However, many legacy risk identification processes have not fully served institutions’ risk management needs, particularly those related to firm-specific stress testing and identification of the firm’s largest vulnerabilities. These processes were not sufficiently comprehensive and deep enough – failing to highlight key underlying drivers of risks. This, in turn, led to critical gaps in risk management. US regulators have taken note and have been pushing institutions to expand and enhance their risk identification processes, and clearly link risk identification to stress testing and broader risk management activities.
Traditional risk identification processes do not incorporate enough different perspectives on risks from across the organization; effectively distinguish the most significant risks from more minor risks; or sufficiently consider the underlying drivers of risks and how they could interact and amplify risks, or how minor risks might become severe in certain environments. As institutions adopt stress testing-based approaches to risk and capital management and spend more time on developing stress scenarios specific to their own vulnerabilities, risk identification approaches must enable institutions to better understand their vulnerabilities, and to mitigate or capitalize against them.
In this paper, Risk Identification: What Have Banks Been Missing? we explain how improvements are required to banks’ risk identification processes in order to better inform scenario design, risk measurement and broader risk management needs, and to help financial institutions weather the next storm.