Risk management is entering a decisive new phase. Digital transformation, AI disruption, and rapidly shifting market dynamics are redefining the role of the Chief Risk Officer (CRO) and risk functions across industries. What was once a control and compliance role is now evolving into a strategic leadership function—one that enables growth, drives innovation, and ensures resilience at enterprise scale.
Nicola (Nick) Sanna is Founder of the FAIR Institute and CEO of SAFE
A recent BCG study highlights this shift clearly. It shows how emerging risk analysis and fintech capabilities are not only transforming financial services but also creating new opportunities for CROs to modernize their risk functions through strategic partnerships. While the study focused on the financial services sector, the same revolution is at work in many other industries. The message is unmistakable: risk leaders who act now can shape the future; those who don’t risk being left behind.
I had the pleasure to participate in the study’s launch event in Milan. Here are some of my main takeaways.
Nick Sanna (second from left) at the BCG study launch event in Milan.
1. The Opportunity White Space Is Enormous
Despite significant growth, in financial services alone, fintechs currently account for only around 3% of total banking and insurance revenue pools. Large domains—such as lending, B2B infrastructure, and embedded finance—remain largely untapped.
For risk leaders, this represents a rare opening. Risk analytics companies are targeting exactly the areas where traditional institutions have long struggled: high complexity, inefficiency, and slow modernization. By collaborating with technology partners in these spaces, CROs can address long-standing challenges and leapfrog incremental change.
2. AI and Platformization Are Redefining the Risk Landscape
Risk analytics companies are pioneering AI-native and platform-based models, fundamentally changing how organizations operate. This evolution brings both opportunities and new risks:
- Opportunities to enhance detection, prediction, and decision-making through real-time data and adaptive intelligence.
- Challenges as new dependencies, regulatory scrutiny, and fast-evolving threat surfaces emerge.
Traditional, manual risk management approaches are ill-equipped for this environment. To keep pace, CROs must shift toward continuous monitoring, adaptive governance, and business-aligned risk intelligence.
3. CROs Can Emerge as Strategic Catalysts
In this new landscape, CROs have a chance to move from playing defense to leading transformation. This requires a change in posture:
- Partner strategically with risk analytics companies to fill capability gaps and accelerate modernization.
- Engage early in digital and AI initiatives to guide innovation with sound risk intelligence.
- Communicate in business terms, quantifying exposure and impact to inform strategic decisions at the board level.
When CROs operate this way, they stop being seen as bottlenecks and instead become enablers of innovation—helping their organizations pursue ambitious goals with confidence.
4. Quantitative Risk Models Are the Key Enabler
To fully capitalize on these technology partnerships, CROs need structured, quantitative risk frameworks that connect technical insights to business impact. Models such as FAIR (Factor Analysis of Information Risk) play a critical role by:
- Translating complex risk signals into clear financial impact statements.
- Prioritizing technology investments based on expected risk reduction.
- Stress-testing assumptions and exploring “what-if” scenarios to avoid blind spots.
- Enabling feedback loops that strengthen risk analysis over time.
Quantification ensures that risk management outcomes are measurable, defensible, and aligned with enterprise priorities—not just fast-moving experiments.
5. A Pragmatic Path Forward
While the opportunity is significant, successful tech partnerships require navigating real organizational and cultural hurdles: budget constraints, governance friction, integration challenges, and trust gaps. A phased approach can help CROs build momentum:
- Scan the risk analytics landscape for partners focused on risk, governance, and detection innovation.
- Pilot in a limited scope to demonstrate quick wins and build internal credibility.
- Apply risk quantification models (such as FAIR) to evaluate risk management performance and impact consistently.
- Scale successful pilots into core risk management processes with clear governance.
- Build strategic alliances with key vendors that continuously improve through shared data and feedback loops.
This is not about outsourcing risk management—it’s about amplifying risk leadership through strategic collaboration.
Conclusion: A Defining Moment for Risk Leadership
A risk analytics revolution is reshaping many industries (not just financial services), and risk sits at the critical intersection of innovation and resilience. CROs who embrace this moment—by forming smart partnerships, leveraging quantitative models, and stepping confidently into a leadership role—can turn risk into a true competitive advantage.
The future of risk management will belong to those who lead the transformation, not follow it.
Learn about cyber risk quantification with FAIR.
