Financial institutions have seen it all over the past 15 years: Heightened economic volatility, geopolitical instability, rapid technological disruptions and a shifting regulatory landscape have reshaped the risk environment. Risk management has climbed the executive agenda, yet the response has remained largely unchanged.
This mismatch has created a dangerous gap in readiness. According to our analysis, in just the last five years, global banks absorbed more than $15 billion in fines, even as they poured $60 billion each year into financial crime compliance.
The price of these penalties is more than financial – it reflects deeper structural issues.
Regulatory enforcement actions drive up operating costs, creating a burden for the big institutions and an existential threat for mid-sized players. Firms that have been taking a passive, reactive approach are on a treadmill of remediation, spending too much money and not seeing progress.
What’s clear now is that the old approach doesn’t work. The industry is nearing a tipping point. The path forward demands a smarter, more deliberate way of managing risk. It’s time to rethink the fundamentals and design risk into the business from the start.
Three Dimensions of Change
In June 2025, Accenture surveyed more than 200 senior finance, risk and compliance leaders from major North American banks. The results made a strong case for sweeping reinvention: Few respondents described their current risk management models as “future ready,” while about 40% admitted they’re not “fully prepared” for the next major crisis.
Accenture’s David Maya: “Time to rethink the fundamentals.”
In addition, despite recent moves by the new administration to reduce banks’ regulatory and compliance burden, more than 75% of respondents expect regulatory pressures to intensify, underscoring the need for fresh solutions to today’s challenges.
This is particularly true in the case of financial crime, which remains a bipartisan concern.
True transformation rests on three critical shifts: Risk management by design; data, analytics and technology; and talent.
The firms making progress across these areas are already outpacing their peers. Top performers (defined as being in the top 20% of average return on equity over the past three years) are more likely to take a proactive approach to risk, developing enterprise-wide, forward-looking strategies.
1. Risk management by design means embedding risk and compliance into every aspect of the business, from day-to-day operations to C-suite governance and decision-making. This includes integrating regulatory processes into the firm’s risk and control infrastructure and fostering a strong “risk culture.”
For example, one global bank scaled back its reliance on back-end processes and controls by embedding risk into product design. Other institutions have shortened cycle times in areas like scenario planning and credit risk management, while also improving client experience. Achieving this requires a significant redesign not only of the risk infrastructure, noted below, but also of decision-making processes and governance.
2. Successfully adopting risk management by design requires new tools. For larger institutions, a wide geographic footprint, diverse client segments and a broad product mix often complicate the picture, hindering access to timely, high-quality data to enable risk management decisions. Fewer than one-third of organizations report that they can effectively scale their technology platforms to meet evolving risk and compliance demands.
The good news is that tools and technologies, such as AI and cloud, are now available to address these structural and long-standing challenges. They deliver better insights and outcomes, from fewer false positives in fraud detection to faster, safer customer onboarding, improved alignment across fragmented regulatory requirements and significantly better decision-making in financial resource management. For example, one global bank saw a nearly 50% reduction in due-diligence processing times, an 80% reduction in the number of days to open an account and over 90% improvement in case quality by leveraging better data, generative AI and agentic AI.
3. All of this requires a very different mix of talent and skills from what financial institutions have traditionally relied on for risk management since the global financial crisis. That mix includes qualified data and prompt engineers to automate everything from routine tasks to high-level analysis, as well as risk experts to generate insights from those analyses. It also requires integrators to connect dots across risk stripes and enable enterprise-wide risk decisions.
Beyond hiring, it will likely require upskilling or reskilling existing talent to fully leverage new technologies and approaches. More importantly, it may call for a culture that promotes cross-functional collaboration and outcome-driven innovation – traits that many organizations have long lacked.
Why Now? The Cost of Inaction.
What the industry has been doing isn’t working. Traditional, reactive models of risk management are no match for the pressures banks face today.
The good news here is that banks are not starting from scratch. They have nearly two decades of lessons since the global financial crisis, and they now have advanced technologies such as AI and cloud to fundamentally improve how risk is managed.
The imperative is clear: Embed risk management into core management of the firm, apply advanced technologies, and cultivate the right talent mix to shift from defense to resilience. For institutions that fail to act, the cost of inaction will only grow – steeper, more unforgiving, and harder to recover from.
David Maya is a Senior Managing Director at Accenture and leads the firm’s Finance Risk Compliance practice in North America, serving Fortune 500 firms across financial services, communications, technology and life sciences. He has extensive experience in a broad set of sectors within financial services, with significant depth in wholesale banking, including corporate banking, capital markets, securities services, and transaction banking. He previously led Strategy at Citi’s and subsequently JPMorgan’s transaction services businesses.
Topics: Enterprise, Data, Career Trends