An IRM study found that in H1 2025, 47% of organizations cited growth in digital risk management capabilities and 53% said AI and automation risk were the “fastest-growing concern”. This means that today’s Chief Risk Officers (CROs) require a continuous change in mindset. They can no longer offload or postpone technology decisions to their CTO colleagues, nor treat digital initiatives as afterthoughts or separate projects. They must themselves become technologists: technologists that can read and challenge functional requirements and architecture documents, understand cloud architecture, and build AI solutions within well-established guardrails.
The quiet but rapid change is already underway. A recent RSM survey shows that 91% of middle market executives employ artificial intelligence in at least one use case within their business practices, that said, only 53% believe they were only “somewhat” prepared for AI transition[1]. With this type of disconnect, CROs find themselves in a unique situation: It is where they can then position their function, and their role, as a driver of business decisions rather than the playing catch up and fighting for relevance.
The Technologist CRO: Core Competencies and Partnerships
To play this part, CROs need more than basic familiarity with usual tech concepts; they need a profound understanding of the latest technological developments and their implications. This means understanding not just GRC platforms or cybersecurity frameworks, but also the ins and outs of how AI models recommend decisions, how cloud architectures open new vulnerabilities, and how data moves throughout the organization, and in which format. The successful technologist CRO will be speaking multiple languages, able to talk to data scientists about model drift and to board members about regulatory concerns in the same day.
Collaboration with other members of the C-suite becomes even more necessary in the technology space. As Paul Mang, former global chief executive, analytics at Aon, explained in a 2019 interview: “The CRO’s role must include oversight of cybersecurity elements in a digitally connected world”[2]. And this goes now beyond just cybersecurity to cover all the emerging risks of AI tools. Furthermore, 93% of CROs say that managing the “increased speed of risk” requires a fundamental change of approach[3].
The technologist CRO also plays an important role in fostering – and then maintaining – digital risk awareness across the organization. This means developing adaptive training programs that help employees understand and identify AI bias, spot phishing attempts, and consider data privacy in their everyday decision making and tasks, in a seamless way. When risk considerations become naturally embedded at all levels of digital transformation, organizations can innovate with confidence, not fear or negligence.
Benefits of a Tech-Savvy CRO
The primary benefit of becoming a technology-enabled CRO is the positive impact that such a position can have. JPMorgan Chase’s COIN platform is just one data point but shows the magnitude of the benefits at stake, where a task that previously required 360,000 hours of legal review now takes seconds[4]. Efficiency is one aspect, but it’s the evolution of risk management’s contribution to the business that is most profound. The industry’s multi-faceted AI efforts, including fraud detection systems which averted $1 billion in Treasury check fraud in a single year[5], illustrate a shift in the CRO’s role from a cost center to a creator of value using technology.
Technology’s influence on risk management also manifests itself at the organizational level. The tech CRO moves faster with more precise data: Risk dashboards in real time, not point-in-time quarterly reports, with predictive modeling that flags potential issues before they become deeper problems. One European digital bank, for example, was able to stop 70% of fraud attempts[6] through their Defence Centre where both risk and technology intersects. On a personal level, the technology fluency of CROs also opens doors for them in terms of influence and career advancement. When they can show that they have the skills necessary to guide a company through digital transformation while also upholding risk discipline, the CRO moves from being a back-office monitor to a front-office advisor. The technologist CRO doesn’t just mitigate risk, they also propel innovation by creating, with their peers, processes that let the organization experiment safely.
.
Challenges of Transitioning to Technology-First
Although there are clear benefits to this transition, it is not without its challenges. Oliver Wyman articulates a central issue: AI risk doesn’t easily fit into silos. It’s a hybrid risk that straddles technology, cyber, model, compliance, and third-party risk domains[7]. As a result, it requires a new type of governance and operating model, one that is currently lacking in most organizations.
Another major hurdle is data quality. Bank of America, for example, spent $3.8 billion on technology in 2023[8]. CEO Brian Moynihan notes the bank has spent billions in recent years on “data cleanliness, data order, and getting the data in the right place”. Put simply, you can have the best AI models in the world, but without robust and reliable data, they’re useless, even dangerous.
And arguably, the biggest challenge of all is the skills gap. To drive this transition, CROs need a team that understands risk as well as technology, as they can’t single handedly do all the work. Unfortunately, this is a rare combination of competencies to find in the talent market. This leaves CROs with a difficult choice between costly external hires and time-consuming reskilling programs, with no guarantee.
Phased Upskilling
Success in making technology a part of your core engine, as a CRO, demands patience and iteration. Top-performing technologist CROs adhere to a structured journey that begins with taking stock of where they stand, not with a rush to action, be it training, certifications or a hiring frenzy. They map existing capabilities against what the business needs, prioritize quick wins and assemble cross-functional coalitions. As PwC points out, risk transition efforts must be business-led, built around business requirements rather than risk functions needs[9].
The next step is to experiment, understand how value is generated and whether it is sustained, and this can happen via pilots in select business units or geographies. These limited-scope initiatives serve as proof of value, when successful, and learning nuggets, when not meeting expectations. Through these, the technologist CRO overcomes budgeting challenges and instills scalable confidence across the organization.
The most successful changes view technology adoption as an iterative journey rather than a one-off event. They set up pipelines that continuously review new technologies, without fear or concerns, in secure environments such as sandboxes.
Future Perspectives
The changing role of the CRO, from operations manager to strategic advisor to technologist, is not just a temporary phase. It’s a permanent evolution that reflects the underlying change of the business world. Risk and compliance professionals who fail to adapt to this new reality will be left behind, and those who thrive will play a critical role in shaping the future of business.
Quantum computing, for example, has the potential to dramatically enhance risk modeling and scenario analysis, while also disrupting encryption. Advanced AI capabilities, evolving beyond pattern recognition to true reasoning, will become an essential tool for risk management, the main execution engine for up to 90% of oversight tasks. In the meantime, the regulatory environment will continue to evolve, maybe not as fast as technology, but with initiatives like the EU AI Act, eventually making technology risk management just as regulated as financial risk management is today.
As for the risk management function, its boundaries will continue to blur, becoming more and more integrated with other functions. If it doesn’t evolve to justify its relevance, it may become a victim of the digital revolution.
Technologist CROs must embrace the role of technologist, and proactively seek ways to build the capabilities, frameworks, and cultures that will allow their businesses to innovate responsibly.
[1] RSM Middle Market AI Survey 2025 | RSM
[2] The chief risk officer in 2025 – the trends you need to know
[3] RMA’s Annual CRO Survey Reveals Cybersecurity, Fraud, and Rapid Response as Key Banking Risks in 2025 | Press Release
[4] JPMorgan software does in seconds what took lawyers 360,000 hours | The Independent | The Independent
[5] AI tools helped Treasury recover billions in fraud and improper payments – Nextgov/FCW
[6] https://www.tietoevry.com/en/newsroom/all-news-and-releases/press-releases/2024/06/tietoevry-banking-reveals-digital-fraud-methods-in-new-report-covering-analysis-of-3.4-billion-transactions
[7] AI Risk: The Newest Non-Financial Risk Every CRO Should Be Preparing For
[8] Bank of America CEO on digital transformation: ‘There’s always more to go’ | Banking Dive
[9] A C-suite and workforce divided on risk | PwC Canada
This website uses cookies to ensure you get the best experience on our website.
Read our Privacy Statement & Cookie Policy
