Risk Technology Awards 2026: Real-time reality
When Israel and the US started bombing Iran in late February, oil prices spiked, dragging inflation expectations with them and injecting fresh uncertainty into interest rate and currency markets. Equity and credit markets wobbled.
Conditions like these can be rough for private banks – outflows from many wealth products are discretionary, often tied to interest rate movements, and digital banking means they can switch from a trickle to a flood in a matter of hours, as Silicon Valley Bank discovered in 2023.
To keep track of these fast-moving, interconnected risks, Swiss private bank EFG decided it could no longer rely on its traditional monthly reports – instead, it built a framework in which liquidity and funding risks are monitored continuously. So, when the bank convened a crisis team hours after the first wave of strikes on Iran – it was a Saturday morning – it already had much of the data it needed, says chief risk officer Enrico Piotto.
“I really, really benefit from this live reporting. I get [the reports] twice a day, but if there is something happening, then I ’m notified immediately,” he says. “We have the ability to monitor every single client taking money out or bringing money in or taking big loans. This is key in a very dynamic situation where clients are moving and following the market.”
Risk events and regulatory change have played a part in pushing real-time reporting up the agenda
The rise of live reporting has been predicted for many years, but a flurry of recent risk events has prompted banks as well as vendors to grasp the nettle – in EFG’s case, it was the invasion of Ukraine and the implosion of SVB. At the same time, the goal is becoming more feasible, thanks to widespread cloud adoption.
The push for real-time risk reporting was in evidence throughout this year’s Risk Technology Awards, with many of the 170-plus submissions arguing that periodic analysis no longer cuts the mustard. There is a common goal to get more information, to the right people, more frequently. And it’s not just being applied to traded risks.
Citizens Bank spent the past few years developing its own in-house tool that enables it to monitor a range of technology, operational, third party and cyber risks in real time, including configuration drift, vulnerabilities, expired certificates and breaches in service-level agreements. The system is designed to show how events at different layers – such as infrastructure, shared platforms, applications, end-users – combine to affect the bank’s overall risk position. The US regional bank won this year’s award for best in-house risk data initiative.
The winner of this year’s GRC product of the year, MetricStream, highlighted the ways in which continuous monitoring is taking root in the world of third-party risk – driven by geopolitical instability and supervisory prodding. In the model risk category, ValidMind argued that the plasticity of AI systems introduces “entirely new risk surfaces, including emergent behaviours, uncontrolled autonomy, and challenges in auditability” – again, the solution is continuous monitoring. And in the risk dashboards category, SS&C Algorithmics used AI to watch data for “unusual patterns or unexpected values”.
Risk.net spoke with some of this year’s winning firms about why the moment has come for real-time reporting, the associated implementation challenges, and what might come next – a world in which AI isn’t just an always-on watchdog, but is also helping organisations digest and act on these new streams of information.
The full list of winners, along with the awards methodology and this year’s panel of judges, can be found below.
A bottleneck, broken
The advent of cloud computing is the major reason real-time reporting has become more achievable, enabling firms to run more computations more quickly than ever, without creating vast server farms of their own.
In the past, many financial institutions struggled to access their data quickly and interrogate it in a meaningful way. Real-time data was relatively common in the front office, and some trading desks had access to continuous and on-demand analytics for specific metrics, but many simulations, scenarios and portfolio sums relied on periodic reports. For traded risks, these reports might have been produced overnight, but many other forms of risk reporting were updated on a weekly, monthly or quarterly basis.
The promise of cloud was that users could remove the computational bottleneck.
You are starting to see specific events where it’s important that you have the ability to monitor stuff in real time and react quickly, as opposed to just overnight
Greg Jewell, TS Imagine
“A cloud-based solution is much more flexible in terms of how we spin up hardware,” says Andrew Woods, head of risk services at FIS Global. “When we set off calculations, you can actually see the environment spinning up and spinning down in real time. This is a sea change from where we started with mainframes.”
This has particular value for traded risk, giving desks access to a wider set of information – such as how a trade affects collateral usage, capital requirements and limit consumption – before execution. This provides a fuller picture of the risks associated with a trade, enabling them to be priced in, and changing risk management from a second-line cost centre into a competitive advantage.
“It allows you to do the real, full calculation as close to the trading point as possible,” says Woods. “You are now putting the traders in the same technical space and functional space as the risk team and the regulator.”
It’s not just about capabilities, though. Risk events and regulatory change have also played a part in pushing real-time reporting up the agenda.
In asset and liability management, Russia’s invasion of Ukraine, the collapse of Credit Suisse and SVB as well as the EU ’s new rules on real-time euro-area payments, have all increased pressure on risk teams to improve the speed of their monitoring systems.
Within operational risk management, the growing frequency and sophistication of cyber attacks as well as increasingly complex tech stacks, have encouraged real-time monitoring.
Greg Jewell, chief product officer at TS Imagine, says: “You are starting to see specific events where it’s important that you have the ability to monitor stuff in real time and react quickly, as opposed to just overnight. Everything’s moving quicker.”
As one example, TS Imagine recently expanded its margin calculation tool for users of central counterparties, enabling treasury teams to prepare for outsize margin calls during the trading day and – hopefully – reducing the need to raise cash at short notice during periods of market stress.
Filtering the fog
While continuous reporting may now be easier to achieve in theory, it is still not easy to put into practice.
In the case of Citizens, the bank was moving from a world in which data was collected and analysed on a quarterly basis to one in which it could be accessed, tested, and reported in close to real time.
Khushboo Shah, a vice-president who works on data, AI and emerging technology, says it was a challenge getting siloed data into one place, with information in any given banking system often traversing different APIs, coding language and ETL pipelines (processes through which data is extracted, transformed and uploaded).
This can be an even more complex exercise at larger financial institutions that may have different risk management ontologies and semantics in different parts of the business. As a crude example, one team might use a five-by-five grid to score and categorise risks, while another uses a grid with a different number of rows and columns. Aggregating this data requires an agreement on what these team-specific grids mean and how to translate them into a common system.
You have to condense processes, you’ve got to break them down, reimagine the processes that they followed for 25 years
Gaurav Kapoor, MetricStream
Citizens Bank also sought to ensure it was only sending relevant information, to avoid “alert fatigue”.
“Incomplete data that cannot be actioned adds to fog,” says Shah. “It was really about cutting through the noise and finding the right streams of data and the quality and consistency of data that we needed.”
EFG’s Piotto agrees the volume of information real-time reporting creates can quickly become overwhelming if it is not handled correctly.
“You need to be able to report only what is necessary,” he says, pointing out that his team needs to heavily filter the information that lands on his desk to ensure he does not get overwhelmed with irrelevant information.
“They cannot send me or the CEO pages and pages and pages, they need to extract the information. The team needs to be on top of everything, and they need to filter,” he says.
Added to this, larger institutions must often change their internal culture and systems to make use of the constant flow of data. This requires leadership that is committed to streamlining processes and making change over a sustained period.
Gaurav Kapoor, co-founder of MetricStream, says: “Culturally, it’s a huge challenge because you have to change the mindset. You have to condense processes, you’ve got to break them down, reimagine the processes that they followed for 25 years. That’s really the biggest challenge.”
Decisions by AI
As Citzens and EFG note, having continuous access to information is only helpful if a bank also has the capacity to act on it – otherwise a data and reporting bottleneck simply becomes a decision-making bottleneck. Some see agentic AI as part of the solution – and the task of integrating these tools into risk workflows is already underway, with early applications hinting at a future in which AI handles much of the analytical groundwork and takes simpler actions, while humans retain control of the overall framework and oversight of consequential decisions.
Vendors are already using AI to make triaging decisions – the trade surveillance platform built by Eventus, for example, uses AI to identify and escalate alerts that require human attention.
The big question is how far this can go. Some routine tasks are already being automated away. Citizens Bank, for example, is exploring the use of AI agents to handle simple, but time-consuming jobs, such as notifying users that their security certificates have expired – or even swapping them for new ones.
For more complex tasks, it will take time for risk departments to trust that AI will do an adequate job.
Piotto of EFG Bank is blunt: “Will AI take decisions? Maybe, at a certain point – I don’t think it’s ready now. I think AI now is super powerful when it comes to data analysis, preparation and synthesis, but when it comes to projecting an analysis into a decision, I don’t think AI is there.”
What’s needed is a track record of success – a reason to believe AI agents are reliable. Some vendors are already collecting this kind of evidence, and sharing it with users. At MetricStream, users are given a confidence level whenever an AI tool recommends a certain course of action. Kapoor argues that as AI improves and confidence levels rise, an increasing number of tasks will be delegated to machines.
“Nothing is 100% sure – ever. But where there are processes that have a 99% confidence level – or 99.5% – and the human has seen it 10 times, and it has proved to be accurate, then the user’s confidence grows. When they see it for an eleventh time, they’ll start to make it more autonomous,” he says.
He gives the example of third-party risk assessments, which might require a person to fill in 30-40 fields for what can be thousands of suppliers. AI could be used to automatically fill in 90% of those fields using historical data, with a person filling in the rest.
But Kapoor does not believe this will lead to sweeping cuts to the industry’s risk management staff.
“So, non-essential work goes away, but I do feel very strongly that this is actually going to create more opportunity for people who understand the business and have judgement,” he says.
Risk Technology Awards 2026: roll of honour
The winners
ERM and regulation
Bank ALM system of the year: SS&C Algorithmics
Climate risk service of the year: First Street
Integrated risk management software of the year: TS Imagine
Life and pensions ALM system of the year: Fentics Technology
Model risk service of the year: ValidMind
Prudential regulation reporting system of the year: Regnology
Regulatory capital calculation product of the year: Regnology
Risk dashboard software of the year: SS&C Algorithmics
Operational risk
Financial crime product of the year: PWC
GRC product of the year: MetricStream
Third-party risk product of the year: Kharon
Trade surveillance product of the year: Eventus
Op risk innovation of the year: PwC
Credit risk
Credit data provider of the year: Moody’s
Credit stress-testing product of the year: Quantifi
Credit risk innovation of the year: SPIN Analytics
Enterprise technology
Best use of AI: Moody’s
Best use of cloud: FIS Enterprise Risk Suite on AWS Cloud
In-house systems
Best in-house ALM technology: EFG Bank
Best in-house credit risk technology: HYPO NOE Landesbank für Niederösterreich und Wien
Best in-house op risk technology: Nubank
Best in-house risk data initiative: Citizens Bank
Methodology
Technology vendors were invited to pitch in 32 categories by answering a standard set of questions with a maximum word count. More than 170 submissions were received, resulting in over 70 shortlisted entries across the categories. A panel of 11 industry experts and Risk.net editorial staff reviewed the shortlisted entries, with judges recusing themselves from categories or entries where they had a conflict of interest or no direct experience.
The judges individually scored and commented on the shortlisted entrants, before meeting in April to review the scores and, after discussion, make final decisions on the winners.
In all, 22 awards were granted this year. Awards were not granted if a category had not attracted enough entrants, or if the judging panel was not convinced by the shortlisted candidates.
The judges
Julien Cuisiner, senior risk manager, St. James’s Place
Nicola Crawford, interim chief risk officer, Tradex Insurance Services
Sidhartha Dash, chief researcher, Chartis Research
Priya Devarajulu, AI ML principal software engineer, American Express
Christian Hasenclever, senior manager, risk consulting, X1F
Becky Pritchard, contributor, Risk.net
Andrew Sheen, director, AJ Sheen Consulting
Jeff Simmons, senior partner, NoW Partners
Jagat Singh, senior director of software engineering (risk and pricing), Ice Clear Credit
Duncan Wood, global editorial director, Risk.net
Shravya Yarlagadda, director of treasury ALM, BNY