CRO Outlook

New Year's Resolutions for Risk Managers in 2024

Finding balance in managing risk and return is extremely challenging, especially during periods of uncertainty fueled by geopolitical tensions, cyber threats, financial instability and other volatile events. But financial institutions and their FRMs can take steps to curtail this year’s biggest projected tail risks by, for example, cultivating situational risk awareness, developing war-gaming exercises, improving contingency planning, hiring talented people, and performing honest assessments of their governance and their risk exposure.

Friday, January 12, 2024

By Clifford Rossi


The start of a new year is a time of personal reflection and goal setting for many. For financial institutions and their risk managers, the turn of the annual calendar represents an opportunity to take stock of potential risk event catalysts and to evaluate risk management capabilities that are currently in place.

Over the next 12 months, financial markets could be jolted by multiple risks – such as geopolitical flare-ups, an AI-induced event, fiscal instability or changes in consumer or investor sentiment. To enhance their ability to navigate smoothly through any treacherous seas that may come their way, financial institutions must harden their risk management infrastructures.

 a2r5d000006RVPrAAO_Clifford RossiClifford Rossi

How, exactly, should they go about this? We’ll get to our New Year’s resolutions for risk managers in a moment, but let’s first take stock of what we learned from 2023 and what questions we should ask about potential risk event catalysts in 2024.

Storm Clouds on the Horizon?

If the last few years have told us anything about managing risk, it is that no matter how much we plan, unexpected risk events will materialize with little warning. This was particularly the case with the COVID-19 pandemic and early 2023 regional banking crisis.

Risk managers are generally well-equipped to handle most events that pose risk to their institutions, but when the unexpected happens, models that guide many risk decisions are no longer as useful, leaving risk managers in the uncomfortable position of leaning on judgment and experience to guide them.

The new year begins where 2023 left off. Markets and governments, in short, remain at the mercy of extreme fiscal and monetary policies that were initially put in place after the global financial crisis of 2008. A string of unexpected events since that crisis, including COVID-19 and the 2023 regional banking fiasco, have increased instability and uncertainty, leading to calls for amended regulation and new ways to approach risk management.

In 2024, key questions you should be asking your risk team include: (1) How would we respond to a significant and prolonged downturn, precipitated by a collapse in global supply chains for semiconductors or other critical materials due to a geopolitical crisis or war? and (2) What actions would we take if fiscal brinksmanship and/or an oversupply of U.S. Treasuries causes interest rates to spike again?

These are, of course, not the only scenarios worthy of consideration. Another issue to keep an eye on is the next step in the evolution of cybercrime. What if, for example, bad actors attempt to use generative AI to commit fraud or to disrupt financial markets?

It is also important to remember that there are psychological and emotional factors that influence investors during times of great uncertainty. John Maynard Keynes, the renowned British economist, described these factors as “animal spirits” – and they are alive and well in 2024. That leads to another question risk managers must ask: Are you prepared for a major change in consumer or investor sentiment? 

Potential Risk Problem Areas

Supply-chain problems and events like a prolonged downturn, an interest rate spike, and an AI-driven disruption could wreak havoc on asset valuations, liquidity, and credit risk.

Over the past few years, we’ve witnessed an astounding growth in asset values across multiple investment classes. But we also saw in 2023 how many banks and their examiners were ill-prepared for a sharp increase in interest rates.

Ironically, liquidity risk never seems to be an issue until an event hits. However, liquidity scenario analysis and contingency planning exercises must be a top priority in a period of elevated market uncertainty. Similarly, during such a period, credit risk managers must keep a close eye on any material policy-induced changes in borrower repayment behavior.

The list of potentially significant risk events in 2024, undoubtedly, is not just limited to these three areas. There is always the risk of some type of damaging operational risk event. This seems to be a recurring theme for large, more complex firms – but operational risk events are an easy way to put your firm in the regulatory penalty box, at the very least.

We should also keep in mind that risk outcomes are driven by dynamic forces. While risk managers are largely bound by the rules of Gaussian distributions, our latest data and model parameters may not be up to capturing abrupt shifts in behavior and policy on risk.

A New Year’s Risk Resolution List

A little paranoia is actually a good quality in a risk manager, as it motivates thinking about bad outcomes. Managing tail risk events is critical to the long-term viability of any franchise – but, because of their low frequency, our collective risk mindset isn’t quite as sharp as it could be to anticipate what might come at us and how to respond. That’s why cultivating situational risk awareness is at the top of my risk resolution list.

We tend to get mired in the mundane process of managing risk, according to our various policies and frameworks. However, this weakens our ability to think creatively regarding possible major risk catalysts.

Some would rightly push back and say, we’re already doing scenario analysis, so what’s different? I would challenge risk teams to establish annual war-gaming exercises that entail identifying sources of major risk events. The idea would be to figure out how they would impact your business and risk, and what actions your organization would need to take to mitigate them.

Once activities designed to elevate your situational risk awareness are established, it can help with the next risk resolution: getting your risk management house in order. Clearly, several regional banks, among others, didn’t get that message last year and are no longer around.

Getting your house in order means taking a close look at the following critical components of effective risk management: governance, process, capability and risk exposure. If you carve out time from the regular risk management routine and honestly critique the effectiveness of each of these components, you can then build a plan to fix your organization’s weaknesses before a risk event manifests.

The next risk resolution is to run a lean and mean risk organization. For those in the second line of defense, credibility and stature within the enterprise is built on the back of demonstrated capabilities and the value your group brings to the organization. This means taking a hard look at the resources you have and ensuring that the right group of highly-skilled risk professionals are in place. Extraordinary risk teams are those that are efficiently staffed with analysts and managers with deep business and risk domain expertise.

To round out your resolutions, strive to become a better umpire. The integrity of any major league sport depends on fair and accurate calls by their referees and umpires. The same is true for risk managers.

While it may be the path of least resistance to go along most of the time with the business, that approach ultimately does a disservice to both your employer and the company’s shareholders. Likewise, being a “Dr. No” will be debilitating to the firm.

Finding balance in managing risk and return isn’t easy, but it is what the job demands to do it right.

Parting Thoughts

The new year is a great time to step back and spend some quality time thinking deeply about what risk event catalysts could emerge in 2024. The idea is to figure out which risks could potentially have the greatest impact on your company and to determine how they would ripple through your portfolio.

After you’ve considered this, it’s time to make your own list of risk resolutions. Cultivating situational risk awareness, developing war-gaming exercises, hiring talented risk professionals, and scrutinizing your governance, process, risk capabilities and risk exposure could pay dividends in both 2024 and beyond.


Clifford Rossi (PhD) is the Director of the Smith Enterprise Risk Consortium at the University of Maryland (UMD) and a Professor-of-the-Practice and Executive-in-Residence at UMD’s Robert H. Smith School of Business. Before joining academia, he spent 25-plus years in the financial sector, as both a C-level risk executive at several top financial institutions and a federal banking regulator. He is the former managing director and CRO of Citigroup’s Consumer Lending Group.


BylawsCode of ConductPrivacy NoticeTerms of Use © 2024 Global Association of Risk Professionals