Emerging risks in financial services

The financial services industry is evolving rapidly due to technological advancements, regulatory changes, and shifting consumer expectations. These developments create emerging risks that you can’t control, making it difficult to anticipate the impact on your business. We share three tips to help you manage emerging risks more efficiently and effectively to impact decision-making.

Gaining deeper insight into your future operating environment starts with an understanding of emerging risks. These can be viewed as new risks or familiar risks that surface in new or unfamiliar conditions, making the likelihood and impact on the business difficult to establish. These are typically borne from global or macro trends and geopolitical developments, which tend to be beyond a firm’s capacity to control, for example, developments on tariffs and sanctions.

Our experience shows that recognising the challenges and the inevitable uncertainty is relatively easy. A wide range of sources can be used to identify emerging risks and help businesses improve their readiness in case those risks materialise. Most financial service businesses have defined emerging risk processes, and often, emerging risks are an agenda item for senior management or boards.

And yet, we often hear from CROs that emerging risk processes could be a lot more effective or efficient. Could this be the ultimate frontier of risk management?

While sources of emerging risk and methodologies are tried and tested, they will not necessarily focus on your business. This means that the interconnected nature of emerging risks, which is driven largely by the nature of your business, will not be considered. Emerging risks often depend on the art of expert judgement, rather than the science of modelling.

The challenge is making these methodologies and processes work for you, to achieve a shared understanding of emerging risks and generate value by supporting the business in achieving its commercial objectives. The key question remains: how?

We’ve summarised three tips aimed at enhancing the maturity of emerging risk management.

Clarify roles and responsibilities
It may seem obvious, but roles and responsibilities for emerging risks, especially those of the board and the business, are often not as clear as they could be or are not consistently implemented.
This means that the emerging risk process can be overly reliant on the risk function, making the management of emerging risks more challenging. Unless there is clear ownership, people and functions will typically assume it is someone else’s problem. Clarifying the role of the business in emerging risks can mean that it is increasingly motivated, for example, to monitor emerging risks more frequently, to escalate concerns, and to deliver timely actions.
Ensure adequate business stakeholder engagement
There are a multitude of sources of emerging risks, and simply repeating generic themes is unlikely to add value; instead, it may make it more difficult to see the wood for the trees. The initial challenge is identifying how generic emerging risks are relevant to the business, for example, which emerging risks can impair the business's ability to achieve its objectives. This requires business input.
The next challenge is the uncertainty about impact and likelihood. While the uncertainty can be reduced, it may not be possible to be definitive about the outcome of an emerging risk. If so, it is useful to avoid developing defined paths and focus on scenarios about the potential outcome. If it is difficult to estimate likelihood or impact, then you can fix one and explore the ‘so what’. For example, undertaking a pre-mortem that assumes that the emerging risk has materialised and consideration of the impacts, responses and what could have been done to reduce or avoid the scenario and its impacts.
These approaches make it easier for the business to engage with emerging risks, to share the analysis, and translate emerging risk into tangible actions.
‘Use-test’
The ‘use test’ is usually mentioned in the context of an internal model, but it is also very relevant to emerging risks. A risk function that just identifies and logs emerging risks does little to enable the use of emerging risk in support of business decision-making.
The ‘use-test’ requires engaging with the business in terms of working up impacts and then feeding the outcomes through risk and governance processes to ensure that the headwinds and opportunities are considered. This could be through:
- the business planning process, by influencing the decisions about opportunities and resourcing
- the Own Risk and Solvency Assessment (ORSA) process, by influencing the forward-looking view of risks that the business is managing.
Given the ultimate board accountability for these processes, a use-test perspective ensures that emerging risks attract the appropriate board and stakeholder engagement and maximise the return on investment.

Management of emerging risks is one aspect of risk management, and enhancing the maturity of this process supports enhancing the efficiency and effectiveness of risk management. This does not mean adding more complexity. Instead, clarifying roles and responsibilities, securing the appropriate business engagement, and integrating the emerging risk process into broader risk and governance frameworks will go a long way to significantly enhance the maturity of emerging risk management.

Our consulting team applies a pragmatic approach based on your business model and circumstances. Please get in touch with your usual Crowe contact for more information.