1、UK Financial ServicesChief Risk Officer Survey 2026Contents01020304ForewordPage 3Key FindingsPage 4Priorities and Emerging RisksPage 7Risk Function MandatePage 1005060708Risks Remit and TeamPage 14Transformation of the Risk FunctionPage 19TalentPage 21TechnologyPage 24Foreword3Cybersecurity now sits
2、 at the centre of the risk agenda,not as a discrete technology issue but as a persistent operational threat with real-world consequences.Alongside it,operational resilience has moved from a regulatory concept to a practical test of execution.Firms are no longer judged on whether frameworks exist but
3、 on whether they hold under stress.What defines this moment is not the emergence of new risks but the expectation that existing risks are managed more visibly,consistently and with greater impact.Boards and regulators increasingly expect risk functions to influence decisions,not simply oversee proce
4、ss.The challenge for CROs is no longer defining the model but making it work across the organisation.Teneos survey of 40 UK Financial Services CROs during Q4 2025 shows a function in transition.Core governance structures and the three lines of defence remain in place,yet confidence weakens around em
5、beddedness,first-line ownership and the effectiveness of challenge.At the same time,risk teams are absorbing growing expectations around technology,third-party dependency and AI,often without equivalent increases in capacity.The response has been pragmatic rather than radical.Over the past year,firm
6、s have focused on strengthening foundations updating frameworks,enhancing stress testing and refining measurement.Looking ahead,the emphasis shifts to industrialisation:clearer risk appetite,stronger monitoring and increased use of automation to scale oversight without diluting judgement.Taken toget