This site is part of the Informa Connect Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.

Risk Management
RiskMinds International

7 risks and challenges that will keep CROs and risk managers awake in 2021

Posted by on 08 January 2021
Share this article

Everyone has different goals and objectives for the year, but some trends will just be too big to ignore. Besides Covid-19, the topics that dominated RiskMinds International will continue to lead the discussions in 2021.

Climate risk and regulation

Although managing the continuous risks and fallout associated with Covid-19 will still be key in 2021, the biggest mistake risk managers could make, according to Marcus Chromik, Chief Risk Officer & Board Member, Commerzbank, would be to miss out on strategic challenges, like climate risk, which will hurt the business and the next generation.

At the end of last year, the RiskMinds community identified climate risk as the biggest risk to watch out for in 2021, with about 2 out of 3 risk managers saying that strong action against climate change is very important to them personally, and about 4 out of 10 risk managers identifying regulatory pressure as the key ESG driver.

While climate change regulation is becoming more wide-spread in South-America and across the APAC region, they are fragmented and lack harmonisation and consistency. Karel Van Hulle, Former Head of Insurance and Pensions, European Commission, told us at RiskMinds Insurance that without a universal standard, comparisons are meaningless, and Giles Fairhead, Chief Risk Officer, Pension Insurance Corporation, pointed out that without standardised reporting, financial institutions cannot improve their approaches to climate risk. Regulation will therefore be an instrumental part of FIs actions against climate change.

Tech and cyber risk

“If there was one risk that keeps me awake at night, it’s cyber risk”, Jacques Beyssade, Group Secretary General, BPCE, told us at RiskMinds International.

Although cyber risk is not a new threat on risk managers’ radar, working from home amplified and accelerated the risk. Remote working also made the roll-out of new technologies even more challenging, however, slowing down the digital transformation of the business was out of the question.

"If they halted their transformation process, they're in trouble", Nick Silitch, Senior Vice President and Chief Risk Officer, Prudential Financial, said.

New technology brings its own risks, of course. FinTech, when it first came on the scene, raised alarms, but according to Terri Duhon, Non Executive Director and Risk Chair, Morgan Stanley International, BigTech might be the bigger risk today. However, one big advantage that well-established financial institutions still have over BigTech (and FinTech) is trust.

“Trust is the name of the game”, Beyssade reminded us.

Operational risk and resilience

Change is a huge operational risk and challenge, Simon Wills, Executive Director, ORX (The Operational Risk Data Exchange Association), said. In 2020, financial institutions have been operating in much more complex environments, with operational resilience being the second biggest thing keeping risk managers most busy (behind regulations). Furthermore, because digitalisation was a key activity in 2020, and with 2 out of 5 risk managers expecting the next black swan event to happen within the next 5 years – while another 2 expecting it in 5-10 years –, operational resilience is more relevant than ever.

As a non-financial risk, however, operational risk reporting tends to be more qualitative, but there’s clearly a need to quantify it. Scenario designs are currently used for stress testing, but systems that the 1LoD are already using could be adopted, Jie Ding, Managing Director & EMEA Head of Model Risk Management, Morgan Stanley, reminded us. And while non-financial risk managers excel at identifying and assessing non-financial risks, communicating those risks and recommending courses of actions are still tricky with limited quantitative data.

Ultimately, the goal is to turn operational risk into operational resilience, Trevor Adams, Group Chief Risk Officer, Nedbank Group, said, much like cyber risk needs to become cyber resilience. However, there’s a lot that needs to be done in this area to get there.

Model risk management and resilience

Model risk is another non-financial risk, which has been impacted hugely in 2020 because some models could not handle the extreme market conditions under the Covid-19 pandemic.

“The rules of the game changed”, Thomas Wallace, Partner, Risk Dynamics, a McKinsey company, told us.

What caused the problems? What compensating controls did the modellers employ? Do the model risk teams agree with those compensating controls? What was the impact? These are some of the questions that Jing Zou, Managing Director at Enterprise Model Risk Management, Royal Bank of Canada, raised in relation to this.

But beyond the devastating impact of Covid-19, the need to quantify model risk still persists, and compliance reporting has become a key issue. Furthermore, the trend to shift from risk management to resilience is also evident in model risk.

“Historically, model risk management has been more backward looking. It’s about handling things that have come before… In the case of Covid-19, model risk management has been about responding to the crisis, rather than about preventing it in the first place”, Wallace explained.

Anticipation of crises and preparedness to low-likelihood events seem to be the key learnings from 2020, and those learnings will certainly shape the focus of risk management in 2021.

AML & financial crime

PPE scams, misinformation regarding government aids, and investment fraud were the most prominent financial crime activities in 2020, and the trends show that financial crime has been on the rise for 2-3 years now and is likely to continue to grow in the future.

“It's almost a perfect environment for fraudsters”, Matthew Dewsbury, Group Head of Investigations, HSBC, said on the RiskMinds AML & Financial Crime Focus Day, adding that social engineering techniques adapted to the digital environment well.

Under such circumstances, taking preventative measures and improving the toolkit will be key in 2021. Collaboration with law enforcement to get ahead of both amateur and organised crime will be critical, and so will cross-data sharing where it’s possible. Network analysis is still a great tool to have, but it can be improved with a better understanding of behavioural clues and amplified by AI. And last, but not least, the value of front-line staff should not be underestimated, because maintaining those customer relationships are still important.

Culture, conduct, and compliance

Given the increase in financial crime activities and changing consumer behaviour during the pandemic, the majority of financial institutions took measures to protect vulnerable customers. Joel Viney, Head of Compliance – Wealth, Santander UK, noted though, that the choice of communication methods needs to be tailored to the customers’ individual needs to ensure the message engages them well.

Meanwhile, reinforcing the right culture and conduct in remote employees has also become a key issue. Keeping social contact alive “is the biggest challenge of this pandemic”, Michal Gur Kagan, Chief Risk Officer, Migdal Insurance Company, told us, and shared her concern of informal communication, which is a big part of company culture, disappearing.

This is especially difficult for the onboarding of new team members. However, external hiring have slowed down in many companies, which in turn raised concerns over the loss of fresh ideas and the opportunity to diversify. Social governance expert Fiona McKay said that talent risk goes far beyond, because hirings tend to be based on previous experiences. In a truly diverse and inclusive environment, however, individuals’ long-term potential would be evaluated.


In 2021, 9 out of 10 risk managers believe that traditional financial risks (credit, market, liquidity risk) will continue to be concerning, with sovereign debt still being key. Furthermore, social polarisation trends and geopolitical risks will remain on the radar, along with the progression of Covid-19 and the government responses to it. About 6 out of 10 risk managers also expect new regulations to be introduced as a result of Covid-19.

“I don't think the crisis is anywhere close to done”, Jaco Grobler, Former Chief Risk Officer, FirstRand Bank, said.

Furthermore, the issues of sustainability, including climate change and diversity, are not to be ignored. 2 out of 5 risk managers said that a lot more work is needed to encourage diversity and inclusion, while 1 out of 4 said that although a lot is being done, it is difficult to do it effectively. In the future, Sarah Owen-Jones, Chief Risk Officer, Rathbones, expects to see more diverse collaboration to bring risk managers out of their silos, and that risk managers will be better equipped to understand ESG and carry out screenings more regularly.

It is generally agreed that the future holds many more challenges for this sector, so risk leaders need to be ready to act with integrity, communicate clearly, be prepared to listen to employees, and above all, stay honest.

Find out what other leadership qualities risk managers are looking for, and what they said about the industry, new risks, and more, in the latest eMagazine.

Closing banners 1180 x 220 RiskMinds eMag 2020 Q4

Share this article

Sign up for Risk Management email updates