Banks adopt AI to manage operational risks

Risk.net's 2026 Op Risk Benchmarking study - which drew record participation from 61 banks globally - found that four in five institutions now deploy AI to manage operational risks, per the publication's June 2026 report. The annual study tracks how banks assess, govern, and control exposure across the main categories of operational risk.

Cyber risk is the fastest-growing AI deployment area within operational risk, according to Risk.net's 2026 study. Banks are applying algorithmic tools to threat detection, anomaly monitoring, and fraud alerting. AI risk itself climbed to fifth place in Risk.net's Top 10 Op Risks for 2026 - up from a lower position in prior years - signaling that banks view AI simultaneously as a management tool and a source of new exposure.

Despite broad adoption, accountability for AI risk remains fragmented across many institutions, per Risk.net's companion reporting. Second-line risk functions are asserting ownership over AI governance but many banks lack controls commensurate with their deployment pace. Doubts about ROI are slowing deeper investment, particularly at regional banks with leaner model risk teams. No consensus has emerged on how to classify AI risk within established operational risk taxonomies.

The Risk.net finding aligns with concurrent surveys. The EY-IIF Global Bank Risk Management Survey documented banks racing to adapt governance frameworks to both traditional and emerging risks. The Cambridge Centre for Alternative Finance's 2026 Global AI in Financial Services Report found rapid AI deployment across financial services broadly. A recurring theme across studies is that AI deployment is outpacing institutional governance capacity.

Regulatory scrutiny of AI governance in banking is intensifying globally. Risk.net's related 2026 data shows risk appetite breaches climbing across cyber, resilience, and third-party risk categories - all areas where AI plays an expanding role.