In the third quarter of 2023, chief risk officers around the world ranked geopolitical risk as 12th on their list of priorities for the next year, according to the 13th annual global bank risk management survey from EY and the Institute of International Finance (IIF). It occupied the same spot for their boards. By the time the 14th edition of the survey appeared in February 2025, geopolitical risk was third for chief risk officers (CROs) and second for boards, surpassed only by cybersecurity.

As long-established assumptions about international relationships and political norms have started to unravel, financial services firms have become much more attuned to the geopolitical risks that flow from their changing environment. The same is true of their supervisors. In January, the European Central Bank identified geopolitical risk as a top priority in its 2025–27 supervisory programme.

Risk management specialists interviewed for this article said supervisors are not yet being prescriptive about what firms should be doing, but they are seeking more detail about how firms are addressing this issue and what actions boards are taking. This, in turn, is prompting more urgent questions from boards to executive teams, requiring CROs to become ‘fortune tellers’, as the EY–IIF report puts it.

Framing geopolitical risk
Banks and other financial firms often frame their risk management in terms of ‘vertical risk stripes’ – specific topics such as various types of credit risk, market risk, liquidity risk, cyber and operational risks, and non-operational risks such as financial crime. Cross-cutting ‘horizontal risk drivers’ such as pandemics, climate and geopolitical risks can have impacts across some, or all, of these verticals.

In a paper published in 2023, Oliver Wyman argued that financial institutions have made progress in recent years in understanding the effects of some crosscutting risks – notably climate – on their vertical risk stripes. But less progress has been made on geopolitical risks.

If firms do not understand where the pressure points are before they start generating scenarios, they will struggle to prioritise the most serious threats Historically, geopolitical risk has often been addressed via teams focused on country risk as a subset of the credit risk function, says Mark Abrahamson, head of finance and risk for the UK and Ireland at Oliver Wyman. “What we have seen in the past 12 months has elevated this topic to a completely different level. Banks are now thinking about how to professionalise around geopolitical risk, and those models are still evolving.”

A key part of the model is to ensure that the organisation has prepared a plan of action for the immediate steps it will take when sudden crises occur. The emergence of Covid was a powerful prompt to ensure these action plans are in place. Tailored scenario planning Beyond the steps to ensure high-level preparedness, the tool that financial services firms are adopting to manage geopolitical risk is scenario planning – positing severe but plausible scenarios and working out what impact they could have on the organisation and how those risks should be managed.

Since the global financial crisis of 2008–09, regulation has stress-tested banks to check their ability to deal with specified risk scenarios. These scenarios have usually been relatively narrow and clearly defined, although more banks are starting to introduce geopolitical expertise into the scenarios that their stress-testing teams will run.

Addressing geopolitical risk effectively means understanding both the slow and fast-moving elements But effective scenario planning for geopolitical risks, which can take a huge variety of forms, presents a more complex challenge: it is simply impossible to anticipate all eventualities. When boards and executive committees are asking for assessments of new scenarios every week or two, the planning team will struggle to arrive at robust answers. This is where a focus on operational resilience and robust crisis playbooks represents an important line of defence.

In using scenario planning, organisations must resist the temptation to start from the scenarios they generate and try to map their effects back onto the business, says Nick Greenstock, CEO of Gatehouse Advisory Partners, a geopolitical risk consultancy. Instead, each firm should start by mapping its specific risk exposures, which will be determined by the scope of its activities and relationships. “Risk exposures are distinct. They’re idiosyncratic to the institution, even if it feels like they should be roughly the same,” he says.

Only when a firm understands its individual risk exposures can it usefully overlay scenarios to pinpoint where the biggest potential impacts will be felt and how they should be managed. If firms do not understand where the pressure points are before they start generating scenarios, they will struggle to prioritise the most serious threats. Nick believes the financial sector is among the most advanced in understanding where its risk exposures lie, thanks in part to increased scrutiny from financial regulators over the past 15 years.

Drawing on wider expertise In developing scenario planning capability, it is also critical to include experts from beyond the risk management function.

Andrew Duff, partner in financial services risk consulting at EY, suggests that scenario planning teams should be made up of a relatively small group of experienced people with close proximity to the business, including those with senior management responsibilities, to capture the likely operational impact of different risk scenarios. This is important in playing through the scenarios effectively from a risk management perspective, but it will also help firms to identify the opportunities that shifting geopolitical risks might present for the business. He also suggests that generative AI could be helpful in accelerating the initial generation of scenarios to feed into the planning process.

Tapping into political analysis
But is scenario planning enough to allow organisations to manage their geopolitical risks? No, says Derek Leatherdale, senior geopolitical risk adviser at the consultancy Sibylline, who set up the geopolitical risk team at HSBC after joining the bank in 2007 from a career in intelligence.

Organisations tend to turn to scenario planning as part of their response to sudden, acute geopolitical crises, Derek says – such as Russia’s invasion of Ukraine or a potential attack on Taiwan by China. But, as well as periodic shocks, geopolitical risk involves slow-moving trends that can transform a business’s prospects, he says. “It’s much longer-term, slower-burn changes to things like regulation, public policy, trade patterns and economic relationships. Scenario analysis doesn’t necessarily help you understand what the impacts of those things might be over time.”

Understanding these longer-term trends requires access to expertise in political analysis, for example, from government foreign policy experts, which institutions should be able to access through their government relations teams. However, Derek notes, very few CROs have taken even this basic step to enhance their organisation’s political antennae.

A holistic understanding
Geopolitical risk is a shapeshifter, presenting itself differently to succeeding generations. In the 1970s, it was connected most strongly with instability in the Middle East, while in the 80s and early 90s, emerging market sovereign default risk came to the fore. More recently, the rise of China and the increasing presence of right-wing groups in global politics have given it a different face. But in each case, the pattern has been one of slow-moving trends that erupt from time to time into acute crises. Addressing geopolitical risk effectively means understanding both the slow and fast-moving elements.

It may therefore be encouraging that 56% of respondents to the latest EY–IIF risk survey say they intend to enhance both their political risk assessment and scenario planning capabilities, a figure that reached 82% among those designated Global Systemically Important Banks.

However, even if the proportion were to reach 100%, the comment attributed to President Eisenhower would still apply: “Plans are useless, but planning is indispensable.” Or as Louis Pasteur put it, “Chance favours the prepared mind.”

Mark Abrahamson leads Oliver Wyman’s European Finance and Risk Practice from our London office. Combining his academic background with practical in-depth client and sector knowledge, he is passionate about supporting firms stay resilient in the face of increased complexity. His areas of focus include financial, non-financial, and compliance risk, relating to the key areas of conduct, culture, and effective governance

Welcome to RiskbOWl – the first closed community of Risk professionals to share ideas and best practices

Through RiskbOWl, you will be able to anonymously ask questions, share perspectives, run targeted polls, discuss recent regulatory developments and so much more.

We are already live with the pilot, and can’t wait for you to contribute as well. But before you do, two things:

1. Security
The only way this community will work is if we keep the environment highly secure and therefore we have integrated the login with our Oliver Wyman Single-Sign-On infrastructure that we use for all client work where the information being shared is sensitive.

By now you should have received an e-mail from our IT services on how to set up your User ID on the OW Digital workbench. These are your RiskbOWl User ID and password.

For any questions regarding your account set up please e-mail: riskbowl@oliverwyman.com

2. Community rules
Remember to maintain anonymity at all times and :

i. Limit your discussion to details of methodologies (e.g. formulae or equivalent), including the relative merits of different methodologies for capital adequacy best practice.

ii. Never disclose or otherwise discuss actual input or output values used by them in respect of any methodologies.

iii. Never engage in discussion of information that relates to your institution or other’s commercial positioning or strategy.

iv. Adhere strictly to the letter and spirit of competition and antitrust laws - RiskbOWl is a space for knowledge exchange, not collusion.

We will be pre-screening all messages to start with, but depend on our community to be the first line of defense

And lastly, remember this is a pilot: we are still fixing some bits and bobs, so bear with us with any hiccups while we make RiskbOWl the best it can be!

Thank you for being part of this community. We think and hope it will transform how we share knowledge in the risk world in a timely fashion.

The RiskbOWl team

Conversations with our clients reveal the imperative of realizing the benefits from the promise of digitally transforming credit decisioning and lending journeys, driven by the need to control bank costs and retain customer loyalty in the face of competition from more nimble, digitally-native banks

To better understand current trajectories in the lending transformation space, Oliver Wyman conducted a survey of banks across several markets, looking at the overarching burning platform, budgets, barriers to transformation, data, analytics, underlying technology, customer management, and organisational setup. In summary, our high-level, selected findings indicate

Lending transformation is a high priority topic, with participants sequencing Retail and SME first in their lending transformation programs Respondents see the traditional incumbent breakthrough as the biggest competitive threat over the new fintech challenger looming on the horizon Decisioning time, revenue growth and cost reduction cited as top 3 benefits, whilst expected uplift is highest for customer experience Budget for lending allocation is approached on program level or on individual level, with very few respondents approaching it as a strategic objective Most budget is spent on customer journeys, internal workflows and underlying IT infrastructure rather than analytics capabilities

Lending transformation survey infographic.png

Reach out for more insight, but we’d be keen to hear from the RiskbOWl community how this stacks up against your lending transformation program – post your thoughts below !

Welcome back to Risky Business, in which we take you through some of the headlines impacting the banking industry. Read on to hear how tariff-driven uncertainty prompts warning from regulators and banks alike of persisting volatility, rising RWA and provisions, prompting calls to remain vigilant or tempering risk-taking activities; also reported recently are alleged signs of waning focus on climate risk and ESG, at banks and the Bank of England. Feel free to give us your take on the stories, below the line

Rising RWAs prompt EBA warning

The Banker
The European Banking Authority (EBA) has issued a warning about the significant rise in European banks' risk-weighted assets, which reached €9.8 trillion in 2024, due to escalating geopolitical tensions and cyber threats. The EBA emphasizes that banks in the European Economic Area are highly vulnerable to these geopolitical developments, which can impact not only credit risk but also market, liquidity, and operational risks, including cybersecurity issues. This alert underscores the need for increased vigilance among banks to manage these looming risks effectively

International trade volatility drives provisions

S&P
In the first quarter, European banks experienced an 18% year-over-year increase in loan loss provisions, amounting to €11.48 billion, driven by uncertainties in international trade policies that threaten asset quality. The European Central Bank's Financial Stability Review highlighted concerns over rising nonperforming loans and provisioning costs, particularly affecting banks with significant exposure to extra-EU trade sectors. Notably, Barclays and Lloyds Banking Group saw substantial increases in provisions due to macroeconomic uncertainties and tariff risks, while UniCredit and Groupe BPCE reported the largest quarterly rises in problem loan ratios

Stagflation warnings from JP Morgan

City AM
JPMorgan Chase has issued a warning that the US economy might face a threat more severe than a recession, known as stagflation, characterized by simultaneous high inflation and stagnant economic growth. The bank's CEO, Jamie Dimon, expressed concerns over the potential negative impacts of recent aggressive trade policies, including US tariffs, which could hinder economic growth despite a recent stock market rally. Dimon urged caution, highlighting that global fiscal deficits, remilitarization, and trade restructuring are all contributing to inflationary pressures that could lead to economic instability

UK banks chastised for lack of risk appetite for green finance

FT
A senior executive at the UK's National Wealth Fund has criticized UK banks and money managers for their insufficient risk appetite necessary to drive the low-carbon transition. Ian Brown, head of banking and investments, emphasized that private sector involvement is crucial for achieving Britain's net-zero targets, as relying solely on public funds is impractical. Despite Barclays' efforts in financing climate tech startups, Brown noted that institutional investors remain overly cautious, focusing on established technologies rather than taking construction and technology risks

Bank of England staff depart after downgrade of climate risk

FT
The Bank of England has shifted its focus away from climate and nature risk since Andrew Bailey became governor, leading to concerns that the financial sector may be under prepared for these issues, according to ex-BoE staff. Despite the UK having legally binding targets for net-zero carbon emissions by 2050, the BoE has faced criticism from former staff and think tanks for downgrading climate change in its priorities. There are mixed messages from government officials about prioritizing growth over climate objectives, which has affected the BoE's technical risk-modelling capacity

Goldman tempers risk-taking in expectation of tariff-fueled uncertainty

Reuters
Goldman Sachs has strategically reduced its risk exposure following US President Donald Trump's tariff announcement, preparing for increased uncertainty in financial markets. Despite these measures, Goldman remains active in absorbing client risks while adapting its operations to maintain liquidity and stability. The bank anticipates continued adjustment in areas such as capital spending and mergers, with the US economy showing resilience amid concerns regarding fiscal deficits and interest rate trajectories

I have seen that and a bit of controversy around it

Promise-to-pay on its own is not a concession… agreeing to pause the contractual dunning process & associated late-fees, however, can be easily seen as one — materiality concerns should apply here, though - banks could easily put an optional clause of ‘dunning-process & collecting/waiving late fees at sole discretion of the bank’ into the contract at which point there no longer is a concession-event vs pre-agreed optionality

Financial difficulties is where you also would want to differentiate: is a delay of 2-3 months, below 90dpd, credible auto-cure by the end really a situation of financial difficulties? Here it is easy to define materiality thresholds that pass the EBA guidelines

JST/ Inspectors I speak with are typically a bit more concerned with banks being 'laissez faire' with this, than with the actual risk. I have seen cases where the bank had no policy or controls around this and then it resulted in a finding on potential underestimation of forbearance / S2 -- proper policy writing and guidance to relationship managers should close the perceived governance gap

There is a clear understanding of bad incentives: if you punish banks for agreeing with clients in this way by enforcing a cure period that is worse than 'do nothing', it clearly creates a conflict, that should be put on the table when arguing against an overly conservative view. But careful that not all 'silent acceptance' of delays are then afterwards equated with active concessions

After a decade of negative or zero interest rates, European economies entered a rising rate cycle in 2022. Now, as markets anticipate the beginning of an easing cycle, deposit betas are expected to catch up. The question is, are banks prepared to compete for deposits in this environment, which is unfamiliar to a whole generation of bankers?

In 2024, a systematic approach to deposit management is not only a critical value driver but also a necessary defensive tool. By leveraging smart deposit management techniques, anchored on advanced analytics and operational capabilities, banks can optimise their deposit costs significantly.

What actions have you taken? Where can the community help you?

For our Fed remediation plan for Sanctions, Audit was key part of the remediation plan. We submitted a full Audit “TOM” including resource model, training, risk assessment, audit testing program, and senior mgmt. reporting. There was also a layered sign off for smaller vs. golden milestones, where Audit got involved to provide design assurance vs. operational effectiveness.

@OP

In my experience, it typically depends on the bank's approach to the override:

Pre-calibration would typically be included if they are trying to include is as an statistical predictor of risk: i.e. you have some historical information that help you calibrate the specific weight and you only include the override if it increases the predictive ability of the model

Post-calibration if they want it to be a “penalization” mechanism for management (however this will not be fully compliant with EBA calibration guidelines for the use of overrides in IRB models)

In the context of the 2025 EBA Stress Testing exercise we’ve convened our sixth EBA Stress Test industry roundtable, involving representatives from 25 of the largest European banking institutions across ten countries.

While each bank is looking to approach the stress testing exercise from its own unique perspective, we’ve found that two common trends seemed to emerge:

Banks expect the anticipated depletion of the Common Equity Tier 1 (CET1) ratio under adverse scenarios to align closely with the outcomes seen in 2023.

Banks see the operational complexity of the exercise as their main challenge. Participants were concerned about potential CRR3 re-statements (particularly the difficulty in accurately projecting a CRR3 Fully Loaded framework that incorporates all CRR3 phase-ins expected by 2032) as well as the need for top-down calculations to estimate CRR3 compliant RWAs, which could complicate reconciliation efforts and impact result accuracy.

Other concerns raised by participants included the new timeline and significant changes to Quality Assurance processes - especially regarding potential on-site visits and inspections by the European Central Bank (ECB) - and the unpredictability of the new Net Interest Income (NII) platform and Quality Assurance machinery, which banks believe leaves them with less control over projections and adds to the uncertainty of the exercise.

Overall, it was insightful to see how given the inherent complexity of the exercise participants agreed on the need for thorough upfront preparation and a robust end-to-end stress testing infrastructure as conditions to success. What are the main concerns at your organisation? How do you feel your competitors will react to EBA’s requirements for this year’s stress testing?

Graphics: How Oliver Wyman supports Financial Institutions carry out stress testing:
cc0303ff-d517-49f9-b22c-e6d2071f1964-image.png

Lots of good answers here.

One tough learning from implementing this at scale is that unlike traditional ML, automated tests can only capture a small fraction of what can go wrong with GenAI. While the automated validation is necessary, it is not sufficient.

We have typically needed to also develop large manual testing protocols for releases, where humans (either developers or a set of test users), attempts a mixed of predefined and new prompts, and judge the quality of the answers. Often we will uncover “issues” that are very subjective, such as the answers technically being correct but pulling from different files that we wished, or answers being less/more detailed than the average user prefers, or an entirely new file format having issues (hence not covered by tests yet), or a million other things!

For one of our recent clients, we ran “hackathons” along with releases where both new and power users would try various prompts and score the output. It was incredibly helpful to identify things the tests had failed to see

Hi RisbOWl community.

I have been thinking lately about the dynamics of the working relationship with 2nd and 3 LOD from a 1LoD perspective.

While there is much talk about these dynamics from a high-level, ERM or governance perspective, those of us who are in involved more on the day to day interactions need to make sure we 'walk the talk'.

While clear, continued communication is key, I have found the use of shared resources (such as evidence repositories, plans, collaborative query logs, etc) have really made a difference in the relationship we have built with our validators in the second line of defence.

What does the community think about common techniques for increasing cross-line of defence productivity.

Thank you in advance.

🎬 Lights, Camera, Compliance! 🎬
Imagine you’re in a high-stakes thriller, much like Inception.

Just as Cobb and his team navigate complex dream layers, banks and financial institutions today are navigating the intricate layers of BCBS 239. But instead of dreams, they’re dealing with data and the regulation that aims to enhance risk data aggregation and reporting capabilities.

What is BCBS 239?
At its core, BCBS 239, introduced by the Basel Committee on Banking Supervision, is a set of principles designed to ensure that banks can effectively manage risk through accurate and timely data reporting. Think of it as the ultimate guide for navigating the labyrinth of financial data, ensuring that institutions can make informed decisions and respond swiftly to crises.

The Challenges: A Real-Life Drama
However, just like in a good movie, the path to compliance is fraught with challenges. Here are a few key hurdles that institutions face:

Data Silos: Many banks operate with fragmented data systems, akin to a band struggling to harmonize. Each department has its own version of the truth, making it difficult to achieve a cohesive view of risk exposure

Legacy Systems: Picture a classic car that’s seen better days. Many institutions rely on outdated technology that hampers their ability to aggregate and report data efficiently, making compliance feel like an uphill battle

Cultural Resistance: Change is hard, much like a character in a romantic comedy who refuses to acknowledge their feelings. Employees may resist new processes and technologies, fearing disruption to their routine

Regulatory Complexity: The regulatory landscape is constantly evolving, much like the plot twists in a suspense thriller. Keeping up with these changes requires agility and foresight, which can be a daunting task for many organizations.

The Road Ahead
So, how can institutions turn this potential drama into a success story? Here are a few actionable steps

Invest in Technology: Embrace modern data management solutions that break down silos and streamline reporting processes. Foster a Culture of Compliance: Engage employees at all levels, emphasizing the importance of accurate data for decision-making and risk management. Stay Agile: Regularly review and adapt to regulatory changes, ensuring that your compliance strategies remain robust and effective.

While BCBS 239 presents its challenges, it also offers an opportunity for banks to enhance their risk management frameworks. By embracing the journey with the right tools and mindset, institutions can transform compliance from a burden into a strategic advantage.

Let’s continue this conversation! What challenges have you faced in navigating BCBS 239? How have you overcome them? Share your thoughts below! 👇