mckinsey - 風險的未來:全球趨勢如何重塑風險管理 The future of risk How global trends are reshaping risk management_第1頁
mckinsey - 風險的未來:全球趨勢如何重塑風險管理 The future of risk How global trends are reshaping risk management_第2頁
mckinsey - 風險的未來:全球趨勢如何重塑風險管理 The future of risk How global trends are reshaping risk management_第3頁
mckinsey - 風險的未來:全球趨勢如何重塑風險管理 The future of risk How global trends are reshaping risk management_第4頁
mckinsey - 風險的未來:全球趨勢如何重塑風險管理 The future of risk How global trends are reshaping risk management_第5頁
已閱讀5頁,還剩10頁未讀, 繼續(xù)免費閱讀

下載本文檔

版權說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權,請進行舉報或認領

文檔簡介

December2025

Mckunsey

&company

Risk&ResiliencePractice

Thefutureofrisk:Howglobaltrendsare

reshapingrisk

management

Arapidlyshiftingandinterconnectedrisklandscape,technology,andAI

transformwhatgoodriskmanagementlookslike.Financialinstitutionsmustembracenewoperatingmodelsandbestpractices.

byAnkeRaufuss,ArvindGovindarajan,IdaKristensen,andThomasKelepouris

Greatriskmanagementhasneverbeenmoreimportant.Consideringcyberattacks,politics,

andtradewars,financialinstitutionsrelymorethaneverontheirriskleaderstonavigate

uncertainty.Butastheworldchanges,sotoomustriskmanagement.Notonlyarerisks

proliferating,butsoaresolutions.InanAI-empoweredfuture,newskillsandcapabilitieswillberequired.Riskfunctionswillneedtobemoreagile,morecross-functional,andmoretech-driven.Inthenextthreetofiveyears,executives,startingwithleadersofriskfunctions,mustembracetransformationandstarttoimplementtherequiredchanges.

Forcesatplay

Asriskleadersfocusonbuildingtheriskfunctionsofthefuture,whatforcesshouldshapetheirthinking?Weseefivethathaveprofoundimplicationsforrisk:

Geopoliticalfluxasthenewnormal.TheWorldUncertaintyIndexisnearlyninetimeshigher

thanitwas20yearsago,reflectingallthegeopoliticaldisruptionsofthepastfewyearsaswellasthenewnormalofgeopoliticaluncertainty.1Globalsupplychains,capitalandtradeflows,

cyberattackpatterns,andshiftingdomesticpoliciesarefeelingtheeffectsofthisuncertainty.Inresponse,riskleaderswillrequiremoredynamicandforward-lookingplanningandforecastingframeworksflexibleenoughforrapidlychangingenvironments.Activitiessuchasstress-testingwillalsoneedtobemoredynamicandconsiderabroadersetofpossiblescenarios.Risk

managerswillneedtohavetheirfingeronthepulseeverydayandhaveaccesstostandingandresponsecapabilitiesmoreagilethantheadhoc“warrooms”ofthepast.

Technologicalprogress.DigitalcapabilitiesandAIarecreatingbothopportunitiesand

challengesforriskmanagement.Inonboarding,transacting,andborrowing,almostevery

customerjourneyisbeingreshapedbydigitalization.AIisreformingthefraudandcyberthreatlandscape,andcontagionriskhappensfasterthanever.Thisrequiresaccesstonear-real-timedataandanalyticsaboutopportunitiesandthreatscreatesadifferenttalentmixtomanage.

Furthermore,webelievethatfinancialinstitutionshavetorethinkriskappetitestatementsandframeworksfornonfinancialriskssotheycantodevelopmoreappropriateriskmetricsto

monitoradigitallyfast-movingworld.

Interconnectednessofrisk.Connectedprocessesandinfrastructureleadtohigherlevelsof

dependencyandincreasedlikelihoodofriskcontagion.Considerhowgeopoliticaleventsdrivesupplychaindisruption,whichleadstocreditdeteriorationandspikesinbondyields,orcyber

eventscausemanufacturingshutdowns,withassociatedeffectsoncreditqualityand

counterpartyrisk.Furthermore,theconcentrationsintechnologyprovidersincreasesfourth-

andnth-partyrisksandrequiresamore-detailedmappingofthirdparties’suppliers.Asrisksareincreasinglydrivenbythesameunderlyingdrivers,riskmanagersmustbreakdowntraditional

risktypesilostomanagetheimpactofcommonriskdriversinanenterpriseriskmanagementfunctionorcross-functionalgroup.

1Comparingthirdquarter2025withfourthquarter2005,“WorldUncertaintyIndex:Global:GDPweightedaverage,”FederalReserveBankofSt.Louis,updatedNovember2,2025.

Thefutureofrisk:Howglobaltrendsarereshapingriskmanagement2

Thefutureofrisk:Howglobaltrendsarereshapingriskmanagement3

Shiftingcompetitiveenvironment.Thebankinglandscapeisbeingreshapedby

nonbankfinancialinstitutions(NBFIs.Indeed,theInternationalMonetaryFundnotedthatthe

shareofglobalfinancialassetsheldbyNBFIsreachedmorethan50percentinadvanced

economiesandalmost80percentintheUnitedStates.2Thisintroducescomplexityin

counterpartyriskmanagementandcallsfornewmethodstoassessandoverseelessregulatedentities.Meanwhile,themoveofmanyfinancialinstitutionsintodigitalassetsamplifiescertain

riskssuchasanti–moneylaunderingandthird-partyriskwhileintroducingnovelrisktypes

uniqueto

digitalassets

.3

Fragmentationofregulations.Afteryearsofwhatfeltlikecloserglobalregulatorycoordinationinfinancialservices,wearenowfacingamuchmorefragmentedregulatorylandscape,with

increased,althoughuneven,deregulationintheUnitedStatesunmatchedbyotherjurisdictions.Regulatorymanagementandlegalentitymanagementbecomemorecomplexinthis

environment,andsimultaneously,organizationswilllikelyincreasinglyfindareaswhereinternalriskappetite,ratherthanregulatoryrequirements,becomethebindingconstraint.

Whatwillriskmanagementofthefuturelooklike?

Thefast-changingenvironmentpresentsriskmanagementwithchallenges,butalsowitha

uniqueopportunitytorethinktheartofthepossibleforriskfunctionsandforriskmanagementoverall.Webelieveadaptabilityisanimperativeforriskoverthenextthreetofiveyears,andriskfunctionsneedtostartmakingchangesnowtoavoidfindingtheireffectivenesswaning.

Whenreinventingriskmanagement,atemptingoptionistoabandonthecurrentframeworkandrebuilditfromscratch.Butthatwouldbeamistake.Therealityisthateffectivechangeismostoftenaresultofevolution,notrevolution,encompassingbothstate-of-the-artcapabilitiesandadaptationsthatworkfortheinstitutioninquestionwhilemaintainingthefoundational

principlesofgoodriskmanagement.Belowwedrilldownintodriversofstabilityandchange:

Whatwilllargelystaythesame?

Despitealltheuncertainty,certainprinciplesandtrendswillcontinuetobeimportant.

—Thethreelinesofdefense(3LOD)haveattractedcriticismoflate,withsomemarket

participantsarguingthatabetterapproachisbasedondeeperbusinessinvolvement,

backedbytechnology.Webelievethe3LODmodel,andparticularlytheroleofthesecond

LOD,willremainfundamentalinsettingstandards,monitoringadherence,andimposing

accountability.Digitalsolutionswillplayagrowingrole,allowingthefirstlinetoefficiently

takeonmoreriskactivities,butthesuperpowersofagoodriskmanagerarecriticalthinking,intellectualcuriosity,andabilitytoasktherightwhat-ifs.InaworldofsometimesflawedAI,thosecapabilitieswillbemoreimportantthanever.

2Globalfinancialstabilityreport:Financialandclimatepoliciesforahigh-interest-rateera,InternationalMonetaryFund,October2023.

3MattHigginsonandGarrySpanz,“

Thestabledooropens:Howtokenizedcashenablesnext-genpayments

,”McKinsey,July21,2025.

Thefutureofrisk:Howglobaltrendsarereshapingriskmanagement4

—Afoundationalriskmanagementframeworkandariskappetitestatementwillcontinue

toanchorriskgovernance,riskculture,andriskmaturity.Indeed,withrisksmoreconnectedthanever,andnewriskdimensionsemerging,riskappetitewillbecomeevenmorecritical

andwillneedtoevolvesignificantly:Bankswillneedamoregranulararticulationofriskappetite,manifestedin“controlsbydesign.”

—Theexpansionfromrisktoresiliencewillremainakeyexpectationamongcustomers,

shareholders,andregulators.Itwillalsocontinuetodriveacompetitiveadvantage.In

managingmultiplerisks,banksmustembracesimplicityacrossprocesses,dataand

systems,andinfrastructure.Weexpectmorecontrolviafewercontrols.Cross-riskscenarioanalysiswillbeacriticaltooltogaugefinancialresilienceandoperationalresilienceinan

integratedway.Separately,amongriskprofessionals,thereisanever-growingimportanceofindividualresilience:theabilitytobecomfortablewithambiguityandtakeadvantageofandreactdecisivelyinchallengingcircumstances.

Whatwillchange?

InanAI-definedfuture,riskmanagementmustevolveintandemwiththechangingbusiness

processesitoversees.Itwillalsoneednewcapabilitiessuchascontinuousmonitoringandbuilt-incontrols,aswellasanenhancedsecondLOD.Thetransformationsweexpecttoseeincludethefollowing:

—Moredynamicriskappetite–settingandsimulationsreflectinggreaterrateofchange:

Tomonitortheirfinancialandoperationalresilience,organizationswillconstantlyrun

syntheticsimulationsofmacroeconomicshocks,climateevents,cyberattacks,andotherpotentialdisruptions.Beforeanymajordecisionistaken,fromacquiringaportfolioto

launchingaproductorenteringamarket,theywillassessthousandsofsimulations.

Potentially,banksmayoperatefull-scaledigitaltwinsoftheirbalancesheetsandcritical

operations,helpingthemmonitortheirfinancialandoperationalresilience.Byapplyingriskappetitemoredynamically,bankswillmakefaster,better-informedchoices,withoutlosingoutonopportunities.

—Continuousreal-timeportfoliomonitoringwithinterventionsbyexception:Inthe

languageofriskmanagement,“assurance”isdead—orrather“periodicsample-testing

assurance”isdead.Itwillbereplacedbycontinuous,oftenreal-time,monitoringas

institutionsplugintointernalandexternaldataecosystemstotracktheirexposures.Inthe

future,the3LODswillhaveaccesstothesamedatasetsandwilluse,query,andmonitor

thedatafortheirspecificpurposes.Thiswilleliminatepoint-in-timereportgenerationand

datareconciliations,enablingfasterdecision-making.Riskmanagerswillhaveaccessto

automatedportfoliomonitoring(againstthebaseline)butwillbeabletointervenetodeal

withexceptions.Thewaywemeasureandmanagemarket,liquidity,andcybersecurityrisk

today—continuouslyandataportfoliolevel,withclearlimitsandthresholds—willbeadoptedforotherrisktypes.Inparticular,today’scase-by-casecreditapprovalandperiodiccontrol

Thefutureofrisk:Howglobaltrendsarereshapingriskmanagement5

orkeyriskindicator–basedmonitoringofnonfinancialriskswilltransition.Regulatorsmayexercisetheirsupervisioninasimilarwaybyaccessingbanks’datatooverseeanindividualbankmoreeffectivelyandtoscanthefinancialsystemforsystemicrisksandrequired

interventions.

—Integratedriskprofilingacrossrisktypestoassesstheultimatecausesforrisk

holistically:Managementoffinancial,nonfinancial,andstrategicriskswillconverge.Risk

leaderswillusedatatoidentifytherootcausesofrisk,bothhuman(customers,employees,andthirdparties)andinfrastructural(processes,systems,anddataormodels).

Understandingcustomerrisk,forexample,willconsidereverythingfromcredithistorytofinancialcrime,fraud,andcyberrisk.Siloeswillbeconsignedtohistory.Instead,risk

functionswillembraceagile,squad-basedoperatingmodels,supportedbyriskdomainexpertsandanalytics-savvyspecialists.

—Ahybridworkforceofmultiagentsystemsand‘humansintheloop’:Riskfunctionswill

betech-drivenbuthuman-supervised.Theday-to-dayoperationalworkofriskofficers

(suchasmonitoringexposures,scoringcredit,anddetectingfraud)willbefullyautomated.Theriskfunctionwillbecomeahybrid,withbotsandagentsbackedbyasmallgroupof

experts,acohortofAItrainersandassurers,and“ethicsstewards”toensuretransparency,fairness,andunderstandingofautonomousAIdecisions.

—Humanriskmanagersequallyvaluedforsubject-matterexpertiseandcritical

orthogonalthinking.Theroleofthehumanintheloopwillshiftfromcontroltooversight.

Thiswillrequiretherighttalenttonotjust“checkboxes”butthinkoutsidetheboxand

ensurethatautomationdoesnotcreatetailrisks.Thecompositionoftheriskfunctionwill

employsubjectmatterexperts(forrisktypesandanalytics)andintegrativethinkers.Risk

managerrolesthataremoreprocess-focusedwillbenonhuman.Totrainthehuman

workforce,wewillseemoreadaptable,scenario-andsimulation-basedlearning(ratherthanlearningbydoing)whichwillenableemployeestobecredibleandeffectivehumansinthe

loop.

Rethinkingtheriskfunction

Historically,riskfunctionshaveprimarilybeenorganizedbyrisktypes,businessareas,ora

combinationofthetwo.Inthefuture,webelieveriskfunctionswillneedtobeorganizedaroundthreeseparateelementsthateachplayacriticalrole.Eachelementwillhavedistinctdefined

objectivesandtalentprofile(exhibit):

1.Strategicnervecenter.Thiswillbethecross-cuttingintelligenceunitoftheriskfunction,

inwhichriskappetiteandlimitsareset,emergingrisksareidentified,scenariosarerun,

andinsightsareprovidedtotherestoftheinstitution.Thefunctionwillconnectthedots

betweenrisktypesanddrawonanalyticsfromadedicatedcenterofexcellence(discussedbelow).Theworkforcewillbemadeupofhigh-caliber,cross-functional,strategicthinkers.

Thefutureofrisk:Howglobaltrendsarereshapingriskmanagement6

2.Domain-specificpods.Podswillbeorganizedaroundrisktypesorothercriticallydefineddomainssuchasmateriallegalentities.Theywillbemadeupbysenior,criticallyadeptriskmanagerswhowilloverseethebank’sportfolioofrisksandapplyjudgmentonexceptionalcases.Thepodswillbelargelybusiness-facing,whilethebulkofoperationalrisk

managementandoversightwillbeundertakenbybotsandagents.Theunitswillbestaffedbydeepsubject-matterexperts,suchasthosefocusedonspecificriskdisciplinesor

entities.

3.Analyticssharedcenterofexcellence(COE).TheCOEshouldbetheriskfunction’sengineroom.Itwillanalyzevastamountsofdataasitconstantlymonitorsforoutliersand

thresholdbreaches.Activitiessuchasreportingwillbefullydigitizedandavailableviaself-servefunctionality.Thefunctionwillconsistofhybridsquadsofmultiagentsystemswith

humansintheloop.

Exhibit1

Thefutureofrisk:Howglobaltrendsarereshapingriskmanagement7

Theorganizationofriskintothesethreeelementsallowsfordevelopingparalleltalentvaluepropositions,performancemanagement,andcareerpathsforthetalentwithineachelement.

Talentinthestrategicnervecenterwillbewelltrainedtotakeonbroaderrolesincluding

executiveleadershipriskrolesoutsidetheriskfunction.Talentinthedomain-specificpodscandevelopandberewardedfordeepsubject-matterexpertisewhiletheanalytics-basedCOE

allowsfordeepdataandanalyticalexpertise.Wewouldexpectthemajorityoftalentinthefutureriskfunctionwilldedicatethemselvestooneofthethreeelements,whilerotationalprogramsshouldexistbetweenthemtoensuresufficientcross-pollinationofideasand

understandingoftheinterconnectednessoftheelements.

WhatshouldCROsdonow?

Thecurrentrateofchange,bothintheexternalriskenvironmentandinternalriskcapabilities,amounttonothinglessthanaparadigmshift.So,howshouldchiefriskofficers(CROs)begintobuildariskfunctionthatcanaccommodatethemorefluidandunpredictableenvironment?Weseefourimmediatesteps:

—Investinupskillingyourselfandyourteam.Theriskfunctioncanbethebiggestinhibitor

orenablerofchange—dependingontheCRO’smindsetandindividualcapabilities.For

example,wehaveseenproactive,progressiveriskleadersactascriticalenablersfor

acceleratedAIadoption,andthosethatdonot.Riskleadersneedtounderstandthe

opportunitiesandinvestineducatingthemselvesandtheirteamsonAI,itsapplications,anditschallenges.

—Strengthencross-cuttingcapabilities.Whileriskfunctionsmaynotyetbereadyforthe

fullstrategicnervecenter,itiscriticaltostartaddressingtheneedforcross-riskanalysisandmanagement.Thiscanhappenthroughstrengtheningtheenterpriseriskmanagement

orbusinessriskfunctionsoftheorganizationorbyinvestinginrisk-agnosticmonitoringandresponsecapabilitiestostayaheadoftheshiftingrisklandscape.

—EnsureresponsibleandtransparentAIuse.CROsshouldspearheadthedesignand

deploymentofriskmanagementmechanismsforAI.ThesewillincludecleargovernanceframeworksforAIuse-caseapprovalandmonitoringandAIprocessesthatappropriatelytriagebasedonAIriskcharacteristicstoensurethattheorganizationcansolveforbothsafetyandspeed.Transparentdocumentationandethicalguidelineswillsafeguardfirmsagainstregulatorybr

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預覽,若沒有圖紙預覽就沒有圖紙。
  • 4. 未經(jīng)權益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負責。
  • 6. 下載文件中如有侵權或不適當內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論