Financial and operational risks are accelerating at North America’s banks—fueled by sophisticated criminal schemes and by technology exposure tied to new offerings and complex third-party networks. In a ProSight virtual conference session that also drew on the 2026 ProSight CRO Outlook Survey, three chief risk officers laid out what they’re prioritizing right now. They also pointed to the need to strengthen risk governance infrastructure, data management, IT systems, and oversight of third-party relationships—while staying alert for signs of a downturn.
Taken together, their comments add up to a practical checklist for where risk teams can focus first—so the pace of change doesn’t outstrip governance and oversight.
Start with resiliency and the data behind your governance. James Lentino, EVP and CRO at Wintrust Bank, said the bank is focused on “resiliency and the maturity of our risk governance infrastructure,” including “the robustness of the data used across our businesses.” He said the bank is also working to understand “newer, emerging nontraditional banking opportunities,” including innovative AI use cases, banking-as-a-service partnerships, and growing customer interest in crypto and other digital-asset services. “Importantly, we are also working to manage the pace at which they’re coming at us,” he added, referring to those newer, emerging opportunities.
Treat tech risk, fraud, and financial crime as one connected problem. “Technology risk, fraud, and financial crime are top of mind for a lot of risk executives now, and they’re very much and increasingly interconnected,” Lentino said. “What’s changed is the speed at which attacks are evolving and the constantly changing attack vectors criminals use. It requires banks to invest more heavily in technology.”
Get more pointed on third-party and AI questions. Dawn Mugford, SVP and CRO at Norway Savings Bank, said her team is focusing on “our relationships with third-party vendors.” Her due-diligence prompts are worth borrowing: “Where are they using AI? Do we have all the right contracts? Do we have the appropriate risk mitigations to manage the breadth and depth of those relationships?”
Watch for downturn signals—and be ready to act early. Mugford put it plainly: “Just by nature of the credit cycle and the economic cycle, at some point it’s going to turn.” Her focus is preparedness—“the right mitigation, tools, and technologies in place, so that we see early warning indicators and respond appropriately.” Bradley Bender, SEVP and CRO at Truist Financial, shared two areas he’s monitoring: “Transportation and consumer discretionary spending … particularly among low-income borrowers,” adding, “we are seeing them under a bit more stress, so we have activated certain preventative measures.”
Govern AI before you scale it. Monitor before you open the floodgates. “Governance is where we’ve spent a tremendous amount of time,” Bender said, describing working groups that feed into “board governance to make sure there’s full visibility.” Lentino added a practical prerequisite at Wintrust: “A primary foundational element before you can move forward with application development is to invest in technology to monitor how it is used.” He cautioned that “many employees are anxious to have ChatGPT-like technology available to them,” so monitoring what employees send into and out of these tools needs to come first.
The takeaway: Tighten governance, data, and third-party oversight now—so new tools and partnerships don’t force you into catch-up mode later.
