The cost of a single business conduct risk incident now averages USD 14 million. For banks, the response isn't to go quiet, it's to build better defences. 

A recent survey of more than 500 C‑suite executives¹ found that a significant business conduct risk incident costs businesses an average of USD 14 million, while the largest events reach an average of USD 37 million. Conducted by RepRisk in collaboration with Oxford Economics, the survey offers a timely snapshot of today’s escalating risk environment and the increasing strategic importance of reliable, transparent risk data.

This report focuses on a specific subset of the survey data: the responses of banks and development finance institutions (DFIs)². While this group is broadly representative of the wider sample – facing the same escalating risk landscape and financial pressures – their responses reveal a meaningfully different approach across three dimensions: a less defensive posture on sustainability communications, a clear preference for human-AI hybrid data over fully automated alternatives, and stronger operational embedding of risk data into decision workflows. Understanding these differences matters not only for institutions in this segment, but as a signal of what more pragmatic, governance‑oriented risk practice looks like in the wider market.