Royal Swinkels

Beyond the numbers: Shaping the future of Non-Financial Risk Management

Authors

Zeynep Deldag

EY Netherlands, Managing Partner Consulting, member of the Management Board
Michael Schut

EY Netherlands Partner Financial Services

Contributors

Bram van Sunder

3 minute read 13 Oct 2025

Related topics

Banking and capital markets

The EY Non-Financial Risk Banking Survey 2025 provides insights on evolving non-financial risk management in financial institutions.

In brief:

NFR functions remain primarily focused on operational risk and IT risk, with limited integration of model risk, behavioral risk, and compliance.
Over 75% of banks apply a partially centralized non-financial risk (NFR) governance with group-defined policies and execution both at group and local level.
Innovation in NFR is accelerating, banks are exploring potential applications of AI to assist NFR employees with their daily tasks.

Over the past years, the exponential increase in geopolitical, technological, and legislative developments, coupled with the ongoing need for operational efficiency and cost control, has prompted Chief Risk Officers (CRO’s) to reassess their non-financial risk management frameworks. The goal is to operate more effectively and efficiently, focusing on what truly matters and becoming more predictive.

The EY Non-Financial Risk Banking Survey 2025 (NFR Survey 2025) offers timely insights into how financial institutions can continue to evolve their non-financial risk management practices and strengthen the second-line function within their organizations.

This transformation is inherently multidimensional—encompassing governance enhancements, framework standardization, process optimization, data consolidation, and the strategic deployment of AI and emerging technologies. These forward-looking initiatives equip CROs and senior leaders to respond decisively and purposefully to shifts in the non-financial risk landscape and broader market dynamics.

EY Non-Financial Risk Banking Survey 2025

The EY Non-Financial Risk Banking Survey 2025 provides insights on evolving non-financial risk management in financial institutions.

Risk consulting services

Discover how EY's risk consulting team can help your organization embrace disruption and turn risk into a competitive advantage.
Read more

Top three key takeaways based on EY observations from the NFR Survey 2025

1. Streamlining the NFR Operating Model

Strengthen the NFR operating model with clear 1st–2nd line roles, defined responsibilities, and effective escalation mechanisms, thereby preserving consistent messaging to 1^st line and unlocking cost efficiencies.

2. Standardization & Automation of NFR activities

Standardize NFR processes across group, subsidiaries, and branches to enable automated consolidation and streamlined decision-making. An effective risk cycle must be standardized as much as possible yet accommodating product and location specifics.

3. Offshoring & Digitalization for efficiency

Explore the extent standardized tasks, including those currently offshored, can be accommodated by Agentic AI; shift simpler activities to virtual agents and offshore more complex NFR activities gradually.

EY developed a tailored survey questionnaire focused on various aspects of non-financial risk (NFR) management within international banking groups. The survey included over 114 questions, which were reviewed and validated for relevance and value-add by a global systemically important bank prior to broader distribution.

Survey period: February to June 2025
Feedback period for participating banks: April to July 2025
Report preparation period: July to September 2025

The survey targeted international banking groups with global operations and a majority classified as systemically important as of June 2025. Participating banks were headquartered in the United States, Canada, Europe (including the UK), and Australia.

Summary

In response to the increasingly complex and dynamic nature of the banking sector – driven by rapid geopolitical shifts, technological advancements, evolving legislation, and the constant pressure for operational efficiency – Chief Risk Officers (CROs) are re-evaluating their risk management frameworks. The 2025 EY Non-Financial Risk Banking Survey highlights best practices that support financial institutions in strengthening their non-financial risk management capabilities and enhancing the effectiveness of second-line functions.

The survey focused on five key pillars: Governance & Operating Model, Risk Taxonomy & Risk Appetite, Risk Cycle, Vendors & Tooling, Innovating NFR. These insights offer a strategic foundation for institutions aiming to future-proof their risk functions in an increasingly volatile environment.

About this article

Authors

Zeynep Deldag

EY Netherlands, Managing Partner Consulting, member of the Management Board
Michael Schut

EY Netherlands Partner Financial Services

Contributors

Bram van Sunder

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.