Banks are poised for a major overhaul in how they handle day-to-day risk oversight. A new analysis from Oliver Wyman highlights how first-line risk management (FLRM) units—often called the control teams embedded within business operations—can slash expenses while boosting overall protection against nonfinancial threats.
Over the coming five years, these groups could cut spending on core tasks like evaluating risks and verifying controls by 30 to 50 percent from current levels, all while delivering stronger results through sharper focus, streamlined processes, and smart use of artificial intelligence.
FLRM teams grew rapidly in recent years as regulators pushed banks to take greater ownership of operational and compliance hazards.
These units now manage a broad mix of duties that frequently rely on labor-intensive manual work, driving up costs and capping their impact.
Yet the landscape is shifting.
Regulatory scrutiny is easing in some areas, existing programs have reached a level of maturity, and breakthroughs in AI are opening doors to genuine transformation.
The moment is right for leaders to rethink how these teams operate.
The research report outlines three practical steps that leading institutions are expected to adopt widely.
First, banks should strategically centralize selected FLRM responsibilities.
Rather than scattering activities across business lines or leaving them with second-line oversight groups, organizations can consolidate expertise in dedicated hubs.
This approach clarifies responsibilities, pools specialist knowledge, and unlocks economies of scale.
Many large banks are already creating a chief control officer role that reports to senior operations or administrative leaders and oversees enterprise-wide efforts.
Common structures include fully centralized utilities or hybrid hub-and-spoke models that balance standardization with business-specific needs.
The goal is to keep FLRM close to the front line while avoiding overlap with independent review functions.
Second, institutions must simplify and standardize their risk frameworks while adjusting team sizes.
In bigger banks, FLRM can represent 1 to 2 percent of total operating expenses.
By eliminating redundant efforts, merging overlapping programs, and concentrating on high-value enterprise-wide activities—such as risk appetite setting, issue tracking, resilience planning, and self-assessments—teams can shift emphasis from routine backward-looking checks to forward-looking monitoring.
This proactive stance allows earlier detection of problems and more efficient use of resources.
Third, and most transformative, is the full embrace of AI to redesign workflows from the ground up.
Instead of layering new tools onto old routines, banks should build processes around intelligent agents that handle repetitive execution steps, freeing people to focus on judgment, strategic decisions, and final approvals.
Promising applications include continuous real-time monitoring of controls, automated identification of overlapping safeguards that can be consolidated, and dynamic risk evaluations that update far more frequently than traditional point-in-time reviews.
When combined with harmonized data and targeted staff training, these changes promise double-digit cost reductions within three to five years.
Taken together, the three moves form a clear roadmap: refine strategic priorities, update the operating model, and embed AI at the core of daily operations.
The update from Oliver Wyman concluded that banks that act now stand to gain leaner, more responsive risk functions that not only spend less but also protect the organization more effectively. As regulatory and technological conditions align, those institutions that centralize thoughtfully, simplify boldly, and innovate with AI will set a new standard for first-line risk management.