FSOC 2025 Annual Report | Financial Stability Risks

FSOC 2025 Annual Report Key Findings

The FSOC 2025 Annual Report from the Financial Stability Oversight Council delivers a sweeping assessment of the risks and opportunities facing the American financial system. Published by the U.S. Department of the Treasury, this annual report represents the Council’s most comprehensive evaluation to date, expanding beyond traditional market functioning metrics to encompass economic growth and national economic security considerations.

The report arrives at a critical juncture for global finance. The April 2025 market volatility, rapidly evolving cybersecurity threats, the transformative potential of artificial intelligence, and ongoing debates about the appropriate calibration of banking regulation all converge to create a uniquely complex risk landscape. FSOC’s mandate — to identify risks to financial stability, promote market discipline, and respond to emerging threats — has never been more relevant or more challenging to execute effectively.

For financial professionals, policymakers, and investors, the FSOC 2025 Annual Report provides essential context for understanding how America’s primary financial stability watchdog views the balance of risks and the adequacy of current regulatory frameworks. The report’s recommendations carry significant weight, as they shape the regulatory agenda across multiple federal agencies and inform Congressional action on financial policy. To explore how other institutional reports drive financial policy decisions, our interactive library offers comprehensive analysis of major regulatory publications.

Financial Stability Redefined: Economic Growth and Security

Perhaps the most significant conceptual development in the FSOC 2025 Annual Report is the explicit expansion of the financial stability definition to encompass sustainable long-term economic growth and economic security. As the Council states, “Financial stability also requires and is interdependent with sustainable long-term economic growth and economic security.” This represents a meaningful evolution from previous reports that focused primarily on preventing systemic crises and maintaining market functioning.

This broader mandate reflects a recognition that financial stability cannot be assessed in isolation from the real economy. A financial system that technically functions but fails to support productive investment, employment growth, and broad-based prosperity is not truly stable in any meaningful sense. The expanded lens also acknowledges the strategic dimension of financial stability — the need to ensure that America’s financial infrastructure supports national economic competitiveness and resilience against external threats.

The practical implications of this redefinition are substantial. Regulatory agencies will increasingly need to weigh the economic growth consequences of their rules alongside traditional safety and soundness considerations. This could accelerate the trend toward more calibrated, risk-proportionate regulation that the report champions across multiple policy areas, from capital requirements to supervisory practices.

Treasury Market Resilience and April 2025 Volatility

The FSOC 2025 Annual Report devotes significant attention to the U.S. Treasury market, which it describes as “the deepest and most liquid market in the world with an average daily trading volume of nearly $1 trillion and over $29 trillion outstanding.” Foreign holdings of U.S. Treasury securities exceed $9 trillion, underscoring the market’s central role in global finance and the potential for international contagion if market functioning were to deteriorate significantly.

The April 2025 volatility episode serves as a case study in the market’s ongoing structural fragility. While the Treasury market generally continued to function during the turbulence, the episode revealed persistent vulnerabilities in dealer intermediation capacity and market depth. The report documents how leveraged basis trades by hedge funds, swap-spread dynamics, and limited dealer balance sheet flexibility combined to amplify stress during the volatility spike.

To bolster resilience, the FSOC details an impressive array of initiatives including the Inter-Agency Working Group (IAWG) coordination, the SEC’s central clearing mandate for Treasury transactions, enhanced Treasury buyback programs expanded in size and counterparty access during 2025-2026, the Federal Reserve’s Standing Repo Facility which added a morning operation in June 2025, and the finalized recalibration of the enhanced supplementary leverage ratio (eSLR) in November 2025. Collectively, these measures aim to reduce the probability and severity of future Treasury market dislocations while preserving the market’s essential role as the global risk-free benchmark.

Cybersecurity Threats to the Financial System

The cybersecurity analysis in the FSOC 2025 Annual Report is notably more urgent than in previous editions. The Council warns that “if successful, a significant cyber attack has the potential to disrupt operations, challenge access to liquidity, increase the likelihood of bank failures and market dysfunction, and erode confidence in the financial system.” This stark assessment reflects the escalating sophistication and frequency of attacks targeting financial infrastructure.

The report cites several alarming data points: cyber-enabled fraud reported losses reached $13.7 billion in the most recent reporting period, while North Korean state-sponsored hackers executed the $1.5 billion theft from cryptocurrency exchange ByBit in 2025 — demonstrating the scale of losses possible from a single successful operation. Nation-state actors, sophisticated criminal organizations, and increasingly AI-enabled attack tools represent a constantly evolving threat landscape that outpaces many institutions’ defensive capabilities.

Perhaps most concerning is the quantum computing threat horizon. The report estimates that capable quantum attacks could emerge within 5-10 years, potentially breaking the cryptographic foundations that secure virtually all financial transactions. However, the migration to post-quantum cryptography may take 5-15 years, creating a dangerous gap during which “harvest now, decrypt later” attacks could compromise sensitive financial data. The Council recommends accelerated migration planning and the development of cryptographic agility — the ability to rapidly switch encryption methods as new threats emerge.

Third-Party Concentration and Operational Risk

The FSOC 2025 Annual Report identifies third-party service provider concentration as a systemic operational risk of growing significance. As financial institutions increasingly rely on a small number of critical technology providers — particularly cloud computing, data management, settlement, and custody services — the failure or compromise of any single provider could cascade across the financial system. These dependencies create what the Council terms “single-point operational risk” with limited substitutability.

The concentration risk extends beyond technology. Payment processing, market data provision, and clearing and settlement infrastructure all exhibit significant provider concentration. The interconnectedness means that operational disruptions at critical nodes can propagate rapidly, potentially affecting institutions that have no direct relationship with the compromised provider. This challenge is amplified by the fact that regulatory visibility into third-party providers varies significantly across financial subsectors.

To address these vulnerabilities, the FSOC recommends expanded joint monitoring among regulators through the OCCIP, FBIIC, and FSSCC coordination frameworks, increased scenario-driven tabletop exercises to build public-private readiness, and coordinated third-party examinations across federal banking regulators. Notably, the report calls on Congress to grant the Federal Housing Finance Agency (FHFA) adequate examination and enforcement authority over third-party service providers serving its regulated entities — highlighting a current gap in the regulatory framework that could leave critical housing finance infrastructure exposed.

Banking Regulation Reform and Unintended Consequences

In what represents a significant shift in tone from recent years, the FSOC 2025 Annual Report explicitly acknowledges that some post-Global Financial Crisis reforms, while enhancing resilience, “imposed undue costs and unintended consequences.” These include reduced bank intermediation capacity in key markets, particularly Treasury and repo markets, and the migration of credit activity to less-regulated nonbank financial institutions. The Council calls for a recalibration that preserves the core safety gains of post-crisis reform while eliminating unnecessary burdens.

The reform agenda is comprehensive. For capital requirements, the report advocates modernizing and simplifying the framework, tailoring requirements to bank size and complexity, and ensuring that capital rules do not inadvertently penalize low-risk intermediation activities. For stress testing, the Council proposes averaging results across consecutive years to reduce procyclical volatility in capital requirements and delaying effective dates to allow orderly adjustment. These proposals aim to make capital regulation more predictable and less disruptive while maintaining robust loss-absorbing capacity.

Community banks receive particular attention. The report calls for reduced compliance burden through simplified supervisory expectations, clarified definitions of key regulatory concepts like “unsafe or unsound practice,” and the withdrawal of supervisory expectations deemed overbroad — including those related to reputational risk and climate-related financial risk where the connection to material financial risk is indirect. For more context on how regulatory frameworks shape institutional decision-making, our analysis library provides interactive explorations of major policy documents.

AI in Financial Regulation: Opportunities and Risks

The FSOC 2025 Annual Report presents a balanced but forward-leaning perspective on artificial intelligence in financial services. The Council views AI as simultaneously one of the most promising tools for enhancing financial stability and one of the most complex emerging risk vectors. To navigate this duality, FSOC has established a dedicated AI Working Group tasked with identifying high-value public and private use cases, sharing best practices across agencies, and addressing regulatory impediments to beneficial AI adoption.

On the opportunity side, the report highlights AI’s potential to improve supervisory efficiency through automated analysis of regulatory filings, enhance cyber defense through real-time threat detection and response, and develop early-warning indicators for emerging financial stability risks. These applications could dramatically expand regulators’ capacity to monitor an increasingly complex financial system while reducing the time and cost of traditional supervisory processes.

The risk side is equally significant. Model and data integrity concerns — including the potential for adversarial manipulation of AI training data or outputs — create new forms of operational and market risk. Concentration effects from financial institutions’ reliance on a small number of AI model providers or cloud computing platforms mirror the third-party risks discussed elsewhere in the report. The potential for AI-amplified cyberattacks, where adversaries use machine learning to identify vulnerabilities and execute attacks at unprecedented speed and scale, represents a particularly acute concern. The Council recommends promoting interagency and international cooperation on AI governance while ensuring that regulatory frameworks can adapt to the technology’s rapid evolution.

Market Developments and Sector-Specific Risks

The FSOC 2025 Annual Report finds that market developments in 2025 were largely resilient, with household and corporate debt levels remaining stable and commercial real estate showing signs of stabilization in some segments. However, the Council identifies several sector-specific vulnerabilities that warrant continued monitoring and potential regulatory attention.

Lower-rated corporate borrowers face mounting pressure from elevated interest rates and tightening lending standards, creating the potential for increased defaults and credit losses concentrated in high-yield bond and leveraged loan portfolios. Some household credit segments, particularly subprime auto loans and credit card debt held by lower-income borrowers, show continued deterioration that could intensify if economic conditions weaken. The commercial real estate sector, while showing early signs of price stabilization in certain property types, continues to face structural challenges from the office subsector’s ongoing adjustment to post-pandemic occupancy patterns.

Digital assets and stablecoins receive notable attention. The report discusses the potential implications of the GENIUS Act stablecoin framework for demand for Treasury securities — since regulated stablecoins would likely need to hold high-quality liquid assets as reserves — and for the stability of the payments system more broadly. The growing interconnection between digital asset markets and traditional finance creates new channels for contagion that the regulatory framework must address. Nonbank financial intermediation continues to expand, with hedge-fund leverage in repo and basis trades and the emergence of new central counterparty (CCP) entrants creating both efficiency gains and concentration risks that require careful monitoring through comprehensive data analysis.

FSOC 2025 Annual Report Policy Recommendations

The FSOC 2025 Annual Report concludes with an extensive set of policy recommendations directed at both regulatory agencies and Congress. For Treasury market resilience, the Council recommends continuing IAWG coordination, supporting full implementation of the SEC central clearing mandate, pursuing eSLR recalibration to remove impediments to bank intermediation, and monitoring market effects of the GENIUS Act stablecoin framework through a newly established Market Resilience Working Group.

On cybersecurity, recommendations include expanding joint monitoring and information-sharing among regulators and industry stakeholders through established frameworks like OCCIP and FBIIC, increasing the frequency and sophistication of tabletop exercises for crisis readiness, promoting AI adoption for cyber defense, and encouraging migration planning to post-quantum cryptography. The report specifically calls on Congress to grant FHFA examination and enforcement authority over third-party service providers — a legislative ask that underscores the urgency of closing gaps in the current oversight framework.

Banking regulation recommendations center on modernization: simplifying the capital framework, tailoring requirements proportionately, reducing community bank compliance burdens, recalibrating stress testing methodology, and improving supervisory transparency. The AI recommendations emphasize the new Working Group’s role in fostering responsible innovation: exploring opportunities for AI to enhance systemic resilience, promoting best practices across agencies, and coordinating internationally on governance standards. Taken together, these recommendations sketch a vision of a more adaptive, risk-proportionate, and technology-enabled regulatory framework designed to promote both stability and growth.

Implications for Financial Professionals and Investors

The FSOC 2025 Annual Report carries significant practical implications for financial professionals, compliance officers, risk managers, and institutional investors. The expanded definition of financial stability signals that regulatory evaluations will increasingly consider economic growth impacts alongside traditional safety metrics, potentially creating a more accommodative environment for productive financial innovation while maintaining core prudential standards.

For compliance and risk management teams, the cybersecurity and third-party concentration findings demand immediate attention. Organizations should assess their quantum computing exposure, develop post-quantum cryptography migration roadmaps, and evaluate concentration risks in their critical service provider relationships. The FSOC’s emphasis on tabletop exercises and scenario planning provides a template for internal resilience testing that goes beyond traditional business continuity planning.

Investors should pay close attention to the report’s market risk assessment, particularly regarding Treasury market liquidity, lower-rated corporate credit stress, and the evolving digital asset landscape. The banking regulation reform agenda could benefit bank equities by reducing compliance costs and expanding intermediation capacity, while the potential for increased capital framework simplicity could improve earnings predictability. The establishment of the AI Working Group suggests that regulatory clarity on AI use in financial services is coming, creating potential opportunities for firms positioned to benefit from clearer rules of engagement. As the Council emphasizes, “an appropriately regulated and supervised banking system is critical to financial stability” — and the FSOC 2025 Annual Report makes clear that achieving appropriate regulation requires continuous adaptation to a rapidly changing financial landscape.