Skip to Main Content

Community Bank Execs Rank Cybersecurity and Credit as Top Risks

PHILADELPHIA, PA (January 5, 2023) – Community Banks are weighing increased demands in the year ahead and are facing difficult challenges in technology management, credit risk, and regulatory compliance, the Tenth Annual Community Bank Survey conducted by Risk Management Association (RMA) has found.

Community bank executives from more than 100 institutions note that the combined demands of technology costs, managing third-party vendors, reputational risk, and increasing regulatory pressures are pushing cybersecurity and technology risk to the top of the list. As the potential for recession looms, credit risk is also a top concern.

Top risk priorities of community bankers (N=101)

(Percentage of respondents citing each among their top six priorities)

1. Cybersecurity risk


2. Credit risk


3. Operational risk


4. IT risk


5. Interest rate risk


6. Regulatory compliance risk


On Cybersecurity and Credit Risk

Over the years that RMA has conducted the Community Bank survey, community bankers have registered increasing interest in cybersecurity and its relationship with other risks. In this year’s survey, another operational risk—IT risk—is frequently cited as important, as community banks work to enable remote workforces and improve effectiveness through automation, in addition to managing data security and erecting defenses against cyberattacks.

With respect to credit risk, bankers who have experienced down cycles recognize that strong credit metrics may lag behind a looming reality and are bracing for what lies ahead.

On Regulatory Compliance

Regulatory compliance also continues to be a major priority and challenge for community bankers, as they strive to address regulatory requirements amid persistent resource constraints. In this year’s survey, the transition to the CECL accounting standard— occurring in January 2023 for many community banks—is a top challenge, as are cybersecurity-related compliance, small business data collection, and new rules connected to the Community Reinvestment Act (CRA).

Areas where community bankers note compliance as “difficult”

(Percentage of respondents citing each among their top six priorities)



2. Cyber


3. Small business data collection rules


4. New CRA rules


5. Information security expectations


6. Residential mortgage regulations compliance


Community banks are subject to many of the same regulatory standards and requirements as their larger counterparts but, do not have the resources to staff and address them with the same rigor.

On Talent Management

The survey also explores key talent-management issues for community banks and reveals some of the strategies they are employing to achieve their retention and recruitment goals. Against the backdrop of an extremely tight labor market, community bankers recognize that their ability to manage talent will be a major factor in their success. In fact, when asked to identify the greatest threats they face, 75% ranked talent attraction and retention as their top concern.

Nancy Foster, RMA President and CEO, noted: “Community banks continue to face unprecedented risks and extraordinary demands on their time, attention, and resources. To help this vital part of the industry continue to meet the needs of its communities, RMA is working to provide solutions and content to help community banks meet the challenges ahead.”

About the Survey

RMA has surveyed community bankers every year for the past ten years to identify the forces that are most affecting them and the approaches they are taking to address the challenges they face. In this year’s survey, conducted in the summer of 2022, more than 100 community bankers from around the United States with titles including Chief Risk Officer, Chief Credit Officer, and Chief Lending Officer, who work for institutions with less than $10 billion in assets, responded to the online survey.

The questionnaire was developed in close collaboration with RMA’s Community Bank Council, whose members also provided insight on the results that are incorporated into this report.

About Risk Management Association (RMA)

Founded in 1914, Risk Management Association is a not-for-profit, member-driven professional association whose sole purpose is to advance the use of sound risk management principles in the financial services industry. RMA promotes an enterprise approach to risk management that focuses on credit risk, market risk, and operational risk. Headquartered in Philadelphia, Pennsylvania, RMA has 1,600 institutional members that include banks of all sizes as well as nonbank financial institutions. They are represented in the Association by 35,000 individuals located throughout North America, Europe, Australia, and Asia/Pacific.

Media Contacts  
Frank Devlin, 215-446-4137,