Traditional financial institutions’ risk management departments, hampered by outdated procedures and systems, are becoming overwhelmed by a fast-evolving world of complex risks and compliance concerns. Financial technology companies—both fintech startups and scaleups—offer solutions. But many financial institutions still regard them as competitors or risky and are reluctant to use them, for example, because of regulatory constraints or third-party risk.
A new joint report, “Redesigning Risk Management Through Fintech Partnerships,” prepared by BCG and Politecnico di Milano finds that, as financial systems grow more complex and interconnected, new challenges are pushing financial institutions to consider new approaches to risk management.
Modern risks may arise from geopolitical fragmentation, technological disruption, or environmental volatility. New technological complexities, such as multiple digital layers and AI, amplify the challenges. One example of an old risk made worse: fraudsters armed with AI-powered deep fakes and false identities. Meanwhile, as regulators in many areas are becoming more vigilant and supported by technology, the demand for more timely and accurate data is adding to the need for sophisticated new solutions.
Fintechs are not the only way for financial institutions to modernize risk management, but the powerful solutions they offer are options that Chief Risk Officers can no longer afford to ignore, especially when the product is a good fit for the business need.
Our study found that about 29% of the fintechs focusing on risk management (234 of 814) directly support the needs of financial institution CROs. (See exhibit.) Nearly a quarter of these companies were founded in the last five years and in aggregate have attracted significant investor capital ($7.2 billion), validating the opportunity for fintechs and the CROs engaging with them.
Subscribe to our Risk Management and Compliance E-Alert.
The Time Has Come for a New Look at Fintechs
Financial institutions that have regarded fintechs as interlopers encroaching on their turf need to move beyond this outdated point of view and determine where and how they can collaborate with fintechs to address their numerous risk management problems.
Many financial institution CROs understand the urgency to modernize—and are fully aware of their organizations’ habitual or cultural barriers. A member of the CRO office at a large pan-European bank said in an interview for the BCG study:
“There are various needs within our bank, and even our department, that could be solved with new technologies like artificial intelligence. We are immature; we haven’t experimented. The solutions exist, and they’re even interesting, but when they’re presented to us, we are cautious. Knowing that a fintech offers such a solution, and perhaps has even received regulatory approval, would be very interesting for us.”
With the rapid advance of technological innovation leading to increased risks, the partnering of financial institutions’ risk management departments and fintechs is not merely attractive but urgent. Fintechs offer solutions that use automation and predictive analytics to identify and mitigate risks—provided in a turnkey model that significantly speeds time-to-market. It’s a powerful combination that can help transform risk management activities from a costly necessity into a strategic advantage. These technologies can also empower CROs and their teams with:
- unified, explainable, and actionable oversight over their data landscapes
- ability to quickly implement compliant, transparent, and agile models
- transformation of regulatory complexity into proactive, data-driven control
- early-warning capabilities to navigate volatility and future risks
As part of our survey, startup investors and executives shared how successful these applications can be, across risk types:
“They told us what we did in one day would have taken them over six months hiring an outside consulting firm, because that’s, in fact, what they had done previously. So this is a very good indication of the acceleration of AI.”
—Fintech Chief Revenue Officer
“Thanks to this approach, we are able to predict potential fraud, meaning the movement of money, up to 15 days in advance. So, we shift risk management into a completely different, more cyber-focused domain, preventing the risk much earlier.”
—Fintech Co-founder & CTO
Key Motivations for CRO-Fintech Partnership
Some financial institutions’ business units have become comfortable with using fintech partnerships to drive revenue or enhance the customer experience. For the risk function, the primary drivers are foundational to long-term success: strengthening institutional resilience and ensuring robust operational control. Our interviews highlighted three primary motivators:
- De-risking innovation and transformation. CROs are tasked with enabling the institution’s digital and AI strategies while managing the associated risks. Fintechs offer platforms, such as for AI governance, that ensure digital models are fair, transparent, and compliant.
- Gaining efficiency and control. Many risk functions are still reliant on partially manual processes. Fintechs offer platforms that automate all parts of the risk model lifecycle. Fintech intelligence systems, for example, can scan updates from thousands of regulators and map them to internal controls, replacing manual horizon scanning.
- Enhancing risk intelligence. CROs need robust tools to keep up with the fast-evolving risk and regulatory landscape, such as monitoring social media for reputational threats or analyzing digital footprints to detect fraud and synthetic identities.
Partnerships Can Face Internal Challenges
While the strategic motives for forging a CRO-fintech partnership are compelling, the path to success is fraught with internal challenges that can be summarized in three archetypes:
- The sponsorship and budget hurdle. Many startups don't consider the CRO a potential client, considering them instead as a gatekeeper in the process. Consequently, most CROs are unaware of the innovative solutions that exist. CROs also may lack internal sponsoring and dedicated IT budgets, needing to secure funding from other departments, a lengthy process.
- The process hurdle: due diligence and data access. Procedural friction can halt or slow collaboration, even with a sponsor and budget. Financial institutions have rigorous due diligence and data protection standards, causing long delays. Solutions involving multiple departments require complex alignment, and when the CRO is involved, there is likely to be even greater risk aversion.
- The culture and trust hurdle. A deep cultural gap exists between CROs and fintechs, and it is a barrier to mutual trust. CROs need solutions that can translate technical metrics into quantifiable business impact. For successful partnerships, fintechs must learn to speak the language of the risk function, presenting themselves with the level of credibility, compliance readiness, and operational robustness expected by financial institutions. In turn, CROs must learn to trust smaller, faster providers. Each collaboration hinges on the fintech’s ability to demonstrate reliability, security, and long-term viability.
Three CRO-Fintech Engagement Models
CROs who recognize the strategic value of collaborating with fintechs must choose a path to a successful partnership by selecting an engagement model that aligns with the company’s risk appetite. They must also be ready to overcome internal resistance and other organizational hurdles that can undermine the most promising initiatives. Financial institution-fintech partnerships can take three main forms.
Operative agreements: The fintech as a specialized service provider
This is the most common form of partnership, where the institution engages a fintech as a vendor to solve a specific problem. From a CRO’s perspective, this model is straightforward but still requires navigating the hurdles of third-party risk management.
Pilots and the sandbox model: A gateway to de-risked innovation
In some jurisdictions, such as the UK, regulators support sandboxes to enable testing innovative solutions with real users under close supervision. Authorities and innovators work together to assess the practical implications of new technologies before they are deployed at scale, providing room for experimentation within a structured framework.
Strategic alliances and industrial agreements: Co-creating long-term value
At the deepest level of collaboration are strategic alliances or joint ventures, where a financial institution and a fintech commit resources to achieve a shared, long-term objective, such as developing a new product or entering a new market. In some cases, financial institutions may take an equity stake in the fintech.
The Future Is Collaborative: From Risk Mitigation to Value Creation
CROs can position themselves for the future by embracing their role as a strategic business partner essential for growth, using risk management as a business accelerator, and committing to the positive evolution of a maturing, more efficient fintech ecosystem.
Positioning the CRO as a business partner
The most forward-thinking CROs are leveraging fintech partnerships to evolve from the role of a gatekeeper to an enabler and a leader steering and growing the financial institution.
Risk management as a business accelerator
This evolution fundamentally reframes the purpose of risk management. The goal is no longer to simply avoid losses, but to provide the confidence needed for the financial institution to innovate and grow, ensuring optimized and well-governed deployment of resources, while providing the business with highly accurate decision making to ensure long-term sustainability.
A maturing and more efficient ecosystem
This positive future is supported by a maturing, collaborative ecosystem. Financial institutions are increasingly open to working with specialized fintechs, driven by the frustration of slow-moving legacy systems and the non-negotiable imperative to adopt technologies like AI.
Ultimately, the CRO-fintech alliance is more than a trend; it is a strategic imperative. For the CROs who embrace it, the future is one of enhanced influence, where the risk function is not just a guardian of the financial institution’s stability, but a critical engine for its future growth and resilience.
