People
Tim Roberts
Partner & Managing Director, UK Country Co-Leader
London
This paper draws on insights from our survey and in-depth discussions in 2025 with Chief Risk Officers (CROs) at financial services institutions in Europe. These perspectives highlight the strategic priorities, challenges, and forward-looking plans that are top of mind for CROs.
Several common themes and emerging trends have surfaced, which will set the tone for 2026 and beyond. An overarching takeaway is that CROs are increasingly sounding the alarm on nth-party risks – the potential vulnerabilities and threats introduced by indirect third-party relationships, such as vendors’ vendors, within a supply chain or extended ecosystem.
As financial services (FS) firms adopt more technology, automation, and cloud based services, their supply chains are becoming longer and more complex. This means they are exposed to risks that sit several layers deep, often in places they can’t easily detect or control. With regulators paying more attention to operational resilience and digital dependencies, managing nth-party risk is now a major focus area.
At the same time, FS firms are rethinking, far more regularly than was historically the case, how their Risk and Compliance teams should be organised. CROs across Europe are under increasing pressure to evolve their risk functions to respond to current and emerging risks (which are changing rapidly), accelerate digital transformation, and operate confidently in a complex regulatory environment.
Many FS firms are moving away from siloed models to build more integrated, adaptive functions, and there continues to be a shift towards far heavier focus on managing non-financial risks. They aim to integrate areas such as operational resilience, cyber, technology more broadly, and third-party oversight, enabling faster and more consistent response to new and emerging risks. CROs want Risk teams to be more data-driven, more embedded in the business, and better equipped to support business transformation and growth.
