In the third quarter of 2023, chief risk officers around the world ranked geopolitical risk as 12th on their list of priorities for the next year, according to the 13th annual global bank risk management survey from EY and the Institute of International Finance (IIF). It occupied the same spot for their boards. By the time the 14th edition of the survey appeared in February 2025, geopolitical risk was third for chief risk officers (CROs) and second for boards, surpassed only by cybersecurity.
As long-established assumptions about international relationships and political norms have started to unravel, financial services firms have become much more attuned to the geopolitical risks that flow from their changing environment. The same is true of their supervisors. In January, the European Central Bank identified geopolitical risk as a top priority in its 2025–27 supervisory programme.
Risk management specialists interviewed for this article said supervisors are not yet being prescriptive about what firms should be doing, but they are seeking more detail about how firms are addressing this issue and what actions boards are taking. This, in turn, is prompting more urgent questions from boards to executive teams, requiring CROs to become ‘fortune tellers’, as the EY–IIF report puts it.
Framing geopolitical risk
Banks and other financial firms often frame their risk management in terms of ‘vertical risk stripes’ – specific topics such as various types of credit risk, market risk, liquidity risk, cyber and operational risks, and non-operational risks such as financial crime. Cross-cutting ‘horizontal risk drivers’ such as pandemics, climate and geopolitical risks can have impacts across some, or all, of these verticals.
In a paper published in 2023, Oliver Wyman argued that financial institutions have made progress in recent years in understanding the effects of some crosscutting risks – notably climate – on their vertical risk stripes. But less progress has been made on geopolitical risks.
If firms do not understand where the pressure points are before they start generating scenarios, they will struggle to prioritise the most serious threats Historically, geopolitical risk has often been addressed via teams focused on country risk as a subset of the credit risk function, says Mark Abrahamson, head of finance and risk for the UK and Ireland at Oliver Wyman. “What we have seen in the past 12 months has elevated this topic to a completely different level. Banks are now thinking about how to professionalise around geopolitical risk, and those models are still evolving.”
A key part of the model is to ensure that the organisation has prepared a plan of action for the immediate steps it will take when sudden crises occur. The emergence of Covid was a powerful prompt to ensure these action plans are in place. Tailored scenario planning Beyond the steps to ensure high-level preparedness, the tool that financial services firms are adopting to manage geopolitical risk is scenario planning – positing severe but plausible scenarios and working out what impact they could have on the organisation and how those risks should be managed.
Since the global financial crisis of 2008–09, regulation has stress-tested banks to check their ability to deal with specified risk scenarios. These scenarios have usually been relatively narrow and clearly defined, although more banks are starting to introduce geopolitical expertise into the scenarios that their stress-testing teams will run.
Addressing geopolitical risk effectively means understanding both the slow and fast-moving elements But effective scenario planning for geopolitical risks, which can take a huge variety of forms, presents a more complex challenge: it is simply impossible to anticipate all eventualities. When boards and executive committees are asking for assessments of new scenarios every week or two, the planning team will struggle to arrive at robust answers. This is where a focus on operational resilience and robust crisis playbooks represents an important line of defence.
In using scenario planning, organisations must resist the temptation to start from the scenarios they generate and try to map their effects back onto the business, says Nick Greenstock, CEO of Gatehouse Advisory Partners, a geopolitical risk consultancy. Instead, each firm should start by mapping its specific risk exposures, which will be determined by the scope of its activities and relationships. “Risk exposures are distinct. They’re idiosyncratic to the institution, even if it feels like they should be roughly the same,” he says.
Only when a firm understands its individual risk exposures can it usefully overlay scenarios to pinpoint where the biggest potential impacts will be felt and how they should be managed. If firms do not understand where the pressure points are before they start generating scenarios, they will struggle to prioritise the most serious threats. Nick believes the financial sector is among the most advanced in understanding where its risk exposures lie, thanks in part to increased scrutiny from financial regulators over the past 15 years.
Drawing on wider expertise In developing scenario planning capability, it is also critical to include experts from beyond the risk management function.
Andrew Duff, partner in financial services risk consulting at EY, suggests that scenario planning teams should be made up of a relatively small group of experienced people with close proximity to the business, including those with senior management responsibilities, to capture the likely operational impact of different risk scenarios. This is important in playing through the scenarios effectively from a risk management perspective, but it will also help firms to identify the opportunities that shifting geopolitical risks might present for the business. He also suggests that generative AI could be helpful in accelerating the initial generation of scenarios to feed into the planning process.
Tapping into political analysis
But is scenario planning enough to allow organisations to manage their geopolitical risks? No, says Derek Leatherdale, senior geopolitical risk adviser at the consultancy Sibylline, who set up the geopolitical risk team at HSBC after joining the bank in 2007 from a career in intelligence.
Organisations tend to turn to scenario planning as part of their response to sudden, acute geopolitical crises, Derek says – such as Russia’s invasion of Ukraine or a potential attack on Taiwan by China. But, as well as periodic shocks, geopolitical risk involves slow-moving trends that can transform a business’s prospects, he says. “It’s much longer-term, slower-burn changes to things like regulation, public policy, trade patterns and economic relationships. Scenario analysis doesn’t necessarily help you understand what the impacts of those things might be over time.”
Understanding these longer-term trends requires access to expertise in political analysis, for example, from government foreign policy experts, which institutions should be able to access through their government relations teams. However, Derek notes, very few CROs have taken even this basic step to enhance their organisation’s political antennae.
A holistic understanding
Geopolitical risk is a shapeshifter, presenting itself differently to succeeding generations. In the 1970s, it was connected most strongly with instability in the Middle East, while in the 80s and early 90s, emerging market sovereign default risk came to the fore. More recently, the rise of China and the increasing presence of right-wing groups in global politics have given it a different face. But in each case, the pattern has been one of slow-moving trends that erupt from time to time into acute crises. Addressing geopolitical risk effectively means understanding both the slow and fast-moving elements.
It may therefore be encouraging that 56% of respondents to the latest EY–IIF risk survey say they intend to enhance both their political risk assessment and scenario planning capabilities, a figure that reached 82% among those designated Global Systemically Important Banks.
However, even if the proportion were to reach 100%, the comment attributed to President Eisenhower would still apply: “Plans are useless, but planning is indispensable.” Or as Louis Pasteur put it, “Chance favours the prepared mind.”
Mark Abrahamson leads Oliver Wyman’s European Finance and Risk Practice from our London office. Combining his academic background with practical in-depth client and sector knowledge, he is passionate about supporting firms stay resilient in the face of increased complexity. His areas of focus include financial, non-financial, and compliance risk, relating to the key areas of conduct, culture, and effective governance