The evolving threat landscape: How is risk management changing in financial services amidst emerging technology and shifting regulation?

1. What is currently the top risk for your organisation? [select one option]

Data privacy
Cyber threats
Fraud
Rolling out advanced technologies e.g. Generative AI, Agentic AI, advanced analytics, etc.
Shifting regulation
Geopolitical instability
Operational resilience challenges
Outdated / legacy technology
Climate change / ESG/ environmental risks
Labour shortages / skills gap

2. What are the biggest risks for your organisation in rolling out advanced AI as part of your risk management strategy? [select top three]

Cybersecurity and data privacy
Biases / ethical considerations
Governance issues / evolving regulation
High costs
Poor management of AI projects / systems
Explainability and transparency
Impact on jobs / labour market
Lack of skills
Inefficiencies e.g. hallucinations, incorrect insights
Intellectual property issues

3. Which of the following AI governance challenges is your organisation currently facing? [select all that apply]

Unclear or evolving regulatory requirements
Difficulty finding secure third-party providers
Poor governance frameworks
Lack of budget / resources
Lack of coordination across departments
Lack of transparency / explainability
Lack of skills / training
Aligning AI systems with existing compliance standards
Difficulty defining responsibility for AI-driven decisions
Balancing innovation with regulatory compliance

4. Where is your organisation on its journey to rolling out advanced AI for risk management? [select the most appropriate answer]

We have rolled out advanced AI across our entire risk management strategy and plan to continue implementing new iterations of the technology as it develops
We are fairly advanced, with many areas of our risk management strategy utilising the technology, but there is still some progress to be made
We are in the early stages of rolling out the technology as part of our risk management strategy
We haven't rolled out the technology as part of our risk management strategy, but plan to in the near future
We haven't rolled out the technology at all as part of our risk management strategy and don't plan to in the near future

5. Which of the following are currently a barrier to scaling advanced AI for your risk management strategy? [select all that apply]

Data quality / data silos
Data privacy concerns
Inadequate infrastructure for AI systems
A lack of clarity around regulation / evolving regulation
Lack of skills / talent
Lack of knowledge / understanding of where AI best fits into risk management
Legacy technology
Budget / costs
Lack of leadership buy-in / resistance to change
Cyber security concerns

6. What are the biggest challenges in maintaining compliance amid evolving global regulations? [select top three]

Shortage of compliance expertise
Difficulty coordinating compliance teams / regulatory standards across different geographies
Fast pace of regulatory shifts / new regulation
Complexity of new regulation
Balancing local rules with global standards
Auditing team/processes struggling to keep up with complexity of evolving regulation
Lack of resources / budget
Over-reliance on manual compliance processes
Legacy systems
Responsibility for compliance falls only on the compliance team, rather than being a company-wide responsibility

7. Which of the following methods and technologies is your organisation rolling out to ensure regulatory compliance with operational resilience standards? [select all that apply]

Threat intelligence sharing
Third-party risk mapping
Established an incident response process
Clear IT risk management framework
Employee training / upskilling
GenAI-powered business continuity and resilience technology
End-to-end risk and compliance platform
Establishing impact tolerance
Process mapping
Stress testing
Analytics for operational performance and identifying possible sources of disruption

8. What are the biggest challenges for your organisation in successfully addressing cyber / tech risks? [select top three]

Lack of cyber skills / talent
Lack of employee cyber awareness
Integrating AI and other advanced tech with existing legacy systems
Budget / costs of implementing new technology
Lack of risk management tools for cybersecurity
Unclear cybersecurity governance and framework
Lack of scenario testing
Increased cyber threat / constantly evolving cyber threat landscape
Heightened sophistication of cyber attacks
Lack of effective incident response plan

9. How do you expect the allocation of risk management budget / resources to change over the next 1-2 years amidst geopolitical shifts? [select the most appropriate answer]

We plan to increase our risk management budget to address emerging risks
We expect no significant changes to our risk management budget
We anticipate a reduction in risk management budget

10. How do you expect AI to shape financial risk management by 2030? [select the most appropriate answer]

AI will be fully integrated into risk management, with minimal human oversight needed
AI will significantly enhance risk management, but human oversight will remain essential
AI will be widely used, but regulatory and ethical concerns will limit its applications
AI adoption will continue to grow, but traditional risk management approaches will still dominate
AI will have a limited role in financial risk management due to regulatory and operational constraints

First Name

Last Name

Job Title:

Organisation name:

Email:

Country:

Telephone:

By ticking this box you are agreeing to provide FStech (and its publisher PPL) with your contact details. These details may be used by the publisher to distribute email news, provide information and updates. This information will not be provided to third parties (except the sponsor of this particular survey Riskonnect). Please note that all data is stored on EU-based storage systems, and that all PPL electronic communications have an unsubscribe function. In addition by checking this box, I confirm that I would like to receive communications and information regarding products, services and events from Riskonnect. I understand that I may withdraw my consent at any time.