Risk management is a dynamic activity that evolves depending on the prevailing and expected business environment. The risk management process must also be adjusted to adapt quickly when significant changes occur. These changes arise from different events. A change in the national economy, for example, can compel government leaders and regulatory bodies to update rules and regulations.

A pandemic can cause business requirements to change, new competition can disrupt the existing market, and so on. Risk managers must keep themselves updated with the latest market developments and regulatory outlooks to ensure that they can prepare their financial organizations for the future.

Many financial risk executives were expecting significant regulatory changes due to the 2020 elections. As 2021 progressed, regulatory outlooks became more precise, and the second half of 2021 provided risk managers with more information to prepare for the next few years. The regulatory outlook for 2022 and beyond promised further significant changes meaning there will be new risk management issues to mitigate, new compliance requirements to fulfill, and opportunities to avail.

While it is critical to meet the expected risk challenges, it is also vital for risk managers to ensure that they provide their organizations with the stability and intelligence that can help the organization realize the opportunities that will be created and the threats that will arise.

Risk Management Process

2023’s New Risk Management Challenges

2022’s change in administration invariably increased business compliance and regulatory risks. Businesses had to reevaluate their risk assessments and mitigation strategies, considering the possibility that the new administration would revise regulatory priorities. The government is dealing with the pandemic, which will compel it to take measures and restore normalcy to the economy. Due to multiple factors, a change in the administration resulted in extraordinary changes to the regulatory framework for businesses. The Biden administration introduced several regulations for the financial industry, such as:

  • A rule to increase the transparency of investment funds’ executive compensation and other activities.
  • A rule restricting fiduciaries’ consideration of ESG factors in evaluating investment options for 401(k) plans.
  • An executive order directing research into a central bank digital currency and new regulatory actions for cryptocurrency.
  • A rule to increase transparency and competition among private investment funds.
  • A rule updating restrictions on the behaviors of debt collectors.
  • A series of policy statements providing flexibility to financial institutions during the COVID-19 pandemic.
  • A rule requiring all foreign and domestic companies publicly traded in the U.S. to disclose certain climate-related information.

The new administration is concerned about climate change and has announced that it will amend regulations to require environmental assessments as part of business evaluations. A recent Executive Order by President Biden outlined the policies and strategies that can be expected from this administration. Highlights include:

Section 1. Policy. The intensifying impacts of climate change present physical risk to assets, publicly traded securities, private investments, and companies — such as increased extreme weather risk leading to supply chain disruptions….

Sec. 2. It is, therefore, the policy of my Administration to advance consistent, clear, intelligible, comparable, and accurate disclosure of climate-related financial risk….

Sec. 3. Assessment of Climate-Related financial risk by Financial Regulators. In furtherance of the policy outlined in section 1 of this order and consistent with applicable law and subject to the availability of appropriations:

a) The Secretary of the Treasury, as the Chair of the Financial Stability Oversight Council (FSOC), shall engage with FSOC members to consider the following actions by the FSOC:

(i) assessing, in a detailed and comprehensive manner, the climate-related financial risk, including both physical and transition risks, to the financial stability of the Federal Government and the stability of the U.S. financial system;

(ii) facilitating the sharing of climate-related financial risk data and information among FSOC member agencies and other executive departments and agencies (agencies) as appropriate;

(iii) issuing a report to the President within 180 days of the date of this order on any efforts by FSOC member agencies to integrate consideration of climate-related financial risk in their policies and programs, including a discussion of:

A) the necessity of any actions to enhance climate-related disclosures by regulated entities to mitigate climate-related financial risk to the financial system or assets and a recommended implementation plan for taking those actions;

(B) any current approaches to incorporating the consideration of climate-related financial risk into their respective regulatory and supervisory activities and any impediments they faced in adopting those approaches;

(C) recommended processes to identify climate-related financial risk to the financial stability of the United States; and

(D) any other recommendations on how identified climate-related financial risk can be mitigated, including through new or revised regulatory standards as appropriate; and

(iv) including an assessment of climate-related financial risk in the….

Operational Risks

The end of the pandemic in the United States means businesses are reopening, and customer services are returning to normal. However, measures taken to ensure business continuity during the pandemic will have a lasting impact on how people work. The pandemic compelled businesses to expand employees’ ability to work remotely and enabled customers to access services via new delivery channels. However, businesses, employees, and customers are all recognizing that specific changes improved customer experience and should be retained.

This means that businesses will have to rethink their approach to risk management. Allowing employees to work from home and providing customers with new service delivery channels introduce unknown operational risks. Businesses will need to expand the risks they manage and implement new controls to mitigate these unique risks. Businesses must weigh the overall costs and benefits of the new way of working against the overall risks to determine whether continuing such operations would be a prudent move.

Credit Risks

Credit risks will continue to be a significant risk management challenge for businesses. Already, there has been considerable volatility in the outlook for credit risks. Credit risk was a key concern for banks during the pandemic, as businesses shut down in numerous states, reducing their revenue streams and decreasing their likelihood of being able to meet all their financial risk obligations. Concerns quickly dissipated as stimulus payments began to flow.

Fitch Ratings announced that most U.S. banks’ credit risks remained low during Q1. The government is now warning businesses against becoming overconfident about credit risks, as the boost may have been temporary.

This means that businesses cannot anticipate an increase in credit risks over the next 12 months, nor can they anticipate a decrease in credit risks. Rather than developing a strategy based on increasing or decreasing credit risks, financial organizations will need to create flexible strategies capable of responding in real time to changing credit risks. This will necessitate rethinking credit risk tracking, management, and mitigation processes.

Credit risks will remain essential to manage even if the risk continues to decrease over the next year. An oft-overlooked feature of risk management is the ability to find opportunities. When a risk increases in severity, the business receives the signal that it should safeguard itself, however, when a risk decreases in severity, it means that the business can now avail more opportunities in that domain. Understanding and tracking credit risks will therefore be important for businesses that want to fully utilize the opportunities that can open if credit risks remain low.

Compliance and Regulatory Risks

Many businesses can experience compliance risks if they do not have an effective risk management system. The stated goals of the new administration highlight a focus on bringing about compliance and regulatory risk changes that will modify the way financial organizations assess risks. This means that the entire regulatory compliance framework within the organization will have to be reevaluated based on the latest announcements and news coming in from regulatory bodies. Existing SOPs will need to be revised to comply with any new financial risk management sector regulations.

Technology Maturity

While large enterprises have had risk and compliance technology implemented for years, smaller organizations were still handling risk management and compliance management manually because they needed clarification about the ROI (return on investment) of risk and compliance technology. The pandemic acted as a catalyst for risk and compliance technology adoption across the financial sector because organizations that were hesitant to try these solutions realized how useful they were for their operations. Over 55% percent of businesses surveyed by PwC focused on technology enhancements during the pandemic.

The lesson learned here is that risk and compliance technology has now matured, and implementing this technology is no longer a high-risk endeavor based on unproven technology. Now that the pandemic has eased, businesses are focusing their efforts on exploring additional technological options that can assist them in efficiently addressing risk and compliance management issues.

Real-Time Risk Management

Manual risk management methods could not keep up with the fluctuations in the risks that businesses had to manage. Businesses quickly recognized that their risk management process and frameworks needed to be more responsive to the dynamic risks they faced during the pandemic. The pandemic was not a single risk to manage; it was a disruption that resulted in a multitude of risks to manage across multiple geographic locations in different industries. States went into lockdown at varying times, industries were impacted by the pandemic at different levels, and global supply chains were disrupted as the pandemic slowly spread across the world. According to PwC’s annual Global CEO (Chief Executive Officer) Survey for 2021 , dynamic (real-time) risk monitoring was the top agenda for tech implementations for more than 30% of the businesses surveyed, followed by risk management technology (25%), and data analytics for risk management (20%).

The opportunities 2022 has unearthed includes internal data and metrics which allow Financial institutions to understand which types of businesses are struggling and which loans are underperforming, as well as which businesses have recovered. This intimate knowledge of the local economy can be invaluable when it comes to financial risk intelligence generation.

Modern risk and compliance management solutions enable businesses to combine internal metrics, peer benchmarking, and external metrics to establish comparisons, unearth insights, and develop predictive analytics to aid in executive decision-making.

By comparing these metrics in real-time, businesses can instantly gain new business intelligence in response to significant changes in data – ensuring they can stay ahead of the curve and maintain their position in the market.

External data from leading indicators extracted while analyzing performance metrics are primarily determined by an organization’s performance, while risk management metrics are influenced by factors beyond the organization’s control. These external risk indicators may be more important and relevant than any internal risk indicators.

Financial sector businesses are directly impacted by the performance of financial markets. As the 2008 financial crisis demonstrated, industries are inextricably linked, and the performance of one industry can have a significant impact on the performance of others. While the 2008 financial crisis originated in the housing sector, its negative consequences were felt across the globe.

A similar scenario played out on a global scale during the pandemic’s early stages when various countries and cities began implementing lockdowns. While regulatory information is not under the organization’s control, it is critical for risk management. If unexpected regulatory changes occur, the risk of non-compliance increases. Similarly, a change in the price or availability of inputs can have a significant impact on a business. When a critical component becomes unavailable, it can have far-reaching consequences. Bloomberg lists 12 leading indicators that businesses should monitor closely; businesses in the financial sector should look at these and others closely.

Enhanced Collaboration

Businesses also realized the importance of ensuring they provided employees with the right platforms and tools for collaboration. It was easier for businesses to have teams collaborate when all the teams were working from the same office. Businesses that were still relying on manual methods of collaboration, such as meetings and emails, had difficulty ensuring efficiency and productivity. Businesses that did have a collaborative platform for risk management managed to continue operations as usual.

Platforms that provide a central location for collaboration also increase the management’s visibility. Instead of having to ask for updates, managers can open the platform and see the progress being made on each process and task in real time.

Work from Home (WFH) Expectations

The lockdowns imposed by governments meant that many employees could no longer work from the office. Social distancing was also only possible for some offices. The fact that closed spaces were considered the most dangerous for spreading disease was also a significant challenge.

Risk management is a dynamic activity that changes depending on current and expected business environments. This meant that many businesses allowed their employees to work from home to ensure business continuity. Work from home carries the operational risk that needs to be managed, which is why businesses want to ensure that they only enable WFH policies for employees if they can provide data security.

According to poll results , a large share of businesses expected work from home policies to end within the next three months. A slightly lower percentage of businesses expected the outcome from home to continue for longer than six months. Interestingly, the share of businesses that expected work from home policies to be in effect indefinitely is the same as businesses that have already ended work from home.

When significant changes occur, risk management practices must also be adjusted to adapt quickly.

This carries many implications for risk managers. Risk and compliance managers will have to ensure that employees can return to the office safely and without disrupting any existing business processes. Businesses that expect WFH to continue for an extended period will need to create controls that can mitigate risks often associated with WFH.

Biggest Risk Management Challenges

One of the most enlightening questions from 2021-2022 were about the challenges that risk and compliance experts faced over the past few year. The biggest challenge for most businesses was compliance monitoring and testing. This is not surprising; the advent of new risks and compliance issues will require businesses to reassess their existing controls and compliance framework. Regulatory change management and faster risk assessments were tied for second place, followed by risk data aggregation and KRI monitoring.

Risk and Compliance Initiatives

There was a lot of talk among the experts about how risk and compliance management programs can be improved. Among the respondents who had a vision for the changes they needed to make, most experts chose upgrading risk management and compliance technology as the right approach, followed by adjusting headcounts for better performance. What was notable was the high number of risk and compliance professionals who were still unsure about the changes their organization should enact.


The years 2021, 2022, and beyond promise to bring exciting new opportunities for businesses in the financial sector across the country. There will be unknown financial risks caused by many major forces acting on the economy. It is essential to realize the unprecedented nature of the changes that can be expected to occur over the next few years. The changing administration, new Fintech services, climate risks, and recovery from the pandemic are just some of the things that businesses will need to manage simultaneously.

Risk Management Challenges & Opportunities

The silver lining of the 2020s has been a lesson in resilience. The financial sector successfully navigated the pandemic. It was tasked with not just the responsibility to protect itself but also enable the rest of the economy to run throughout the pandemic and the shutdowns. The fact that banks and financial organizations successfully delivered services around the year shows how capable these organizations are of adapting to change. Advanced risk management platforms continuously monitor risks across the organization.

Businesses in the financial sector have navigated the turbulent 2020s by utilizing the appropriate tools and technology to overcome obstacles. They used cloud platforms to deliver services when employees were unable to report to work, risk metrics to monitor emerging risks, and centralized risk platforms to facilitate collaboration, among other things. It is critical to pause and evaluate the utility of these technologies and review how they can be more effectively integrated into the enterprise risk management framework for further value creation.