Skip to content
Brand Logo
Dear RiskBowl, Thoughts on where Compliance typically sits in the risk taxonomy? We’ve gathered examples of Compliance as a Level 1 risk category, but have you seen examples of when Compliance is at Level 2 under Operational Risk at Level 1? Thanks
Regulatory Compliance
Topic thumbnail image
Credit Risk
Oliver Wyman is conducting a Risk Modelling Technology Benchmarking Survey to gather insights into risk modelling technology stacks, challenges, cost drivers, and migration plans within the banking sector across the UK and EU. The survey mainly consists of multiple-choice questions and is targeted at the risk modelling technology users (including regulatory change programs leaders, regulatory model owners and model developers). RiskBowl users are invited to participate – your input will help generate valuable benchmarking data, which will be shared exclusively with participants. We kindly request that the survey be completed by 21st November, with a view to share results by the end of November Access the survey here Should you have any questions, please feel free to reach out to Angelina Egorova, who is leading this initiative within our London F&R team. Thank you for your time and cooperation.
Announcements
Risk Function of the Future As banking leaders look beyond 2025 toward 2030 and beyond, a series of “big debates” are emerging within the industry. How individual banks and banking sector as a whole resolve these debates will in large part shape the environment in which Risk functions operate, influencing priorities, resourcing, and governance structures over the coming decade. The Risk function of the future will need to be prepared for multiple, simultaneous pressures. First, it must respond to growing end-customer expectations for seamless experiences, while maintaining resilient performance, a combination that increasingly carries a high premium in competitive markets. Second, Risk functions must be ready for the next financial crisis, which many analysts view as increasingly “due” given historical cycles and macroeconomic pressures. Third, the function must confront actual climate-related risks, moving beyond scenario exercises to tangible, measurable mitigation and monitoring. Fourth, AI mastery will no longer be optional; it is rapidly becoming a table-stakes capability for Risk teams, both for efficiency and for insights-driven decision-making. While AI presents significant opportunities, Risk functions must approach it with both enthusiasm and realism. Many of the tasks performed by Risk involve “trust functions” i.e., oversight, challenge, and independent verification, which cannot be fully automated. Therefore, AI should be leveraged strategically, deployed where it adds measurable value, and integrated thoughtfully into existing control and assurance frameworks. Beyond technology, we also see a broadening of Risk’s remit. The Risk function is increasingly positioned to serve as the bank’s protector of truth, ensuring that information, assumptions, and metrics across the institution remain reliable, consistent, and auditable. In this sense, Risk is not just a defensive or compliance-oriented function; it is a guardian of credibility, playing a central role in how the bank navigates uncertainty, innovation, and stakeholder expectations over the next decade. Risk Vision and Strategy AI in Risk In the near term, Risk will enhance human productivity with GenAI as a supportive ‘co-pilot’, while waiting for more reliable technology before fully evolving into dynamic, specialized AI-human collaborative networks in 2030 In the next two to three years, leading Risk functions will deploy GenAI as a disciplined co‑pilot to amplify human productivity, prioritizing discovery and drafting tasks, supported by expert predictive scaffolding and anchored in high‑quality data repositories (including GRC/ RCSA tooling). Scope for holistic process reimagination however remains limited in scope until reliability materially improves, which we anticipate in the next decade and beyond As AI accuracy surpasses 99%, Risk will then transition into dynamic, specialized AI‑human collaborative networks, where orchestrated agents operate in real time under human supervision, unlocking scale, speed, and sharper decisioning across the enterprise Governance Future Risk Governance will strike a dynamic balance between 1/2LOD responsibilities, embrace (some) agile FinTech-inspired practices, deeply embed risk culture in the organization, and streamline governance Risk governance is migrating to a pragmatic equilibrium in the three lines of defence, with mature-risk activities moving closer to the first line for tighter business alignment while the second line rapidly builds expertise in novel risk types. At the same time, agile practices borrowed from FinTechs are reshaping ways of working, integrating risk early in decisions, preserving independence, and elevating a strong, lived risk culture across the enterprise To make this shift stick, successful Risk functions will simplify and rationalize committee structures, delegate more decision rights to where the information is richest, and advance the governance toolkit so oversight becomes faster, clearer, and more effective in a more volatile world Risk Pillars Credit risk The Credit Risk Function of the Future will reduce involvement in individual transaction approval and annual reviews, assessing risk based on real-time data In the near term, leading institutions will deploy AI to strengthen origination and monitoring, using targeted automation to boost coverage, consistency, and speed without compromising control or judgment Over time, these capabilities will converge into a fully integrated human-AI credit system that continually assesses risk using real‑time data and drives decisions through a “zero‑ops” approach—minimizing manual intervention while elevating oversight and outcome quality As accelerated digitalization and lending commoditization reshape the market, automated decisioning systems will expand in scope and ticket size, becoming a core engine of scalable growth and disciplined risk management Non-Financial Risk, Compliance and Economic crime The NFR function will revolutionize into a real-time and strategic response unit, integrating automation, AI and strategic accountability As non-financial risk capabilities modernize, previously manual processes will be seamlessly automated and orchestrated in real time, elevating regulatory adherence while shifting the function from reactive remediation to proactive risk management Continuous control testing, real-time compliance execution, and end-to-end accountability will hardwire strategic collaboration across the bank and direct control spend to the highest‑impact areas, creating a faster, clearer, and more anticipatory line of defence Model risk MRM is evolving into a proactive enabler of safe AI adoption, balancing innovation with oversight Model Risk Management is shifting from gatekeeper to catalyst, embedded in high‑impact initiatives to enable AI‑driven innovation, while moving earlier into the model lifecycle to strengthen oversight and collaboration with the first line. At the same time, supervisors are raising the bar on transparency and accountability for AI and third‑party models, pushing firms toward materially stronger governance frameworks that balance speed with safety Enablers Risk analytics, Modelling and Data Future Risk Analytics will leverage modularized toolkit powered by centralised data assets, and expand insights by harnessing unstructured big data for stronger predictive power Successful Risk functions will industrialize analytics by building centralized toolkits with standardized code modules that can be reused across multiple use cases, all powered by centralized data assets that act as a single “golden source” for the entire analytical suite Risk specialists will then harness GenAI to accelerate documentation, code generation, and peer reviews, shifting time from manual effort to deeper analysis and faster decisioning In parallel, the function will broaden its data universe by incorporating unstructured big data to materially strengthen predictive power, improving the accuracy, timeliness, and relevance of insights delivered to the business Talent The future Risk workforce will blend critical thinking, tech savvy, and risk intuition, while winning talent through diverse experiences, agile work styles, cutting-edge tech, strong culture, and inspiring leadership To build the risk function of the future, CROs must cultivate a more well‑rounded cadre of professionals, combining critical thinking, a big‑picture perspective, risk intuition, and strong technology literacy and analytics, while competing effectively in the war for talent by offering diverse experiences, more agile ways of working, advanced tooling, a strong, lived culture, and thoughtful leadership that inspires and retains new generations of risk experts In sum, the Risk function’s next chapter will be defined by its ability to simultaneously elevate customer experience, withstand systemic shocks, operationalize climate risk, and master AI, while preserving the integrity of core “trust functions” through disciplined oversight and human judgment. As governance evolves toward a pragmatic equilibrium across the lines of defence, with agile, FinTech‑inspired practices and a lived risk culture, Risk will increasingly act as the bank’s protector of truth, ensuring reliable, auditable decisioning in a more volatile world. Credit will transition toward integrated, real‑time, human‑AI systems that expand automated decisioning without sacrificing outcome quality; NFR and Compliance will become proactive, real‑time control engines; and Model Risk will shift from gatekeeper to catalyst, enabling safe, transparent AI at scale. Underpinning this transformation, centralized data assets, modular analytics, and GenAI‑accelerated workflows will industrialize insight generation, while unstructured data broadens the field of vision. Ultimately, success will hinge on talent i.e., blending critical thinking, risk intuition, and technology literacy, supported by inspiring leadership and agile ways of working. Those banks that commit early, invest thoughtfully, and embed these capabilities end‑to‑end will not only manage risk more effectively; they will compete and differentiate in the decade ahead
General Discussion

  • Welcome to RiskbOWl – the first closed community of Risk professionals to share ideas, best practices and get a sense of peer practice, with the ability to anonymously ask questions, share perspectives, run targeted polls, and discuss recent regulatory developments. Find out the latest developments in the RiskbOWl community, including user guidelines, community rules, and latest functionality

    3 3
    3 Topics
    3 Posts
    Oliver Wyman is conducting a Risk Modelling Technology Benchmarking Survey to gather insights into risk modelling technology stacks, challenges, cost drivers, and migration plans within the banking sector across the UK and EU. The survey mainly consists of multiple-choice questions and is targeted at the risk modelling technology users (including regulatory change programs leaders, regulatory model owners and model developers). RiskBowl users are invited to participate – your input will help generate valuable benchmarking data, which will be shared exclusively with participants. We kindly request that the survey be completed by 21st November, with a view to share results by the end of November Access the survey here Should you have any questions, please feel free to reach out to Angelina Egorova, who is leading this initiative within our London F&R team. Thank you for your time and cooperation.

  • Discover our latest thinking across hot topics in risk management, drawn from serving the world's leading financial institutions and deep, industry-renowned expertise across risk and finance topics, including surveys, primers and points-of-view

    2 2
    2 Topics
    2 Posts
    Conversations with our clients reveal the imperative of realizing the benefits from the promise of digitally transforming credit decisioning and lending journeys, driven by the need to control bank costs and retain customer loyalty in the face of competition from more nimble, digitally-native banks To better understand current trajectories in the lending transformation space, Oliver Wyman conducted a survey of banks across several markets, looking at the overarching burning platform, budgets, barriers to transformation, data, analytics, underlying technology, customer management, and organisational setup. In summary, our high-level, selected findings indicate Lending transformation is a high priority topic, with participants sequencing Retail and SME first in their lending transformation programs Respondents see the traditional incumbent breakthrough as the biggest competitive threat over the new fintech challenger looming on the horizon Decisioning time, revenue growth and cost reduction cited as top 3 benefits, whilst expected uplift is highest for customer experience Budget for lending allocation is approached on program level or on individual level, with very few respondents approaching it as a strategic objective Most budget is spent on customer journeys, internal workflows and underlying IT infrastructure rather than analytics capabilities [image: 1732202451766-lending-transformation-survey-infographic.png] Reach out for more insight, but we’d be keen to hear from the RiskbOWl community how this stacks up against your lending transformation program – post your thoughts below !

  • Use this space for questions or broader topics pertaining to risk management, from the latest industry trends and regulatory developments, to the latest news and risk headlines potentially impacting the sector

    14 17
    14 Topics
    17 Posts
    Risk Function of the Future As banking leaders look beyond 2025 toward 2030 and beyond, a series of “big debates” are emerging within the industry. How individual banks and banking sector as a whole resolve these debates will in large part shape the environment in which Risk functions operate, influencing priorities, resourcing, and governance structures over the coming decade. The Risk function of the future will need to be prepared for multiple, simultaneous pressures. First, it must respond to growing end-customer expectations for seamless experiences, while maintaining resilient performance, a combination that increasingly carries a high premium in competitive markets. Second, Risk functions must be ready for the next financial crisis, which many analysts view as increasingly “due” given historical cycles and macroeconomic pressures. Third, the function must confront actual climate-related risks, moving beyond scenario exercises to tangible, measurable mitigation and monitoring. Fourth, AI mastery will no longer be optional; it is rapidly becoming a table-stakes capability for Risk teams, both for efficiency and for insights-driven decision-making. While AI presents significant opportunities, Risk functions must approach it with both enthusiasm and realism. Many of the tasks performed by Risk involve “trust functions” i.e., oversight, challenge, and independent verification, which cannot be fully automated. Therefore, AI should be leveraged strategically, deployed where it adds measurable value, and integrated thoughtfully into existing control and assurance frameworks. Beyond technology, we also see a broadening of Risk’s remit. The Risk function is increasingly positioned to serve as the bank’s protector of truth, ensuring that information, assumptions, and metrics across the institution remain reliable, consistent, and auditable. In this sense, Risk is not just a defensive or compliance-oriented function; it is a guardian of credibility, playing a central role in how the bank navigates uncertainty, innovation, and stakeholder expectations over the next decade. Risk Vision and Strategy AI in Risk In the near term, Risk will enhance human productivity with GenAI as a supportive ‘co-pilot’, while waiting for more reliable technology before fully evolving into dynamic, specialized AI-human collaborative networks in 2030 In the next two to three years, leading Risk functions will deploy GenAI as a disciplined co‑pilot to amplify human productivity, prioritizing discovery and drafting tasks, supported by expert predictive scaffolding and anchored in high‑quality data repositories (including GRC/ RCSA tooling). Scope for holistic process reimagination however remains limited in scope until reliability materially improves, which we anticipate in the next decade and beyond As AI accuracy surpasses 99%, Risk will then transition into dynamic, specialized AI‑human collaborative networks, where orchestrated agents operate in real time under human supervision, unlocking scale, speed, and sharper decisioning across the enterprise Governance Future Risk Governance will strike a dynamic balance between 1/2LOD responsibilities, embrace (some) agile FinTech-inspired practices, deeply embed risk culture in the organization, and streamline governance Risk governance is migrating to a pragmatic equilibrium in the three lines of defence, with mature-risk activities moving closer to the first line for tighter business alignment while the second line rapidly builds expertise in novel risk types. At the same time, agile practices borrowed from FinTechs are reshaping ways of working, integrating risk early in decisions, preserving independence, and elevating a strong, lived risk culture across the enterprise To make this shift stick, successful Risk functions will simplify and rationalize committee structures, delegate more decision rights to where the information is richest, and advance the governance toolkit so oversight becomes faster, clearer, and more effective in a more volatile world Risk Pillars Credit risk The Credit Risk Function of the Future will reduce involvement in individual transaction approval and annual reviews, assessing risk based on real-time data In the near term, leading institutions will deploy AI to strengthen origination and monitoring, using targeted automation to boost coverage, consistency, and speed without compromising control or judgment Over time, these capabilities will converge into a fully integrated human-AI credit system that continually assesses risk using real‑time data and drives decisions through a “zero‑ops” approach—minimizing manual intervention while elevating oversight and outcome quality As accelerated digitalization and lending commoditization reshape the market, automated decisioning systems will expand in scope and ticket size, becoming a core engine of scalable growth and disciplined risk management Non-Financial Risk, Compliance and Economic crime The NFR function will revolutionize into a real-time and strategic response unit, integrating automation, AI and strategic accountability As non-financial risk capabilities modernize, previously manual processes will be seamlessly automated and orchestrated in real time, elevating regulatory adherence while shifting the function from reactive remediation to proactive risk management Continuous control testing, real-time compliance execution, and end-to-end accountability will hardwire strategic collaboration across the bank and direct control spend to the highest‑impact areas, creating a faster, clearer, and more anticipatory line of defence Model risk MRM is evolving into a proactive enabler of safe AI adoption, balancing innovation with oversight Model Risk Management is shifting from gatekeeper to catalyst, embedded in high‑impact initiatives to enable AI‑driven innovation, while moving earlier into the model lifecycle to strengthen oversight and collaboration with the first line. At the same time, supervisors are raising the bar on transparency and accountability for AI and third‑party models, pushing firms toward materially stronger governance frameworks that balance speed with safety Enablers Risk analytics, Modelling and Data Future Risk Analytics will leverage modularized toolkit powered by centralised data assets, and expand insights by harnessing unstructured big data for stronger predictive power Successful Risk functions will industrialize analytics by building centralized toolkits with standardized code modules that can be reused across multiple use cases, all powered by centralized data assets that act as a single “golden source” for the entire analytical suite Risk specialists will then harness GenAI to accelerate documentation, code generation, and peer reviews, shifting time from manual effort to deeper analysis and faster decisioning In parallel, the function will broaden its data universe by incorporating unstructured big data to materially strengthen predictive power, improving the accuracy, timeliness, and relevance of insights delivered to the business Talent The future Risk workforce will blend critical thinking, tech savvy, and risk intuition, while winning talent through diverse experiences, agile work styles, cutting-edge tech, strong culture, and inspiring leadership To build the risk function of the future, CROs must cultivate a more well‑rounded cadre of professionals, combining critical thinking, a big‑picture perspective, risk intuition, and strong technology literacy and analytics, while competing effectively in the war for talent by offering diverse experiences, more agile ways of working, advanced tooling, a strong, lived culture, and thoughtful leadership that inspires and retains new generations of risk experts In sum, the Risk function’s next chapter will be defined by its ability to simultaneously elevate customer experience, withstand systemic shocks, operationalize climate risk, and master AI, while preserving the integrity of core “trust functions” through disciplined oversight and human judgment. As governance evolves toward a pragmatic equilibrium across the lines of defence, with agile, FinTech‑inspired practices and a lived risk culture, Risk will increasingly act as the bank’s protector of truth, ensuring reliable, auditable decisioning in a more volatile world. Credit will transition toward integrated, real‑time, human‑AI systems that expand automated decisioning without sacrificing outcome quality; NFR and Compliance will become proactive, real‑time control engines; and Model Risk will shift from gatekeeper to catalyst, enabling safe, transparent AI at scale. Underpinning this transformation, centralized data assets, modular analytics, and GenAI‑accelerated workflows will industrialize insight generation, while unstructured data broadens the field of vision. Ultimately, success will hinge on talent i.e., blending critical thinking, risk intuition, and technology literacy, supported by inspiring leadership and agile ways of working. Those banks that commit early, invest thoughtfully, and embed these capabilities end‑to‑end will not only manage risk more effectively; they will compete and differentiate in the decade ahead

  • With the global economy entering what can only be described as a critical inflection point, particularly in terms of trade, institutions are mobilising to better understand how the recent upending of trading relations will impact either lending portfolios or operations in the short term, and impacts of the shifting geopolitical landscape in the longer term. Join the discussion and compare notes on how your peers are managing these novel risks

    12 12
    12 Topics
    12 Posts
    Since we wrote about geopolitical risk last year, we have seen industry practice evolve and we felt an update is warranted. Over the past six months, geopolitical risk has evolved from a peripheral factor to a structural dimension of enterprise risk management. Across client engagements in Europe, the US, and APAC, we observe a clear shift: leading banks are beginning to treat geopolitical uncertainty not just as a backdrop to macroeconomic scenarios or part of the Country Risk Teams, but as a direct risk driver. The change is being accelerated by supervisory focus—particularly in Europe. Institutions are expected to treat geopolitical developments as a material influence on their risk profile, both from a financial and non-financial perspective. The ECB has elevated this expectation as part of its core supervisory agenda for 2025–2027, which is already shaping risk steering discussions at board level. At a practical level, we see three main developments gaining traction: Geopolitical risk is becoming multi-dimensional. It's no longer confined to sovereign credit or country risk. The emerging practice is clear: geopolitical risk must be treated not as a siloed topic, but as a cross-cutting input into enterprise steering—from risk appetite to capital strategy, from third-party governance to digital infrastructure planning. Operational exposure is moving to the forefront. With increasing tension in global trade, the resilience of core operations—especially IT and critical vendor networks—is under renewed scrutiny. Cybersecurity, cloud sovereignty, and compliance with regional digital sovereignty laws (e.g. DORA) are now viewed through a geopolitical lens. Risk management approaches are becoming more forward-thinking. Rather than waiting for events to materialize, banks are building structured response capabilities based on scenario analysis, cross-functional simulations, and targeted early-warning frameworks. In conversations with risk and strategy executives across global banks, a common theme is emerging: the need to move from fragmented, reactive risk tracking to a coherent and mature, cross-functional framework that embeds geopolitical thinking into core risk processes. [image: 1753805641026-d0f2aaf0-a352-4ff7-9158-5d46bf252bce-image.png] Figure 1: Oliver Wyman Geopolitical Risk Management Framework While practices vary widely, two elements are consistently present among institutions leading the field, which we describe below: top-down portfolio scans for geopolitical sensitivity, and crisis simulation. Top-Down Portfolio Scans for Geopolitical Sensitivity Before banks can simulate or plan for geopolitical disruption, they need clarity on where they are most exposed. That requires a structured, top-down portfolio view—not just of credit and market exposures, but of operational and third-party dependencies that could be vulnerable to geopolitical shifts. Risk measurement and quantification have also made progress, where top-down portfolio analysis is typically the starting point to prioritize efforts across the existing risk types. When starting with the analysis, the selection of portfolio scope is the first determinant. Peers are typically starting with the lending, securities and deposits portfolio on group level. When defining the scenarios for the portfolio assessment institutions employ a small set of intuitive, high-level geopolitical risk scenarios such as increasing trade and investment restrictions. The portfolio segmentation is analyzed for vulnerability to 1st and selected 2nd order effects (especially energy / commodity prices and supply chain disruptions). For the top-down portfolio assessment, most institutions conduct a qualitative impact assessment, clearly identifying relevant risk drivers for the respective primary risk types. Multi-format crisis simulation Once sensitive exposure areas are identified, banks can run simulations to assess how geopolitical events would affect their operations, risk profile, and strategic posture. This is no longer a theoretical exercise. Take the energy-related grid shutdown in Spain, Portugal and France earlier this year. While the root causes were not directly geopolitical, the systemic impact mirrored what could happen in a true geopolitical escalation—forcing multiple banks to activate contingency procedures, reroute processing, and adjust liquidity buffers in real-time. Crisis simulations with geopolitical triggers serve three key purposes: They test multi-dimensional resilience—from financial metrics (capital, liquidity) to operational continuity and reputational response; They sharpen cross-functional preparedness: involving risk, IT, legal, communications, and business continuity teams in a coordinated stress response; and They surface second- and third-order effects—such as delays in reporting due to system outages, failure of key vendors in conflict regions, or jurisdictional clashes over regulatory compliance Depending on the institution’s maturity and exposure, a range of simulation formats is currently being used, from tabletop exercises for initial risk awareness and coordination, through war-gaming scenarios that simulate adversarial moves across regulatory or geopolitical dimensions, all the way to full-scale crisis simulations, including real-time decision-making, interdepartmental coordination, and post-mortem analysis. We are experiencing a new wave of tariff announcements and conflict in the Middle East. While short-term uncertainty may dominate headlines, leading institutions treat it as a catalyst for deliberate, long-term positioning. Key structural shifts—around global alignment, digital sovereignty, and economic fragmentation—require active engagement and banks are using this phase to start building lasting resilience through governance, scenario design, and strategic alignment.

  • The dedicated space to converse with peers and our experts on all aspects of credit risk, from the technicalities of modelling using internal approaches, credit decisioning and underwriting, credit risk appetite, governance and monitoring, provisioning, and regulatory requirements

    39 102
    39 Topics
    102 Posts
    Is there anyone using AI for credit-risk documentation, monitoring. Our view is it creates generic fluff but since doesnt have full access to credit regulations, full set of models, policies, the answers almost always need rewrite again. If someone trains an internal llm on a set of procedures, documents, it might work, but we dont have budget to test this

  • Recent years has seen the Treasury shoot up the agenda given the length of time the sector had operated in much more benign interest rate conditions. Sector turmoil in 2023 prompted supervisors and banks alike to ensure their ALM, liquidity, and interest rate risk capabilities were adequate for new rate realities. Discover the latest in our dedicated Treasury channel

    7 7
    7 Topics
    7 Posts
    CFO functions across institutions (and indeed, across industries) share common pain points (data, regulatory overload, change fatigue, etc.) at a time when they face significant cost challenges – especially as the CFO is expected to lead by example within the organisation How do you choose between the effectiveness and efficiency of the Finance function? We believe this is the wrong question, a false trade-off. The best-in-class Finance functions can achieve greater effectiveness and efficiency in tandem In our latest OW Treasures, we explore how to tackle this challenge and drive the Finance of the Future - we’d love to hear your thoughts [image: 1759315911785-c6888084-1e94-4277-8961-fe7ddb7a07a0-image-resized.png]

  • The channel for all areas pertaining to the ability of institutions to deliver critical operations through disruption, comprising of prudential risk frameworks, internal governance, outsourcing, business continuity and crisis response. Recent years has seen much more scrutiny on the reliance of institutions on technology and third parties, with the former very much on the supervisory agenda, perhaps most explicitly embodied with the advent of the Digital Operational Resilience Act (DORA) in Europe

    0 0
    0 Topics
    0 Posts
    No new posts.

  • With an increasingly complex and interlinked risk landscape, comes an equally complex, corresponding regulatory framework, and it's no surprise how high up regulatory compliance now features on the bank agenda. Check in with your peers on the issues driving this key risk management capability, including compliance operating model, regulatory horizon scanning, and financial crime compliance

    5 15
    5 Topics
    15 Posts
    I’d say best practice is to have a single taxonomy, which covers both Compliance and Operational Risk. They are often separate L1 risks, and the sub-risks within Compliance are often not aligned with the ORX structure, but rather speak to compliance-related risks (such as market conduct, customer / client protection, conduct, privacy, prudential & bank administration).

  • Channel dedicated to discussion on the supervisory and societal expectations driving banks to meet their sustainability goals, by embedding ESG criteria into enterprise risk management frameworks to address climate-related and social risks, as well as financial institution's climate risk stress testing capabilities, and disclosure requirements

    2 4
    2 Topics
    4 Posts
    @OP In my experience, it typically depends on the bank's approach to the override: Pre-calibration would typically be included if they are trying to include is as an statistical predictor of risk: i.e. you have some historical information that help you calibrate the specific weight and you only include the override if it increases the predictive ability of the model Post-calibration if they want it to be a “penalization” mechanism for management (however this will not be fully compliant with EBA calibration guidelines for the use of overrides in IRB models)

  • From supervisory exercises, to internal scenario-planning, crisis simulation and war gaming, stress testing has become an established, post-GFC, risk management tool that institutions are expected to have in place in order to demonstrate the sustainability of their business model and ensure ongoing confidence in the bank. Discover the latest on stress testing in our dedicated channel

    2 2
    2 Topics
    2 Posts
    In the context of the 2025 EBA Stress Testing exercise we’ve convened our sixth EBA Stress Test industry roundtable, involving representatives from 25 of the largest European banking institutions across ten countries. While each bank is looking to approach the stress testing exercise from its own unique perspective, we’ve found that two common trends seemed to emerge: Banks expect the anticipated depletion of the Common Equity Tier 1 (CET1) ratio under adverse scenarios to align closely with the outcomes seen in 2023. Banks see the operational complexity of the exercise as their main challenge. Participants were concerned about potential CRR3 re-statements (particularly the difficulty in accurately projecting a CRR3 Fully Loaded framework that incorporates all CRR3 phase-ins expected by 2032) as well as the need for top-down calculations to estimate CRR3 compliant RWAs, which could complicate reconciliation efforts and impact result accuracy. Other concerns raised by participants included the new timeline and significant changes to Quality Assurance processes - especially regarding potential on-site visits and inspections by the European Central Bank (ECB) - and the unpredictability of the new Net Interest Income (NII) platform and Quality Assurance machinery, which banks believe leaves them with less control over projections and adds to the uncertainty of the exercise. Overall, it was insightful to see how given the inherent complexity of the exercise participants agreed on the need for thorough upfront preparation and a robust end-to-end stress testing infrastructure as conditions to success. What are the main concerns at your organisation? How do you feel your competitors will react to EBA’s requirements for this year’s stress testing? Graphics: How Oliver Wyman supports Financial Institutions carry out stress testing: [image: 1742826199933-cc0303ff-d517-49f9-b22c-e6d2071f1964-image.png]

  • Whilst dedicated risk management for the development, monitoring and validation of risk models has been long established, the advances in technology, analytics and data driving the banking industry has promoted such model risk frameworks to be updated and enhanced accordingly. Discover the latest impacting your peers across the model lifecycle - model definition, model vs non-model scope, validation, monitoring, periodic review, model risk reporting and governance

    10 27
    10 Topics
    27 Posts
    [image: 1760030643277-picutre.jpg.png] On 9th October 2025 we held our latest RiskBowl Live roundtable with participants from 10 banks and building societies, alongside two of our senior advisors: Colin Jennings (ex-PRA and ex-CRO) and Lukasz Szpruch (The Alan Turing Institute). This roundtable brought together senior heads of Model Risk Management to take stock of where banks are on managing the model risk of AI and discuss their convergence towards full compliance with SS1/23. The discussion confirmed a common trajectory: an early phase of AI modelling experimentation has exposed structural gaps — in taxonomy, inventory management, model monitoring and validation — that now require a coordinated effort to make bank-wide AI use safe, auditable and scalable across firms. Firms have welcomed the clarity and the heightened stature of Model Risk in the firm’s risk taxonomy, and are using its guiding principles to coordinate said effort. Key takeaways from the discussion are presented below: Managing the model risk of AI • Experimentation to consolidation: participants described an early period of numerous disjointed pilots and recommend grouping similar use cases to scale efficiently rather than proliferate ad hoc AI projects • Use case specific governance: high risk algorithmic/decisioning use cases require materially different controls from low risk productivity tools; a one size governance model is insufficient • New tech stack & MRM implications: generative AI brings dependencies that must be formally approved and governed. These create integration and approval work that traditional MRM processes were not designed to cover. • Skills and vendor risk gaps: many teams or vendors originate outside banking and lack knowledge of bank’s processes, compliance expectations, and model lifecycle controls; stronger third party standards and onboarding are needed • Model classification ambiguity: simple assistive tools (e.g., grammar correction) may fall outside current model definitions, while some AI systems sit partially within model risk remit—creating uncertainty about monitoring and ownership • Committee and oversight design: avoid duplication of oversight bodies — firms must clarify roles between existing model risk committees and any AI monitoring forums • Quantitative monitoring and human AI controls: firms want monitoring frameworks capturing model and human performance, with defined escalation triggers and the ability to switch to automated testing based on scale and level of risk Convergence towards compliance with SS1/23 • Raised standards and visibility: SS1/23 has driven broader Model Risk visibility within firms and heightened board awareness • Material operational uplift: documenting and managing additional models and DQMs in scope is increasing resourcing and cost materially — firms reported significant headcount increase and process redevelopment • Definition and scope tensions: debate continues on what counts as a model (quantitative, deterministic, qualitative outputs, agentic behaviours) and on incentives to classify or de classify to manage control and operational burden • Validation and ownership challenges: validating qualitative and AI enabled outputs is resource intensive; teams need clarity on who conducts testing (first line, MRM, or specialist validation units) and on practical monitoring cadences • Ongoing dialogue required: participants agreed continued cross firm engagement and proactive regulatory conversations are necessary to align interpretations and reduce operational fragmentation between firms and subsidiaries Cem Dedeaga Partner, Head of Risk Modelling UK&I cem.dedeaga@oliverwyman.com Matias Coggiola Senior Manager, MRM lead matias.coggiola@oliverwyman.com Download the above as PDF by clicking on the link here: 20251009_MRM_Roundtable_Summary_vF.pdf

  • Organisational culture has long been recognized as a key component of risk-taking and risk-adverse behaviours, making it an important dimension underpinning the overall effectiveness of risk management more broadly within an organisation. Use this dedicated space for more discussion on methodologies, values, and behaviours within an organization that shape its approach to risk management and overall awareness and understanding of risk

    2 6
    2 Topics
    6 Posts
    Hi RisbOWl community. I have been thinking lately about the dynamics of the working relationship with 2nd and 3 LOD from a 1LoD perspective. While there is much talk about these dynamics from a high-level, ERM or governance perspective, those of us who are in involved more on the day to day interactions need to make sure we 'walk the talk'. While clear, continued communication is key, I have found the use of shared resources (such as evidence repositories, plans, collaborative query logs, etc) have really made a difference in the relationship we have built with our validators in the second line of defence. What does the community think about common techniques for increasing cross-line of defence productivity. Thank you in advance.

  • With as much change in the risk landscape and operating environment, discover insights and discussion on how developments in data and analytics are impacting risk functions, including deployment of AI, regulatory pressures such as BCBS239

    3 6
    3 Topics
    6 Posts
    Lights, Camera, Compliance! Imagine you’re in a high-stakes thriller, much like Inception. Just as Cobb and his team navigate complex dream layers, banks and financial institutions today are navigating the intricate layers of BCBS 239. But instead of dreams, they’re dealing with data and the regulation that aims to enhance risk data aggregation and reporting capabilities. What is BCBS 239? At its core, BCBS 239, introduced by the Basel Committee on Banking Supervision, is a set of principles designed to ensure that banks can effectively manage risk through accurate and timely data reporting. Think of it as the ultimate guide for navigating the labyrinth of financial data, ensuring that institutions can make informed decisions and respond swiftly to crises. The Challenges: A Real-Life Drama However, just like in a good movie, the path to compliance is fraught with challenges. Here are a few key hurdles that institutions face: Data Silos: Many banks operate with fragmented data systems, akin to a band struggling to harmonize. Each department has its own version of the truth, making it difficult to achieve a cohesive view of risk exposure Legacy Systems: Picture a classic car that’s seen better days. Many institutions rely on outdated technology that hampers their ability to aggregate and report data efficiently, making compliance feel like an uphill battle Cultural Resistance: Change is hard, much like a character in a romantic comedy who refuses to acknowledge their feelings. Employees may resist new processes and technologies, fearing disruption to their routine Regulatory Complexity: The regulatory landscape is constantly evolving, much like the plot twists in a suspense thriller. Keeping up with these changes requires agility and foresight, which can be a daunting task for many organizations. The Road Ahead So, how can institutions turn this potential drama into a success story? Here are a few actionable steps Invest in Technology: Embrace modern data management solutions that break down silos and streamline reporting processes. Foster a Culture of Compliance: Engage employees at all levels, emphasizing the importance of accurate data for decision-making and risk management. Stay Agile: Regularly review and adapt to regulatory changes, ensuring that your compliance strategies remain robust and effective. While BCBS 239 presents its challenges, it also offers an opportunity for banks to enhance their risk management frameworks. By embracing the journey with the right tools and mindset, institutions can transform compliance from a burden into a strategic advantage. Let’s continue this conversation! What challenges have you faced in navigating BCBS 239? How have you overcome them? Share your thoughts below!

  • Got a question? Ask away!

    0 0
    0 Topics
    0 Posts
    No new posts.
Terms of Use Privacy Notice Cookie Notice Manage Cookies