[image: colorfulbackground.png] Following the success of our first RiskBowl Live session on wholesale credit risk modelling, we are delighted to announce our second get together on Model Risk & AI, to be held in late September 2025 A moderated roundtable for Model Risk industry leaders to be held our Marylebone offices to share perspectives and discuss pressing topics under Chatham House Rules. Spaces are limited, so reach out to book your place

Conversations with our clients reveal the imperative of realizing the benefits from the promise of digitally transforming credit decisioning and lending journeys, driven by the need to control bank costs and retain customer loyalty in the face of competition from more nimble, digitally-native banks To better understand current trajectories in the lending transformation space, Oliver Wyman conducted a survey of banks across several markets, looking at the overarching burning platform, budgets, barriers to transformation, data, analytics, underlying technology, customer management, and organisational setup. In summary, our high-level, selected findings indicate Lending transformation is a high priority topic, with participants sequencing Retail and SME first in their lending transformation programs Respondents see the traditional incumbent breakthrough as the biggest competitive threat over the new fintech challenger looming on the horizon Decisioning time, revenue growth and cost reduction cited as top 3 benefits, whilst expected uplift is highest for customer experience Budget for lending allocation is approached on program level or on individual level, with very few respondents approaching it as a strategic objective Most budget is spent on customer journeys, internal workflows and underlying IT infrastructure rather than analytics capabilities [image: 1732202451766-lending-transformation-survey-infographic.png] Reach out for more insight, but we’d be keen to hear from the RiskbOWl community how this stacks up against your lending transformation program – post your thoughts below !

Welcome back to Risky Business, in which we take you through some of the headlines impacting the banking industry. Read on to hear how tariff-driven uncertainty prompts warning from regulators and banks alike of persisting volatility, rising RWA and provisions, prompting calls to remain vigilant or tempering risk-taking activities; also reported recently are alleged signs of waning focus on climate risk and ESG, at banks and the Bank of England. Feel free to give us your take on the stories, below the line Rising RWAs prompt EBA warning The Banker The European Banking Authority (EBA) has issued a warning about the significant rise in European banks' risk-weighted assets, which reached €9.8 trillion in 2024, due to escalating geopolitical tensions and cyber threats. The EBA emphasizes that banks in the European Economic Area are highly vulnerable to these geopolitical developments, which can impact not only credit risk but also market, liquidity, and operational risks, including cybersecurity issues. This alert underscores the need for increased vigilance among banks to manage these looming risks effectively International trade volatility drives provisions S&P In the first quarter, European banks experienced an 18% year-over-year increase in loan loss provisions, amounting to €11.48 billion, driven by uncertainties in international trade policies that threaten asset quality. The European Central Bank's Financial Stability Review highlighted concerns over rising nonperforming loans and provisioning costs, particularly affecting banks with significant exposure to extra-EU trade sectors. Notably, Barclays and Lloyds Banking Group saw substantial increases in provisions due to macroeconomic uncertainties and tariff risks, while UniCredit and Groupe BPCE reported the largest quarterly rises in problem loan ratios Stagflation warnings from JP Morgan City AM JPMorgan Chase has issued a warning that the US economy might face a threat more severe than a recession, known as stagflation, characterized by simultaneous high inflation and stagnant economic growth. The bank's CEO, Jamie Dimon, expressed concerns over the potential negative impacts of recent aggressive trade policies, including US tariffs, which could hinder economic growth despite a recent stock market rally. Dimon urged caution, highlighting that global fiscal deficits, remilitarization, and trade restructuring are all contributing to inflationary pressures that could lead to economic instability UK banks chastised for lack of risk appetite for green finance FT A senior executive at the UK's National Wealth Fund has criticized UK banks and money managers for their insufficient risk appetite necessary to drive the low-carbon transition. Ian Brown, head of banking and investments, emphasized that private sector involvement is crucial for achieving Britain's net-zero targets, as relying solely on public funds is impractical. Despite Barclays' efforts in financing climate tech startups, Brown noted that institutional investors remain overly cautious, focusing on established technologies rather than taking construction and technology risks Bank of England staff depart after downgrade of climate risk FT The Bank of England has shifted its focus away from climate and nature risk since Andrew Bailey became governor, leading to concerns that the financial sector may be under prepared for these issues, according to ex-BoE staff. Despite the UK having legally binding targets for net-zero carbon emissions by 2050, the BoE has faced criticism from former staff and think tanks for downgrading climate change in its priorities. There are mixed messages from government officials about prioritizing growth over climate objectives, which has affected the BoE's technical risk-modelling capacity Goldman tempers risk-taking in expectation of tariff-fueled uncertainty Reuters Goldman Sachs has strategically reduced its risk exposure following US President Donald Trump's tariff announcement, preparing for increased uncertainty in financial markets. Despite these measures, Goldman remains active in absorbing client risks while adapting its operations to maintain liquidity and stability. The bank anticipates continued adjustment in areas such as capital spending and mergers, with the US economy showing resilience amid concerns regarding fiscal deficits and interest rate trajectories

Since we wrote about geopolitical risk last year, we have seen industry practice evolve and we felt an update is warranted. Over the past six months, geopolitical risk has evolved from a peripheral factor to a structural dimension of enterprise risk management. Across client engagements in Europe, the US, and APAC, we observe a clear shift: leading banks are beginning to treat geopolitical uncertainty not just as a backdrop to macroeconomic scenarios or part of the Country Risk Teams, but as a direct risk driver. The change is being accelerated by supervisory focus—particularly in Europe. Institutions are expected to treat geopolitical developments as a material influence on their risk profile, both from a financial and non-financial perspective. The ECB has elevated this expectation as part of its core supervisory agenda for 2025–2027, which is already shaping risk steering discussions at board level. At a practical level, we see three main developments gaining traction: Geopolitical risk is becoming multi-dimensional. It's no longer confined to sovereign credit or country risk. The emerging practice is clear: geopolitical risk must be treated not as a siloed topic, but as a cross-cutting input into enterprise steering—from risk appetite to capital strategy, from third-party governance to digital infrastructure planning. Operational exposure is moving to the forefront. With increasing tension in global trade, the resilience of core operations—especially IT and critical vendor networks—is under renewed scrutiny. Cybersecurity, cloud sovereignty, and compliance with regional digital sovereignty laws (e.g. DORA) are now viewed through a geopolitical lens. Risk management approaches are becoming more forward-thinking. Rather than waiting for events to materialize, banks are building structured response capabilities based on scenario analysis, cross-functional simulations, and targeted early-warning frameworks. In conversations with risk and strategy executives across global banks, a common theme is emerging: the need to move from fragmented, reactive risk tracking to a coherent and mature, cross-functional framework that embeds geopolitical thinking into core risk processes. [image: 1753805641026-d0f2aaf0-a352-4ff7-9158-5d46bf252bce-image.png] Figure 1: Oliver Wyman Geopolitical Risk Management Framework While practices vary widely, two elements are consistently present among institutions leading the field, which we describe below: top-down portfolio scans for geopolitical sensitivity, and crisis simulation. Top-Down Portfolio Scans for Geopolitical Sensitivity Before banks can simulate or plan for geopolitical disruption, they need clarity on where they are most exposed. That requires a structured, top-down portfolio view—not just of credit and market exposures, but of operational and third-party dependencies that could be vulnerable to geopolitical shifts. Risk measurement and quantification have also made progress, where top-down portfolio analysis is typically the starting point to prioritize efforts across the existing risk types. When starting with the analysis, the selection of portfolio scope is the first determinant. Peers are typically starting with the lending, securities and deposits portfolio on group level. When defining the scenarios for the portfolio assessment institutions employ a small set of intuitive, high-level geopolitical risk scenarios such as increasing trade and investment restrictions. The portfolio segmentation is analyzed for vulnerability to 1st and selected 2nd order effects (especially energy / commodity prices and supply chain disruptions). For the top-down portfolio assessment, most institutions conduct a qualitative impact assessment, clearly identifying relevant risk drivers for the respective primary risk types. Multi-format crisis simulation Once sensitive exposure areas are identified, banks can run simulations to assess how geopolitical events would affect their operations, risk profile, and strategic posture. This is no longer a theoretical exercise. Take the energy-related grid shutdown in Spain, Portugal and France earlier this year. While the root causes were not directly geopolitical, the systemic impact mirrored what could happen in a true geopolitical escalation—forcing multiple banks to activate contingency procedures, reroute processing, and adjust liquidity buffers in real-time. Crisis simulations with geopolitical triggers serve three key purposes: They test multi-dimensional resilience—from financial metrics (capital, liquidity) to operational continuity and reputational response; They sharpen cross-functional preparedness: involving risk, IT, legal, communications, and business continuity teams in a coordinated stress response; and They surface second- and third-order effects—such as delays in reporting due to system outages, failure of key vendors in conflict regions, or jurisdictional clashes over regulatory compliance Depending on the institution’s maturity and exposure, a range of simulation formats is currently being used, from tabletop exercises for initial risk awareness and coordination, through war-gaming scenarios that simulate adversarial moves across regulatory or geopolitical dimensions, all the way to full-scale crisis simulations, including real-time decision-making, interdepartmental coordination, and post-mortem analysis. We are experiencing a new wave of tariff announcements and conflict in the Middle East. While short-term uncertainty may dominate headlines, leading institutions treat it as a catalyst for deliberate, long-term positioning. Key structural shifts—around global alignment, digital sovereignty, and economic fragmentation—require active engagement and banks are using this phase to start building lasting resilience through governance, scenario design, and strategic alignment.

RiskBowl Live - Wholesale Credit Risk Modelling Roundtable London, 30th June The inaugural session of our Oliver Wyman-moderated RiskBowl Live series brought together senior risk and modelling practitioners from the UK's largest banks. It was well-received by the attendees, which also included our guest attendee, Colin Jennings (senior ex-PRA, industry practitioner). The discussion covered the finer points of current industry trends and practices of wholesale credit risk modelling, from more the general points, such as supervisory interactions, scales of IRB usage, and model implementation, to more segment specific questions for corporate, bank, and NBFI exposures. Whilst we covered lots of ground, there were still many topics that we ran out of time to discuss that we will aim to cover at the next iteration of RiskBowl Live in November - reach out if you'd like to participate. High-level Roundtable discussion summary General IRB topics Interaction with the Regulator Firms do not have a clear view of PRA’s expectations on whether a model needs to be formally withdrawn or can be remediated (for example, approved with obligations similar to the ECB’s approach) In general, models that have fewer issues are open for remediation, but in practice, banks have much more to do a lot given the moving target It was noted that this stance may evolve with the PRA’s formal “minded to approve” approach, e.g., as they have done with mortgages models An additional accelerator is the increased 2LoD responsibility - due to higher submission volumes, the ECB is allowing model validation teams to close lower severity findings (F1, F2) without further escalation Raising the bar on IRB usage, including the F-IRB reversion Several banks outlined a significant simplification of their modelling landscape over the last couple of years Multiple institutions are evaluating F-IRB reversion for entire asset classes, contingent upon business case justification (especially where unsecured exposures are more prevalent) It was emphasised that, consistent with CRR Article 494(d), reversion must apply to the whole asset class (or e.g., fully for the non-retail part of SME) Model Implementation The benefits of shadow implementation were discussed, including the ability to gather business feedback and provide evidence of use test Although shadow implementation is a regulatory requirement under the ECB framework, its adoption for wholesale models in the UK remains limited Segment specific questions - Corporates Model segmentation Historically, model segmentation has been influenced by business unit and system boundaries Regulators are softly encouraging alignment of segmentation more closely with asset class definitions Subsidiary rating and cascading Count as a single obligor if it is the same rating Credit risk officer decides if there is a support via rules (e.g., idea of an Obligor Risk Group (ORG)) LBO Approaches to modelling LBO credit risk vary across banks: Some institutions treat LBO exposures as a calibration segment within corporate models; while others develop standalone LBO models, especially when aligned with specific business lines When LBOs are included in corporate models, projected financials serve as input overrides, contributing to input override budget Segment specific questions - Banks/ NBFIs External Benchmarks (RiskCalc / Credit Benchmark) Benchmarks are primarily used to investigate and validate developed models Example of a funds modelling / calibration approach Use of expert ranking approach (experts given a list of N funds to rank from 1 to N); sample size is a balance between coverage vs fatigue of experts Van der Burgt methodology for calibration Participants mentioned that the PRA was not focused on the sampling methodology used as long as representativeness was demonstrated

After a decade of negative or zero interest rates, European economies entered a rising rate cycle in 2022. Now, as markets anticipate the beginning of an easing cycle, deposit betas are expected to catch up. The question is, are banks prepared to compete for deposits in this environment, which is unfamiliar to a whole generation of bankers? In 2024, a systematic approach to deposit management is not only a critical value driver but also a necessary defensive tool. By leveraging smart deposit management techniques, anchored on advanced analytics and operational capabilities, banks can optimise their deposit costs significantly. What actions have you taken? Where can the community help you?

For our Fed remediation plan for Sanctions, Audit was key part of the remediation plan. We submitted a full Audit “TOM” including resource model, training, risk assessment, audit testing program, and senior mgmt. reporting. There was also a layered sign off for smaller vs. golden milestones, where Audit got involved to provide design assurance vs. operational effectiveness.

@OP In my experience, it typically depends on the bank's approach to the override: Pre-calibration would typically be included if they are trying to include is as an statistical predictor of risk: i.e. you have some historical information that help you calibrate the specific weight and you only include the override if it increases the predictive ability of the model Post-calibration if they want it to be a “penalization” mechanism for management (however this will not be fully compliant with EBA calibration guidelines for the use of overrides in IRB models)

In the context of the 2025 EBA Stress Testing exercise we’ve convened our sixth EBA Stress Test industry roundtable, involving representatives from 25 of the largest European banking institutions across ten countries. While each bank is looking to approach the stress testing exercise from its own unique perspective, we’ve found that two common trends seemed to emerge: Banks expect the anticipated depletion of the Common Equity Tier 1 (CET1) ratio under adverse scenarios to align closely with the outcomes seen in 2023. Banks see the operational complexity of the exercise as their main challenge. Participants were concerned about potential CRR3 re-statements (particularly the difficulty in accurately projecting a CRR3 Fully Loaded framework that incorporates all CRR3 phase-ins expected by 2032) as well as the need for top-down calculations to estimate CRR3 compliant RWAs, which could complicate reconciliation efforts and impact result accuracy. Other concerns raised by participants included the new timeline and significant changes to Quality Assurance processes - especially regarding potential on-site visits and inspections by the European Central Bank (ECB) - and the unpredictability of the new Net Interest Income (NII) platform and Quality Assurance machinery, which banks believe leaves them with less control over projections and adds to the uncertainty of the exercise. Overall, it was insightful to see how given the inherent complexity of the exercise participants agreed on the need for thorough upfront preparation and a robust end-to-end stress testing infrastructure as conditions to success. What are the main concerns at your organisation? How do you feel your competitors will react to EBA’s requirements for this year’s stress testing? Graphics: How Oliver Wyman supports Financial Institutions carry out stress testing: [image: 1742826199933-cc0303ff-d517-49f9-b22c-e6d2071f1964-image.png]

Lots of good answers here. One tough learning from implementing this at scale is that unlike traditional ML, automated tests can only capture a small fraction of what can go wrong with GenAI. While the automated validation is necessary, it is not sufficient. We have typically needed to also develop large manual testing protocols for releases, where humans (either developers or a set of test users), attempts a mixed of predefined and new prompts, and judge the quality of the answers. Often we will uncover “issues” that are very subjective, such as the answers technically being correct but pulling from different files that we wished, or answers being less/more detailed than the average user prefers, or an entirely new file format having issues (hence not covered by tests yet), or a million other things! For one of our recent clients, we ran “hackathons” along with releases where both new and power users would try various prompts and score the output. It was incredibly helpful to identify things the tests had failed to see

Hi RisbOWl community. I have been thinking lately about the dynamics of the working relationship with 2nd and 3 LOD from a 1LoD perspective. While there is much talk about these dynamics from a high-level, ERM or governance perspective, those of us who are in involved more on the day to day interactions need to make sure we 'walk the talk'. While clear, continued communication is key, I have found the use of shared resources (such as evidence repositories, plans, collaborative query logs, etc) have really made a difference in the relationship we have built with our validators in the second line of defence. What does the community think about common techniques for increasing cross-line of defence productivity. Thank you in advance.

Lights, Camera, Compliance! Imagine you’re in a high-stakes thriller, much like Inception. Just as Cobb and his team navigate complex dream layers, banks and financial institutions today are navigating the intricate layers of BCBS 239. But instead of dreams, they’re dealing with data and the regulation that aims to enhance risk data aggregation and reporting capabilities. What is BCBS 239? At its core, BCBS 239, introduced by the Basel Committee on Banking Supervision, is a set of principles designed to ensure that banks can effectively manage risk through accurate and timely data reporting. Think of it as the ultimate guide for navigating the labyrinth of financial data, ensuring that institutions can make informed decisions and respond swiftly to crises. The Challenges: A Real-Life Drama However, just like in a good movie, the path to compliance is fraught with challenges. Here are a few key hurdles that institutions face: Data Silos: Many banks operate with fragmented data systems, akin to a band struggling to harmonize. Each department has its own version of the truth, making it difficult to achieve a cohesive view of risk exposure Legacy Systems: Picture a classic car that’s seen better days. Many institutions rely on outdated technology that hampers their ability to aggregate and report data efficiently, making compliance feel like an uphill battle Cultural Resistance: Change is hard, much like a character in a romantic comedy who refuses to acknowledge their feelings. Employees may resist new processes and technologies, fearing disruption to their routine Regulatory Complexity: The regulatory landscape is constantly evolving, much like the plot twists in a suspense thriller. Keeping up with these changes requires agility and foresight, which can be a daunting task for many organizations. The Road Ahead So, how can institutions turn this potential drama into a success story? Here are a few actionable steps Invest in Technology: Embrace modern data management solutions that break down silos and streamline reporting processes. Foster a Culture of Compliance: Engage employees at all levels, emphasizing the importance of accurate data for decision-making and risk management. Stay Agile: Regularly review and adapt to regulatory changes, ensuring that your compliance strategies remain robust and effective. While BCBS 239 presents its challenges, it also offers an opportunity for banks to enhance their risk management frameworks. By embracing the journey with the right tools and mindset, institutions can transform compliance from a burden into a strategic advantage. Let’s continue this conversation! What challenges have you faced in navigating BCBS 239? How have you overcome them? Share your thoughts below!