increasingly difficult over the long term.
As FIs look to meet compliance expectations cost-efficiently and produce better products and services to meet their customers' expectations, using the right risk and compliance management software is crucial. Institutions can save valuable time, money, and human resources over the long haul by having a centralized solution for oversight, monitoring, and addressing risks.
Related: Compliance: Cost Saver or Cost Center
As the financial services industry evolves, so does technology. While artificial intelligence (AI) and fintech aren’t new to the space, more FIs are exploring emerging technologies and introducing new risks—and regulators are taking notice.
Earlier this year, the SEC cracked down on AI washing, which occurs when companies exaggerate or misrepresent their use of AI in marketing and communications. Generative AI is also becoming more common among FIs and their vendors, highlighting the importance of verifying the accuracy and reliability of AI inputs.
According to RMA’s MRM survey, 70% of respondents say their banks utilize some form of AI or machine learning (ML), often sourced from third-party vendors.
Emerging risks associated with AI and ML have become more prominent among risk officers. According to EY, usage risk has surged from 13% to 38%, while model risk has increased from 18% to 38% over the past year.
On the fintech side, approximately 33% of CSBS survey respondents reported regulatory compliance with fintech partners as a concern. Other challenges include competition from larger banks (28%) and even fintech firms (28%), the latter of which highlights the lingering competitive nature of fintechs and traditional financial institutions.
Despite the risks, many FIs are optimistic about emerging technology. Ninety percent of bank leaders who took the 2024 Risk survey expressed willingness to use AI for fraud prevention and alerts and 81% for cyberattack prevention and detection.
As FIs continue to explore the risks and rewards of AI and fintech, they will inevitably partner with more third-party providers. FI should ensure they successfully onboard vendors and fintech partners as they evaluate new partnerships.
Related: Webinar: Managing Third-Party AI Risk: What You Need to Know Today
Identifying and discussing emerging risks is not enough. Effective risk and compliance management software is vital as FIs navigate regulatory scrutiny and risk complexities. These tools streamline compliance, monitor regulatory changes, and improve vendor risk visibility, allowing institutions to focus on core operations while ensuring regulatory adherence and enhancing resilience in a dynamic environment.