2026 Risk Survey: AI Exposes Threats, Knowledge Gaps

Adoption of artificial intelligence tools by banks ramped up in 2025, with AI-enabled technologies assisting banks with myriad important functions, from loan processing to customer service to compliance. But AI also introduces new threats.

Bank Director’s 2026 Risk Survey, sponsored by Baker Tilly, finds 79% of CEOs, board members, chief risk officers and senior executives concerned about fraud. And when it comes to AI, these banks’ leaders are most concerned about fraud and scams targeting their customers (84%) and their employees and organization (77%). The competitive threat from other financial institutions and nonbanks (38%) ranks a distant third concern.

Twenty percent believe their bank or its customers had been impacted by fraud involving AI or deepfake media over the prior 18 months.

Survey respondents broadly indicate at least baseline levels of understanding of many AI-related topics, including machine learning, use cases for AI and data governance. However, a third say they do not understand agentic AI, a newer form of the AI technology focused on autonomous decision making, at all.

Bank leaders don’t need to have an extensive understanding of agentic AI or other forms of artificial intelligence, but a basic understanding may be beneficial from a governance standpoint. For example, management ought to at least be able to explain to employees why they shouldn’t use widely available AI tools that haven’t been vetted by the organization — and could compromise customer and proprietary data — for bank business.

“Banks need a baseline level of understanding so everyone knows what’s in play,” says Mark Wuchte, Baker Tilly’s financial services risk advisory leader. “Without that foundation, you risk people inadvertently using tools outside of the bank’s oversight. Governance needs to be part of the conversation from the very beginning.”

Changes in the broader competitive landscape due to AI and a rise in fintech firms seeking bank charters is also likely feeding increased concern around strategic risk, Wuchte says. Forty-two percent of survey respondents rank strategic risk as a top area of concern for 2026, up from 30% who said as much a year ago. Separately, 53% of respondents believe their bank could take more strategic risk.

Smaller banks may have once had the luxury of being able to take their time with new strategic directions, but shifting customer expectations are forcing their hand. “They need to get more agile and make decisions more quickly,” Wuchte says. “Customer tastes and expectations are changing, so they have to do that in order to stay relevant.”

Regulatory Risk Recedes
With the second Trump administration taking a friendlier regulatory posture toward the industry, just 28% of respondents cite regulatory risk as a top concern this year, down from 55% last year. Forty-four percent say their bank saw heightened attention to liquidity planning or strategy during their most recent regulatory exam, while the percentage who report heightened attention to cybersecurity (37%) increased compared to 2025 (30%). 

Learning on the Job
More than a third (35%) of respondents feel the examiner on their bank’s last regulatory exam was inexperienced compared with previous exams; and 38% believe their primary regulator was understaffed or otherwise underresourced. 

Cybersecurity Oversight
Seventy-nine percent of board chairs and independent directors say the board reviews and approves the bank’s cybersecurity strategy, which is set by management. Despite few cybersecurity experts in bank boardrooms, less than half (47%) of directors say the board invited outside experts to speak to cybersecurity trends over the past 12 months. 

Identifying Cybersecurity Gaps
A majority (89%) of CEOs and tech executives say their bank has conducted a tabletop exercise of its cybersecurity incident response plan over the prior 12 months. Respondents cite overreliance on one individual or function (36%) and internal communications (35%) as the most common gaps found via that exercise.

Credit Risk Concerns
The percentage of respondents who indicate credit as a top risk increased to 60% from 51% a year ago. Commercial real estate is a particular point of emphasis, with respondents sharing concerns about credit quality (27%) and loan portfolio concentrations (38%) in that loan category. 

Risk Responsibility
Fifty-four percent of respondents indicate their bank employs a chief risk officer. Among those respondents, 81% say the CRO reports directly to the CEO, and almost two-thirds say the CRO interacts with directors at every board meeting.

To view the high-level findings, click here.

Bank Services members can click below to access the complete results, broken out by asset category and other relevant attributes. To find out how your bank can gain access to this exclusive report, contact [email protected].