Given today’s evolving competitive, regulatory, and risk landscapes, the enterprise risk management (ERM) functions at financial services firms are in the midst of a transition. Against this dynamic backdrop, leading ERM models leverage their firmwide perspective to strategically position their organizations to manage downside risk while exploiting upside opportunities.
Toward this goal, ERM functions are sharpening their capabilities by simplifying processes, actively incorporating artificial intelligence (AI)—generative AI (gen AI) in particular—into their programs, and investing heavily in talent.
“Given the world we live in and how the industry is evolving, standing still is not an option,” says Kim Persaud, managing director and head of ERM strategy, risk frameworks, and engagement, at Citigroup.
“ERM teams may have built great capabilities that have served them well,” she says. “But teams need to evolve those capabilities to be relevant for the risks and opportunities banks are facing today.”
That need for evolution is no longer theoretical. In light of this shift, ProSight, Oliver Wyman, key risk leaders such as Citi’s Persaud, and a working group with representatives from more than 25 North American financial institutions examined ERM in practice. The collaboration surveyed Category I to IV banks about their current ERM function and future plans. The results are summarized in a new ProSight research report, “From Serious Cartographer to Strategic Navigator: The Evolution and Future of ERM in Financial Services.”
Risk Leaders Share What’s Driving Change Now
As uncovered in the survey results, ERM functions historically served as the primary second line oversight for enterprise-wide processes such as risk identification or risk appetite, or as an incubator to establish frameworks for nascent risks such as climate or AI adoption. Today, that remit is expanding. ERM teams are sharpening their focus on business impact, scalability, and risk efficiency. These new objectives call for greater investment in automation and advanced tooling.
“Banks are entering a period where strategy, technology, and risk are increasingly inseparable,” says Avani Parekh, senior vice president and executive risk advisor at TD Bank. Parekh was also a leading adviser on the project.
“As decisions around growth, digitization, and operating models accelerate, ERM practices will be tested in their ability to inform those decisions in real time,” Parekh says.
Parekh agrees that the ERM function cannot be static.
“The next few years will test not whether ERM frameworks exist, but whether ERM can keep pace with how quickly decisions and risk are evolving,” she adds. “What once felt like an extreme or improbable set of risk scenarios is now uncomfortably closer to reality. That realization is part of why ERM needs to evolve—from documenting what we know, to helping leaders prepare for what’s hard to predict.”
In fact, speed to decision is a key factor underpinning the focus of several survey respondents when addressing refreshing core ERM programs to remove multiple layers of reviews or approvals, extensive documentation requirements, and an over-emphasis on comprehensiveness without risk stratification. These tendencies lengthen cycle times, reduce the relevance of program output, and slow decision-making, all of which can prove problematic in today’s fast-moving and complex environment, respondents say.
The survey and report analysis identified AI, particularly gen AI, as a potential solution, positioning ERM teams to move beyond backward-looking risk assessments to more proactive scenario analysis and issue identification. Used effectively, this technology can empower business leaders and risk managers to anticipate disruptions, identify risk hotspots, and prioritize actions based on probabilistic insights.
The report emphasizes that even as the ERM function relies on technology and gets operationally leaner for “navigation,” team leaders can’t forget its pedigree. ERM must retain the foundational strengths of a “cartographer past”—discipline, rigor, and consistency.
The difference is one of orientation. Where ERM once focused primarily on mapping risks, its value today is increasingly realized through navigation: helping leaders understand trade-offs, anticipate uncertainty, and make informed decisions in the face of change.
“As the old world order reconstitutes itself, it’s more important than ever for ERM teams to help the organization stick to its core risk management principles, mobilize and act with agility, and proactively manage change,” says Citi’s Persaud.
How To Use the Report
In this concise report, ProSight, Oliver Wyman, and the risk leaders synthesize survey results to bring greater understanding to the shift in the ERM function and how ERM leaders can act. The report is not exclusive to ERM personnel and can be used to inform the entire organization about the valuable role of ERM, offering insight to the board and executives, to MDs and non-managers, and distributed across business lines.
“For years, ERM’s success was measured by how well it could map risks across the enterprise. Today, that’s no longer enough,” says Parekh. “This work reflects the shared recognition that ERM’s value is realized when risk insight shapes an organization’s real decisions—not just ERM reports.”
“In a world defined by faster change, greater interconnectedness, and less certainty, that shift matters more than ever,” Parekh adds. “This shareable report captures what that next chapter looks like in practice.”
And since ERM practitioners put special emphasis on the need to upskill their teams, the piece could be especially beneficial for human resources departments. As the report stresses, there is a real demand for team members who bring clarity to emerging risks and engage strategically with business and risk leaders on technical risk topics. Leading ERM teams blend these backgrounds, along with an understanding of AI applications, to drive collaboration with data scientists and technology teams.
Ultimately, this is a report intended to ease the path for change. With that in mind, participating risk leaders advise that organizations manage this transition in an authentic and disciplined way.
“It’s potentially going to feel overwhelming. What to change; what order to change it, how to get teams on board; how to sell the approach up and across the organization,” says Persaud. “While it might be easier to just copy what others are doing, making this pivot will land better if it’s grounded in what your organization wants to be. Link the work to the strategic priorities for your firm, not just any firm. That will help teams prioritize where to start evolving first. It will be easier to get engagement and buy-in.”
By: Rachel Koning Beals
