Independence Day: How Trump’s tariffs could be the wake-up call Europe needs
Starting at the End: Why defining the right solution must start with the customer
Reanimating Risk
Frameworks: The case for treating risk frameworks as a living ecosystem
Watch Your Step: The five fault lines that banks can’t afford to ignore connect.cefpro.com/magazines
FOREWORD: NEVER MIND MAGA, COULD TRUMP’S TARIFFS BECOME MEGA?
Andreas Simou looks at what’s in store in this edition of the magazine.
Andreas Simou, Managing Director and CEO at The Center for Financial Professionals
The views and opinions expressed in this publication are those of the thought leader as an individual, and are not attributed to CeFPro or any particular organization.
COULD TRUMP’S TARIFFS ACTUALLY MAKE EUROPE GREAT AGAIN?
Koen De Leus on why he believes Trump’s tariffs could drive Europe to reduce dependence on America.
Koen De Leus, Chief Economist at BNP Paribas Fortis
This month’s regular features in Connect Magazine
BRIDGING GLOBAL RISK AND THE ENGINE OF INNOVATION
Meet Christophe Rougeaux, whose journey shows how curiosity and global perspective drive purposeful leadership. Christophe Rougeaux is a Model Risk Management Executive at TD Bank Group
INFOGRAPHIC: BANKS BRACE FOR RISING AML RISKS AS AI LAGS
Our regular feature explores how surging compliance costs surge and growing regulatory scrutiny are driving rising AML and sanctions risks.
RETHINK OR FAIL – LOOKING BEYOND THE CONTRACT IN RISK MANAGEMENT
Why financial institutions must rethink AI risk contracts or face failure in oversight and resilience.
Andrew Moyad, CEO, Shared Assessments 14
22
THE ART OF THINKING RIGHT TO LEFT
Oliver Woodman explores how GenAI shifts humans from repetitive completer finishers to outcomefocused reviewers.
Oliver Woodman, AI Lead, The Exeter
26
TURNING THIRD-PARTY RISK FROM ROADBLOCK TO ROCKET FUEL
In part 3 of her series on putting TPRM at the centre of risk strategy, Kelly Lake argues culture can transform compliance into strategic value.
Kelly Lake, Third Party Risk Manager at Legal & General
32
NEWS IN REVIEW
Our 3-minute read catches you up on some of the news stories and events that have been on the risk news agenda around the world over the last month.
38
34
TURNING RISK INTO A CATALYST FOR INNOVATION
Riten Dixit explains why he believes risk must evolve into a strategic partner for innovation and growth.
Riten Dixit is VP Market Risk, Federal Home Loan Bank of Cincinatti
BANKS CAN’T AFFORD STATIC RISK –AUTOMATION IS SURVIVAL
Givi Kupatadze explains why automation transforms enterprise and redefines resilience and strategy in banking.
Givi Kupatadze, PhD, Head of Enterprise Risk Management , TBC Bank, Georgia
42
TRENDWATCH: FIVE GLOBAL FAULT LINES BANKS CANNOT IGNORE
Operational risk redefined – how cyber, geopolitics, and AI collide to reshape resilience and compliance.
Learn to turn volatility into vision and join us on 7-8 October in Amsterdam
Secure your place >
Magazine team
Publisher Andreas Simou
Managing Director CeFPro andreas.simou@cefpro.com
Marketing
Edwin Njenga Head of Marketing CeFPro edwin.njenga@cefpro.com
Editor Mark Norman Head of Content CeFPro mark.norman@cefpro.com
Sales & Advertising
Chris Simou Head of Sales CeFPro chris.simou@cefpro.com
Design
Natasha Marino Head of Design CeFPro natasha@cefpro.com
NEVER MIND MAGA, COULD TRUMP’S TARIFFS BECOME MEGA?
A warm welcome to the September edition of Connect Magazine.
Our lead story this month comes from Koen De Leus, Chief Economist at BNP Paribas Fortis, who asks whether Donald Trump’s tariff policies could, paradoxically, make Europe stronger.
For risk professionals, the implications are profound. De Leus argues that protectionism may force Europe to diversify its economic ties, accelerate capital markets and banking union, and strengthen the euro’s position as a reserve currency.
For global finance, this raises critical questions around dependency, trade flows, and resilience. In an era of heightened geopolitical volatility, risk managers will need to weigh not just immediate disruption, but also the longer-term opportunities that structural change could bring.
Elsewhere in this issue, Givi Kupatadze of TBC Bank explores how automation is transforming enterprise risk management frameworks, turning them from static documents into living systems that drive strategy.
Andrew Moyad of Shared Assessments challenges us to look beyond outdated contracts when managing AI risk in
third-party relationships, while Oliver Woodman of The Exeter reflects on the shift GenAI brings to decision-making, urging leaders to think ‘right to left’ when planning outcomes.
Kelly Lake of Legal & General concludes her series on third-party risk with a call to see it as a strategic enabler rather than a blocker, while Riten Dixit of the Federal Home Loan Bank of Cincinnati positions risk as a catalyst for smarter innovation.
Alongside these features, our monthly infographic highlights the mounting AML and sanctions risks as AI lags behind financial crime complexity, and our Trendwatch piece examines five global fault lines – from cyber to geopolitics – that banks cannot afford to ignore.
If you’d like to explore advertising or advertorial opportunities in future editions, please do get in touch with the editorial team – their details are overleaf.
I hope you enjoy this month’s edition of Connect magazine. The next issue is out on October 25.
Andreas Simou Managing Director & CEO The Center for Financial Professionals
COULD TRUMP TARIFFS MAKE EUROPE GREAT AGAIN?
Koen De Leus, Chief Economist at BNP Paribas Fortis, specializes
in macroeconomic trends, financial markets, and strategic analysis, with extensive experience advising on economic policy, investment strategy, and global market dynamics.
It’s perhaps an understatement to say the protectionist policies of the current Trump administration have rattled economies worldwide.
But for all the hand-wringing that met the announcement of what, if implemented at face value, will be historic export tariffs, is it possible that they may yet offer Europe an unlikely opportunity to reinvent itself as an economic powerhouse?
That’s certainly what Koen De Leus, Chief Economist at BNP Paribas Fortis, believes: an unexpected chance to strengthen Europe’s economic foundations and reduce its vulnerabilities.
“I think it’s a wake-up call,” says De Leus. “We’re only now realizing that we’re too dependent on other countries. Before the invasion in Ukraine, we were too dependent on Russia for our energy, on China for our exports, and on the United States for our defense.”
In many ways, the war in the East has served to further deepen the extent of that dependence, with Europe sourcing more gas from the U.S. and redirecting more exports there as China’s real estate crisis dampens demand.
The challenge, according to De Leus, is that this increased reliance has come at a time when an overtly protectionist president resides in Pennsylvania Avenue.
“By pushing us into an era when we’re forced to find greater independence, maybe Trump is actually driving us to make Europe great again,” he offers.
De Leus sees the potential for Europe to not only diversify its economic
relationships but also position the euro as a more credible alternative to the U.S. dollar as a reserve currency.
While he stops short of predicting that the euro will replace the dollar, he argues that growing suspicion toward U.S. policy could create an opening - provided Europe makes significant changes.
Those changes are outlined in part in the Draghi report, which calls for deeper energy integration within Europe. By building an interconnected energy market across member states, supply could be balanced more effectively.
“In Norway, when the wind doesn’t blow, they will get the Spanish sun, and in Spain, when there is no sun, they will get the Norwegian wind,” De Leus explains.
This, he argues, would reduce dependency not only on the U.S. but also on fossil fuel imports from outside the continent.
Maybe Trump is making Europe great again by pushing us to become less dependent.
Another critical shift would be increasing intra-European trade. Currently, about 60 percent of EU member state exports remain within Europe, with only 6 percent going to the U.S.
Raising that internal figure to 70 percent, for example, would lessen exposure to U.S. tariffs. However, De Leus warns that non-tariff barriers - such as divergent labeling requirements for products like milk or incompatible railway systems between countries - act as a drag on trade.
The IMF estimates these barriers for goods are equivalent to a 43 percent tariff. Cutting that to 10 percent, he says, would render U.S. tariff policy far less relevant. For services, these nontariff barriers amount to 110 percent on average.
Strengthening Europe’s single market would also make its companies more scalable.
“Starting a company in Belgium and becoming big in Europe is very, very difficult because the rules everywhere are different,” De Leus says.
For the financial sector, he points to the creation of a capital markets union and a banking union as vital
steps, arguing that a unified capital market would pool European savings rather than leaving them scattered across 27 separate national systems. Combined with banking integration, this would not only improve efficiency but also support the euro’s ambitions as a reserve currency.
De Leus believes the next four years - the remainder of Trump’s current term - could be transformative if Europe seizes the moment. A more productive, better integrated single market could emerge, benefiting both the economy and the banking sector.
So, with a more interconnected Europe, what, then, might be the UK’s role post-Brexit? While De Leus considers Brexit “a big mistake,” he sees the potential for the UK to participate in what he calls a “coalition of the willing.”
This concept, already taking shape in defense cooperation involving non-EU members like Norway, could extend to areas such as energy, electricity markets, and financial services.
“Europe with the UK is much stronger than Europe without the UK. An alliance of this kind gives the UK an opportunity to reconnect with the European continent.”
Treasury & ALM Europe Stand Out Speakers
This October, Amsterdam becomes the hub for Europe’s leading treasury and balance sheet strategists as Treasury & ALM Europe makes its highly anticipated debut. Over two days, attendees will gain insights from 20+ high-impact sessions led by industry trailblazers, with a focus on innovating through instability, navigating uncertainty, and future-proofing treasury and asset liability management in a rapidly evolving financial landscape.
Speakers will share strategies to build resilience, adapting to shifting economic conditions, harnessing emerging technologies, and redefining the role of treasury in a changing world. With forward-looking discussions on sustainability, regulation, and long-term strategy, this inaugural European edition is the place to shape the roadmap for the years ahead.
Pavol Kiralvarga Head of Wholesale Funding Tatra Banka
Pavol Kiralvarga is the Head of Wholesale Funding at Tatra Banka, responsible for the bank’s long-term funding with a primary focus on Covered bonds, MREL bonds, Capital instruments and other sources of funding. He led the issuance of Tatra banka’s first green bond, marking a significant milestone as the first green bond issued in Slovakia. In addition to his funding responsibilities, Pavol actively contributes to the bank’s ESG agenda. He regularly leads and presents at the green bond committee meetings and comanages green bond allocation and impact reporting. Before his current role, Pavol worked as a debt capital markets specialist and a loan syndication specialist. He holds an MSc in Financial Mathematics from Warwick Business School and is a CFA charterholder.
Christoffer Kok Head of Division ECB
Christoffer Kok joined the European Central Bank (ECB) in 2002. He is currently Head of the Stress Test Experts Division responsible for carrying out the ECB’s annual supervisory banking sector stress tests and supporting supervision with stress-related simulations and forwardlooking analysis. His team was responsible for the 2022 ECB Climate Risk Stress Test, the 2023 EU-wide stress test for SSM banks the ECB Banking Supervision Vulnerability Analyses, and the forthcoming 2024 SSM Cyber Resilience Stress Test.
Previously, he was Deputy Head of the Stress Test Modelling Division in the ECB’s DG Macroprudential Policy and Financial Stability, responsible for developing and maintaining the institutions topdown stress test models. Before that, he was Adviser in the same DG and Principal Economist in the DG Monetary Policy. Before joining the ECB, Christoffer was an Economist in the Danmarks Nationalbank. He also regularly supports the International Monetary Fund with Technical Assistance work.
Christoffer has written numerous publications on financial sector and monetary policy topics (https://www. ecb.europa.eu/pub/research/authors/ profiles/christoffer-kok.en.html). He holds a MSc in Economics from Aarhus University and University Paris I SorbonnePanthéon and a MSc. in Finance from Copenhagen Business School.
Jacek Rzeznik
Vice-Director ALM Risk mBank
Jacek is a DeputyDirector of ALM Risk of mBank Group (#5 Bank in Poland, part of Commerzbank Group). He is a member of the Risk Committee, CALCO and ALM Committees. He is involved in risk monitoring, governance, stress testing, contingency planning, ALM, FTP and regulatory topics.
Previously, he held a Vice President role at JP Morgan Chase in London. He was responsible for credit risk of portfolio of Emerging Markets FI & Sovereigns.
Jacek holds a MSc. in Management and Regulation of Risk from LSE and a BSc. in International Business Administration from RSM Erasmus University.
Koen De Leus
Chief Economist
BNP Paribas Fortis
Koen De Leus (born in 1969 in Bonheiden) graduated in Commercial Science from the Saint Aloysius Economics High School (EHSAL). He worked as an analyst for Uitgeversbedrijf Tijd, the publishing company behind De Tijd and L’Echo, from 1998 till 2006. During the last two years he served as Chief Economist. From 2006 to July 2012, Koen served as a Market Strategist at Bolero, the online broker of KBC Securities, before moving over to take up the post of Senior Economist at the parent company KBC in August 2012. Since September 2016 he is Chief Economist at BNP Paribas Fortis. He is also a guest lecturer in ‘Behavioral Finance’ on the Investment Management program at EHSAL Management School.
Koen published his first book in 2006 entitled ‘Naar Grijsland’ an in-depth analysis of the social and economic consequences of an aging population. In 2012 he published Gouden Beursleuzen, a book that dives mostly into the behavior of stock investors. In June 2017, Koen published his 3rd book about the digital revolution and its economic and social impact on our society: “The Winners’ Economy: Challenges and opportunities of the digital economy”. His last book about the five main trends for the coming decades named ‘The New World Economy in 5 trends – Investing in times of superinflation, hyperinnovation & climate transition’, was written together with chief strategist of BNP Paribas Fortis, Philippe Gijsels, in December 2023.
Ramm
Srinivasan
Cluster LeadSustainable Finance & ESG Rabobank
Ramnath Srinivasan (Ramm) is the Cluster Lead and Senior Expert, ESG and Sustainable Finance at Rabobank. Ramm is channeling his passion for sustainability to seek pragmatic ways to embed sustainability/ ESG across the client and credit journey. He has held key leadership roles in sustainability, risk and capital management in his 17+ years of career in financial services across three continents. Ramm holds a Post Graduate Certificate in Sustainable Business from University of Cambridge (First of Three Stage Master’s). He also holds an MBA from the Indian School of Business and a Post Graduate Diploma in Law from Government Law College, India.
RETHINK OR FAIL
Looking Beyond the Contract in Risk
Andrew Moyad is the CEO of Shared Assessments, a global risk membership organization that supports hundreds of companies, risk programs, and thousands of their associated third-party, compliance, cyber, and other risk professionals. As a risk practitioner and executive with more than 25 years in risk management, Andrew promotes the creation of cultures of accountability for organizations and their third parties.
Marisa Sgambati is a Marketing Manager at Shared Assessments, where she builds initiatives to grow and retain the organization’s member and subscriber community. Through strategic planning and hands-on execution, she leads campaigns that drive engagement, increase visibility, and support business goals.
The rapid rise of artificial intelligence (AI) is reshaping how financial institutions evaluate and manage third-party risks.
Yet many organizations remain overly reliant on outdated contracting frameworks that were not designed to address the speed or complexity of today’s AI-driven systems and how they learn and evolve.
At CeFPro’s recent Vendor Risk Europe conference in London, Andrew Moyad, CEO of Shared Assessments, urged financial institutions to rethink their approach to AI contracting.
Unlike traditional software, AI evolves in real time, creating dynamic risk profiles that static contract agreements are generally not equipped to manage.
Moyad noted that while proposed regulatory templates, such as the EU’s AI Model Clauses, offer directional guidance, they often lack the nuance needed for practical application and by default contain many provisions that are excessive or unnecessary.
“AI adoption is not just a legal or procurement exercise, it is a strategic shift,” Moyad said.
“Contracts must support that shift, but they alone cannot replace the more fundamental need for clear business objectives, risk alignment, and a deeper understanding of how selected AI systems actually operate.”
To advance responsibly, Moyad advised organizations to build flexible contracting playbooks tailored to each AI use case, and to validate vendor claims, separating true AI from rebranded automation.
The growing trend of “AI washing,” where vendors rebrand traditional automation tools as artificial intelligence, adds confusion and slows down due diligence.
This often leads to reflexive overengineering of assessments and controls, wasting time on technologies that do not warrant that level of scrutiny. Instead of
reacting to labels, risk teams should assess system functionality and business impact, applying oversight proportionate to the underlying technology.
As adoption increases, resilience planning is equally critical. Since AI supports core functions like fraud monitoring, cyber defense, and client support, firms must be prepared for system failures with clear contingency strategies.
Additionally, Moyad challenged institutions to look inward. Many AI failures stem not from vendors, but from how tools are deployed and governed internally. By treating risk professionals as strategic partners, not obstacles, organizations can better align innovation with their need for operational integrity.
As regulatory expectations increase and AI becomes embedded across the enterprise, Moyad’s message was clear: rethink your risk lens, or risk getting it wrong.
AI adoption is not just a legal or procurement exercise, it is a strategic shift
CeFPro® Events Risk Evolve Treasury Edition
JANUARY 20-21
Sofitel Dubai Downtown
Sheikh Zayed Road
Dubai
United Arab Emirates
Key Topics
Regulatory Alignment
Liquidity Stress Testing
Balance Sheet Resilience
AI & Treasury Intelligence
Digital Treasury Transformation and more...
Speakers From
Commercial Bank of Dubai | Citi |
United Arab Bank | First Abu Dhabi Bank | Ajman Bank | Standard Chartered Bank | HSBC and more...
Find out more and register today here >
Bridging Global Risk and the Engine of Innovation
Christophe is an expert in analytics expert who helped global organizations ensure effective and sustainable management of their analytics, through robust oversight governance.
He previously co-led McKinsey’s Model Risk Management service line and since 2024, has been Model Risk Management Executive at TD Bank Group.
Some careers follow a plan. Others grow from instinct, a pull toward new ideas and challenges. Christophe Rougeaux’s path belongs to the latter, shaped by curiosity, cross-cultural experiences, and a focus on impact.
A
Life in Motion and a Mind
Open to the World
Christophe’s early years spanned Europe and the Middle East, exposing him to cultures and beliefs that shaped his worldview. “I discovered that people do not just think differently; they start from entirely different beliefs,” he recalls. That insight became his compass in business, where bridging perspectives is often key to success.
Equations in Notebooks and the First Pivot
He began in theoretical mathematics, where logic and proofs were written by hand before code touched a computer. Initially considering academia, he sought more practical application. Actuarial science beckoned, until the European debt crisis and financial scandals shifted his focus to risk management.
A visit to a trading floor sealed it. “It was alive,” he recalls. He soon moved into model development for structured credit products and Basel regulatory models. Mathematics now had purpose-and he would not return to pure theory.
A good governance framework is not a brake. It is the steering wheel.
The McKinsey Chapter
A few years later, McKinsey & Company invited him to co-lead its Model Risk Management service line and build it in the U.S. from scratch. For Christophe, it was “an entrepreneurial muscle-building exercise” with global resources behind it. Over twelve years, his remit expanded from regulatory models to stress testing, financial crime detection, and AI risk management.
McKinsey also shaped his leadership style. “You cannot just tell people what to do. You have to bring them with you,” he says. That approach proved essential in environments where attorneys, data scientists, and regulators all had a voice.
Today: Guiding AI with Purpose
Now Global Head of Model and AI Risk Governance at TD Bank, Christophe tackles one of the era’s defining challenges: using AI responsibly. His work blends strategy, diplomacy, and architecture, aligning governance frameworks with regulation, business priorities, and public trust.
“A good governance framework,” he says, “is not a brake. It is the steering wheel.”
A Website Few Executives Maintain
Beyond his role, Christophe has built a personal website that serves as a curated portfolio of thought leadership and values. It is not a résumé but a resource for peers and juniors. The site reflects his identity:
• Confident as a trusted advisor
• Strategic, centering governance, sustainability, and responsibility
• Willing to drive transformation, not just maintenance
• Global in outlook, after years advising across North America and Europe
• Intentional in branding, with precision matching his professional work
The site is a subtle expression of his philosophy and professionalism.
Values That Do Not Bend with Trends
When asked what drives him, Christophe cites three guiding principles.
First, giving back. Quoting Khalil Gibran – “It was in my heart to help a little, because I was helped much” – he treats mentorship and knowledge-sharing as obligations.
Second, diversity as strength. Having worked alongside attorneys, quants, HR leaders, and regulators, he knows diverse viewpoints lead to stronger outcomes.
Third, impact as the ultimate measure. His yardstick is simple: what difference will this make?
Advice
That
Cuts
Through the Noise Christophe has seen hype cycles come and go. His counsel is direct: “Do not follow the trend. Find your passion.” It may take years and be shaped more by life than work, but once found, it guides everything – opportunities, impact, and tools.
Why His Story Matters Now
From writing equations in notebooks to shaping AI governance for a global bank, Christophe’s journey spans disciplines and continents without losing sight of purpose and trust.
In an era when AI is reshaping business, his story is a reminder that the most vital skill is not technical mastery alone, but the ability to connect worlds – human and technological, strategic and operational, global and local – driven by curiosity that keeps asking, what is next?
THE ART OF THINKING Right to Left
Oliver Woodman is AI Lead at The Exeter, focused on making advanced AI systems useful, understandable, and aligned with human needs. Passionate about human–AI interaction, Oliver bridges technical complexity with real-world impact.
How are the developments in Generative AI (GenAI) tools going to change the way you work?
While discussing the rapid developments in technology – mainly GenAI – and their real-world applications, a senior colleague of mine said: “We’re going to need to start thinking about things right to left.”
I can’t recall exactly how he explained it, but Google’s GenAI summary puts it neatly:
“A planning process that involves starting with the desired future outcome and working backward to the present, rather than starting with present actions and moving forward.”
This isn’t a new phrase –those working in strategic transformation have been using it for years. But I believe GenAI is going to give it a new meaning.
GenAI shifts the role of the human from doer to reviewer.
The Traditional Way of Working Traditionally, we’ve been limited in how we can manipulate information. Processes usually involve figuring out what data we need, transforming it step by step, and gradually shaping it into something the end user can draw value from.
Productivity gains have mostly come from automating parts of this pipeline. But fundamentally, people are still left handling the most timeconsuming repetitive tasks.
Take call notes as an example:
• Pre-technology: The call handler took notes during the call, then tidied them into a format that met business requirements.
• With transcription tools: The handler could rely on a transcript (with varying accuracy) to check details or fill in gaps.
• Adding sentiment analysis: Transcripts might also include caller sentiment, giving more context for the notes.
Each innovation sped things up – but ultimately the user was still piecing information together, rather than focusing on interpretation and decision-making.
How GenAI Changes the Process
This is where GenAI shifts the process. Instead of being limited by rulebased transformations, we can deploy specialized GenAI agents to perform tasks along the journey.
These agents can be told exactly what domain they should mimic (say, a call handler with 25 years’ experience in complaints) and how the information should be presented (for example, 100 words split into call reason, resolution, and next steps). The result: outputs already close to the desired format, minimizing the time users spend reworking them.
This shifts the role of the human from doer to reviewer.
In the call example, instead of stitching together notes from transcripts and sentiment markers, a GenAI agent could generate a clean summary that the handler simply reviews and contextualizes.
Take it further: an agent could look up the customer’s history, summarize past interactions, and highlight relevant products or entitlements –all in a way that expedites the task at hand.
And call notes are just one illustration. The same “right to left” rethink could apply across almost any process –from financial analysis to medical case notes to marketing copy –depending on the domain and the organization’s risk appetite.
With GenAI, almost any output can be generated. The challenge is no longer how to transform data step by step, but how to define and shape the outcome we want. After all, if a human can do it today, the underlying data must exist somewhere.
The Questions We’re Left With Of course, this raises important questions for us as users:
• In the ideal world, how should the data be presented? What format would allow us to understand information quickly, add context efficiently, and meet business needs with minimal effort?
• What level of manipulation are we comfortable outsourcing to GenAI? At what point does automation risk oversimplifying or misrepresenting the underlying information?
• Who takes responsibility when GenAI gets it wrong? Are we prepared to shoulder the blame for errors, and how do those error rates compare with humans performing the task unassisted?
Conclusion
GenAI gives us the opportunity to work backward from outcomes rather than inching forward from inputs. By designing for the destination instead of the mechanics of transformation, we shift people away from repetitive tasks and toward higher-value work.
The real challenge for leaders is defining the outcomes we want GenAI to create – and making sure our people are equipped to review and apply them.
TURNING THIRD-PARTY RISK FROM ROADBLOCK TO ROCKET FUEL
In the third and final part of her series on making TPRM the powerhouse behind your risk management strategy, Kelly Lake argues that changing the way the entire organization views vendor risk is the key to success.
Kelly Lake is a Third Party Risk Manager at Legal & General. She has previously held senior risk and technical management roles at Benchmark Capital and Fusion Wealth.
Picture the scene: you’re a manager trying to drive efficiency in your team to make strategic gains, and you’ve just had a budget request approved to invest in a tool that will replace some manual processes.
You know it will save time – and money – and that it will probably reduce the potential for human error along the way.
You’ve researched potential vendors, maybe even been through an RFP or bid process, and found the perfect solution. The price is right and you’re ready to get started, but there’s just one thing standing in your way: vendor due diligence.
We’ve all been there – that time when third party risk management (TPRM) feels like a blocker to progress for our business stakeholders, a resource drain and, if we’re all being honest, a check-the-box exercise.
So, how can we ensure that TPRM is seen as the value-add that it really is, rather than a thorn in the side of progress?
If stakeholders aren’t engaging and the business is struggling to understand what is being asked of it – and, more importantly, why – it’s time to take a step back.
We need to consider what can be done differently to embed cultural change in a more meaningful way and help the business recognize the value of effective third party risk management.
Engaging and influencing stakeholders at all levels
Different stakeholders have different priorities. By viewing the TPRM lifecycle through their lens, it becomes easier to define what “value” looks like from multiple perspectives.
Are they focused on improved decision-making? Operational efficiency? Cost reduction?
Legal or regulatory compliance?
Do they need clearer guidance to understand what’s expected of them? Can they easily access the information they need to maintain oversight or plan effectively?
For senior leaders and decisionmakers, value lies in clear, concise reporting and communication – and more information doesn’t always mean better.
Strong escalation protocols, welldefined thresholds, and meaningful management information (MI) are essential to enable sound judgment and strategic decisions.
If reporting is ineffective and timepoor leaders are overwhelmed with detail, they may tune out or misinterpret key messages, undermining the very purpose of the process.
Communicating Change in Meaningful Ways
Think about who you need to influence – and how to tailor your approach.
For business and service delivery owners who don’t live and breathe TPRM, it can be frustrating to feel like time is disproportionately spent on admin or chasing tasks.
It may seem like effort is being duplicated, or worse, that the outputs of all the time spent identifying and assessing risks don’t actually inform business decisions.
It’s essential not only to invest time in socializing and embedding the importance of certain processes and controls, but also to seek and act on feedback in a meaningful way.
If people don’t understand why a process matters, they’re less likely to engage with it positively. If processes feel disproportionate or ineffective, stakeholder feedback should be used to drive constructive change.
Making TPRM a strategic enabler
Ultimately, the goal is to shift the perception of TPRM from a compliance burden to a strategic enabler.
That means aligning processes with strategic goals, communicating in ways that resonate with different audiences, and continuously refining the approach based on real-world feedback.
When stakeholders see value, everyone gets on board with TPRM.
When stakeholders and leaders see how effective TPRM supports better decisions, reduces risk, and enables smoother operations, they’re more likely to engage with it proactively.
And when risk teams listen, adapt, and demonstrate value, they become trusted partners – not just gatekeepers.
When everyone sees the value, everyone gets on board Third Party Risk Management doesn’t have to be a roadblock – it can be a catalyst for smarter, more strategic decision-making when approached with empathy, clarity, and purpose.
By aligning TPRM with the real-world priorities of diverse stakeholders, and by communicating in ways that resonate with their specific roles and challenges, organizations can transform compliance from a checkthe-box exercise into a value-driven practice.
Embedding cultural change starts with listening, adapting, and demonstrating how good risk management not only protects the business but empowers it to move forward with confidence.
Banks brace for rising AML risks as AI lags
Global banks and insurers are facing a gathering storm in how they manage financial crime compliance, with evidence showing rising sanctions complexity, soaring compliance costs, and weak data quality creating significant operational strain.
With global institutions already spending more than $274 billion annually on compliance and reporting a 40% increase in sanctions-related risk alerts, it is clear that traditional processes are no longer sufficient.
Yet at the same time, only 38% of firms say they have high confidence in their customer risk data, exposing them to blind spots in managing sanctions and money laundering threats.
Rising sanctions complexity and poor data quality are turning AML from a compliance cost into a systemic risk.
>70%
of executives expect financial crime risk to increase in 2025; only 23% rate their programs “very effective.”
Source: Kroll
38%
of global compliance leaders rank anti bribery, AML and other fraud among their organization’s top five priorities.
Source: PwC
of global bank CROs say AI is already used to manage operational fraud; 44% use AI for compliance (incl. financial crimes).
Source: EY 59%
29%
of organizations plan new value/supply chain arrangements that may require compliance support, citing trade restrictions and sanctions.
Source: PwC
18%
of AFC professionals report AI/ML models in production for financial crime use cases; 25% plan to implement within 12–18 months and 40% have no plans.
Source: SAS
62%
of executives expect greater regulator–FI cooperation on financial crime enforcement over the next 12 months.
Source: Kroll
NEWS
WHAT'S BEEN HAPPENING...
Round up of news stories in September Risk & Finance in Focus: Latest Headlines
Global regulators push AI rules as banks face tough choices
Regulators worldwide are racing to define artificial intelligence in financial services. The EU leads with its AI Act, while the US, UK, China, and other jurisdictions weigh innovation against tighter controls. Charmian Simmons of SymphonyAI says firms must adapt quickly to divergent approaches, from rules-heavy frameworks to principles-based models, as AI reshapes fraud detection, compliance, and risk management. View here >
Celtic Bank accused of fueling multimillion Ponzi scheme
Celtic Bank faces a federal lawsuit accusing it of aiding a Ponzi scheme tied to water vending machine franchises. Plaintiffs allege the lender knowingly exploited its SBA lending powers to fund fraudulent loans, causing millions in investor losses while profiting from fees and interest. Former executive Scott Foster is also named in the case. View here >
Banks face rising wave of climate lawsuits over financing
Climate litigation is emerging as a major risk for financial institutions as courts weigh whether banks share responsibility for financed emissions. A report by Rick Bosman and Jasper Blom of Milieudefensie highlights ongoing cases against ING and BNP Paribas, which could set global precedents. If successful, the lawsuits may force banks to phase out fossil fuel financing and redefine accountability in the financial sector. View here >
Fed sets new bank capital rules - Morgan Stanley appeals
The Federal Reserve set new individual capital requirements for large banks following its annual stress tests, effective Oct. 1. Morgan Stanley asked the Fed to cut its stress capital buffer; a decision is due by Sept. 30. The framework blends a 4.5% CET1 minimum, a stress buffer of at least 2.5%, and a surcharge for the largest firms. Officials also floated two-year averaging to smooth volatility in future requirements. View here >
Citi rolls out AI to turbocharge wealth advice
Citi launched two in-house AI platforms for its wealth division, pairing a generative assistant with a markets dashboard now in pilot. Executives say the tools will cut advisor workload and sharpen client service, as the bank accelerates a broader tech overhaul and prepares to embed generative AI deeper across operations. View here >
ECB warns EU rollbacks put climate oversight at risk
The European Central Bank warned that the European Commission’s plan to scale back key sustainability rules could weaken the bloc’s ability to assess climate risk. In an August 15 letter, ECB President Christine Lagarde said the February 2025 “omnibus” proposal would have “significant implications” for the Eurosystem, citing the loss of standardized data if most firms are exempted from reporting. Analysts warn the changes could cloud banks’ risk assessments and ECB collateral controls. View here >
Turning Risk into a CATALYST FOR INNOVATION
Riten Dixit, VP of Market Risk at Federal Home Loan Bank of Cincinatti, specializes in integrating risk management with strategy, enabling innovation, and aligning financial risk frameworks with long-term organizational objectives.
Risk management in banking is being reshaped from largely being a defensive function to now being intertwined into how organizations pursue growth and innovation.
Navigating this landscape Riten Dixit, Vice President, Market Risk at the Federal Home Loan Bank of Cincinatti, argues that most effective risk teams today are not only focussed on protecting against the downside but to enable organizations to take smarter bets that drive strategy and innovation.
In a career spanning more than a decade, Dixit has learned that risk management cannot be considered in siloed terms. The world of financial services and corporate finance has become too complex and too interconnected for that to be viable in today’s markets.
Instead, he says, the once divergent paths of strategy, innovation, and risk have converged and share mutual dependencies.
“Risk teams are really enablers of strategy,” Dixit says. “Controls and compliance guardrails are necessary, but they’re no longer sufficient because they’re becoming a commodity. The real value is in balancing downside protection with upside facilitation.”
Dixit believes the convergence of risk, strategy, and innovation is inevitable in modern financial institutions. Strategy sets the destination, innovation identifies the most effective paths, and risk ensures the organization survives the journey. That requires risk leaders to think beyond their traditional roles.
When it comes to risk appetite frameworks, Dixit says they must evolve to support innovation.
“You can’t manage what you can’t measure, and you can’t measure what you don’t clearly understand,” he explains.
In his view, that means setting clear boundaries for acceptable risk-taking and articulating the principles that guide decision-making.
Granularity and judgment, he argues, are key - a framework should define which swings in risk are acceptable, while allowing room for flexibility. Done right, it creates a “sandbox” where innovation can be tested without fear, and with a clear understanding of the limits.
Technology – once considered a risk in its own right – plays a dual role in this landscape. It brings inherent risks, but it also creates powerful opportunities for value creation.
Artificial intelligence is a case in point - prominent in boardroom discussions and risk dashboards. But Dixit warns against rushing to identify only what could go wrong.
“You need to look at this through the dual lens of risk and opportunity,” he says. “Understand the impact if things go wrong, but also how you could make them right.”
This means technology investments must align with business objectives rather than follow industry trends for their own sake.
For boards and executives, Dixit says communication is critical, and his advice is simple: “Never let too many trivial details come in between a really good story.”
By framing conversations around materiality, reversibility, and alignment with long-term goals, risk leaders can help senior decisionmakers weigh strategic opportunities without drowning in operational detail.
Measuring the success of innovation within a risk framework is another challenge. Traditional risk-adjusted return metrics often fall short for unpredictable, lumpy innovation projects.
Dixit advocates for measuring “learning velocity” - the ability to kill weak ideas quickly, iterate smarter, and sustain momentum.
Controls and compliance are necessary, but they are no longer sufficient.
“The goal is smarter iteration,” he says. “Momentum is not the same as progress.”
Building cross-functional trust is essential. Dixit cautions against earning respect by either lowering standards or reflexively saying no.
Instead, he promotes a solutionoriented mindset, showing up early in discussions, and helping business leaders see both upside and downside more clearly.
“People don’t have to like you to respect you,” he says. “But they will respect you if you help them take smarter bets, rather than shut them down.”
In practice, that means shifting from seeking the “best” solution to identifying what is “good enough” to test and fail within acceptable boundaries. It allows for faster experimentation, keeps teams aligned, and positions risk as a partner rather than a bottleneck.
For Dixit, the ultimate goal is to transform risk management from a process-driven function into a purpose-driven partner.
“The best way to influence strategy or innovation,” he says, “is to be invited to the table when those things are worked on - and to have earned that invitation.”
BANKS CAN’T AFFORD
STATIC RISK AUTOMATION IS SURVIVAL
Givi Kupatadze, PhD is Head of Enterprise Risk Management, TBC Bank. He is also a Lecturer of Data Science at Caucasus University in Tbilisi, Georgia.
“Risk is a choice rather than a fate.”
The words of Peter L. Bernstein feel especially resonant in today’s banking environment, where every decision – from lending to technology adoption – carries risks that can shape an institution’s future.
For banks, risk is no longer something to react to; it is something to define, govern, and strategically embed.
The financial crisis of 2008 marked the moment when risk management shifted from fragmented control functions to enterprise-wide oversight.
Banks were no longer judged on whether they could react to trouble but on whether they could anticipate it.
Supervisors began demanding not only robust models but frameworks that integrated governance, accountability, and a clear articulation of risk appetite.
Since then, enterprise risk management (ERM) has become the backbone of resilience and competitiveness across the industry.
At the center of ERM sit two essential tools: the risk register and the risk
appetite framework. The risk register provides a structured, living inventory of risks across the enterprise.
It transforms abstract fears into defined exposures with clear owners, likelihoods, impacts, and mitigation strategies.
Without it, risk management fragments into scattered spreadsheets and emails. With it, risks become transparent, accountable, and actionable – for management, boards, regulators, and investors alike.
If the register maps the risks, the risk appetite framework defines
the boundaries. It translates broad strategy into clear limits on the amount and type of risk a bank is willing to accept.
Initially treated as a compliance exercise, appetite frameworks are now central to governance. Boards own them, business units operate within them, and risk functions monitor adherence.
What began as aspirational statements has evolved into operational discipline, tested in stress scenarios and scrutinized by supervisors and markets.
Automation does not replace human judgment – it amplifies it.
Yet frameworks alone cannot carry the burden. Without automation, risk registers and appetite frameworks risk becoming static documents, disconnected from the pace of decision-making.
This is where digital transformation plays its most practical role in banking risk management. By embedding ERM processes into workflow tools such as Jira, banks can transform these frameworks into living systems that breathe with the organization.
Automation replaces scattered reminders with structured workflows, enforces consistency through standard forms, and provides dashboards that offer consolidated, real-time views of risk and appetite utilization.
Risk owners still provide the judgment and qualitative input –but automation ensures discipline, timeliness, and transparency. Every change is recorded, every update tracked, every owner held accountable.
The impact reaches all levels of governance. Boards gain confidence that risk-taking is continuously monitored against defined limits. Supervisors see proof of systematic oversight.
Management gains a live view of exposures across business units and geographies. And for frontline risk owners, automation reduces administrative friction, freeing time for managing risks rather than managing spreadsheets.
This is not about layering on complexity. Most banks already use workflow tools across their organizations.
Extending those tools to risk processes makes ERM cost-conscious and efficient, embedding governance into the platforms staff already use daily.
Automation does not replace human judgment – it amplifies it, ensuring decisions are framed within structured, auditable, and forwardlooking frameworks.
The lesson from 2008 still holds: banks rarely fail for lack of data or expertise. They fail when governance is fragmented, when risks are invisible, and when appetite is unarticulated.
By automating the core of ERM –the risk register and the appetite framework – banks can avoid repeating the mistakes of the past. They can move beyond compliance to resilience, and beyond resilience to strategic advantage.
In a world of volatility, climate shocks, cyber threats, and fast-moving markets, risk is indeed a choice. With automation, that choice can be disciplined, transparent, and aligned with strategy – turning risk management into the compass that guides banking into the future.
Expert Financial Risk Intelligence Reports
TRENDWATCH:
Banks Cannot Ignore FIVE GLOBAL FAULT LINES
Operational risk is no longer a tidy bucket of internal-process mishaps. In 2025 it sits at the crossroads of geopolitics, digital transformation, and intensifying regulatory scrutiny - forcing banks and insurers to modernize resilience, data, and risk culture in tandem.
In our regular look at what’s front of mind for many of us in the industry today, we take a look at where your lens needs to be pointing.
01
CYBER RISK GETS SMARTER, NOT JUST STRONGER
First, cyber risk dominates –again. But with a twist. It’s not just more attacks – it’s smarter ones. Allianz’s 2025 Risk Barometer keeps cyber at the top global business risk, cited by 38% of respondents, with business interruption often the immediate consequence.
New technology risk, including AI, also enters the global top 10, underscoring how innovation is amplifying threat surfaces.
Allianz Commercial ORX’s Operational Risk Horizon adds texture: AI tools are lowering the barrier to entry for threat actors, while concentration in a handful of cloud providers raises the specter of systemic outages. orx.org
02
OPERATIONAL RESILIENCE SHIFTS FROM PLAN
TO PROOF
Europe’s Digital Operational Resilience Act (DORA) was applied on January 17, 2025, imposing harmonized ICT risk requirements, incident reporting, testing, and third party oversight across financial entities.
In the UK, firms reached the March 31, 2025 compliance milestone under PRA/FCA rules, with regulators signaling assertive supervision going forward.
The message on both sides of the Channel: resilience must be evidenced in critical services, third party chains, and recovery playbooksnot just policy binders. Sidley Austin, Bank of England, EY
03
REGULATION GROWS MORE COMPLEX AND COSTLY
PwC’s 2025 Global Compliance Survey finds 85% of companies say compliance requirements have grown more complex over the past three years; technology risks (cyber and data) top the agenda for more than half, and only 7% consider themselves “leading” today.
PwC likewise ranks “changes in legislation and regulation” fourth globally in 2025, citing sustainability reporting, crypto, and AI as flashpoints.
Allianz Commercial For operational risk heads, the takeaway is clear: control frameworks must evolve from checklist compliance to outcome based oversight that prioritizes material exposure.
04
GEOPOLITICS BECOMES A CORE RISK DRIVER
EY and the Institute of International Finance report that 83% of CROs expect geopolitical risks to have the same or greater effect in five years, with cyberattacks, supply chain disruption, and volatility the most likely manifestations. EY ORX echoes this, linking geopolitical instability to cybercrime, third party fragility, and regulatory uncertainty. orx.org
The implication? Horizon scanning, severe but plausible scenarios, and pre-arranged contingency options must be embedded into business service resilience.
Adaptable, outcome-based oversight is fast becoming the only durable edge in operational risk.
05
THE OP-RISK MODEL MODERNIZES FOR AI AND DATA
EY/IIF finds banks actively upgrading data capabilities (71%), while 61% of respondents cite talent as a key risk to overseeing emerging tech such as GenAI.
EY PwC shows momentum but uneven adoption - connected compliance improves decision confidence, yet many organizations are still early in applying AI to surveillance, analytics, and fraud.
PwC ORX notes that digital change is forcing firms to balance legacy and new tech, increasing conduct, legal, and resilience exposures unless controls and skills modernize in parallel. orx.org
What should risk leaders do now? Treat cyber and business interruption as a single resilience portfolio; design controls and drills around end-to-end business services, not silos.
Map third party and cloud concentration, set de-concentration triggers, and test real failovers. Translate DORA/UK rules into a unified, impact-tiered control regime, with evidence trails that withstand supervisory challenge.
Build geopolitics into scenario libraries and liquidity/ operations playbooks. Finally, fund data quality, model governance for GenAI, and specialist talent pipelines - because adaptable, outcome-based oversight is fast becoming the only durable edge in operational risk.
Sources: ORX Operational Risk Horizon 2025 and H1 2025 Top Risk Review; EY/IIF Global Bank Risk Management Survey (2025); PwC Global Compliance Survey 2025; Allianz Risk Barometer 2025; EU/ESAs and EIOPA on DORA; UK PRA/ FCA operational resilience updates. orx.org+1orx.org+1 EYPwC Allianz
