The Long Goodbye: Four reasons why we’ve seen the last of low interest rates… for now
Process vs Checklists: Unpacking Michelle Bowman’s compliance reality check
Sleepwalking into Trouble: The folly of not embedding AI into process
Spreading Exposure: Why concentration risk is the arch-enemy of risk management
connect.cefpro.com/magazines
05
FOREWORD: FROM ESG TO INTEREST RATES
Andreas Simou looks at what’s in store in this edition of the magazine
Andreas Simou, Managing Director and CEO at The Center for Financial Professionals
The views and opinions expressed in this publication are those of the thought leader as an individual, and are not attributed to CeFPro or any particular organization.
06
ESG RISK IS EVERYWHERE - GO DEEPER OR GET LEFT BEHIND
Why ESG now demands multi-tier supply chain scrutiny, regional context, and credible AI-enabled monitoring
Mikko Venermo, Senior Manager, Environmental & Social Policy, Standards and Knowledge Management at IFC
14
WHY BOWMAN MIGHT JUST BE RIGHT ABOUT TRADING CHECKLISTS FOR PROCESS
Riten Dixit asks if Michelle Bowman might be right about shifting the focus from process to purpose to better align risk management with real-world impact
Riten Dixit is VP market Risk at Federal Home Loan Bank of Cincinatti
18
WHY WE’RE SLEEPWALKING INTO RISK OF OUR OWN CREATION
Mathew Wells argues financial firms must embed AI oversight into third-party risk management or risk hidden exposures undermining operational resilience. Mathew Wells is Head of Risk Advisory UK at Wavestone
This month’s regular features in
THE LONG GOODBYE TO LOW INTEREST RATES
Koen De Leus on why he believes inflation and interest rates will remain elevated for decades
Koen De Leus, Chief Economist at BNP Paribas Fortis
FINDING ALPHA IN A WORLD ADAPTING TO CLIMATE CHANGE
C. Robin Castelli argues that transition risk management will become obsolete if it fails to match the speed of innovation
C. Robin Castelli, Head of Transition Finance Investing, Orange Ridge Capital
THE ART OF SCENARIO PLANNING TO ANTICIPATE THE UNTHINKABLE
Mark Norman explores why scenario planning must evolve into enterprise resilience, testing multi-day shock-testing and rapid recovery readiness
Mark Norman is Head of Content at The Center for Financial Professionals
BRIDGING THE CONFIDENCE GAP:
Turning assumptions into evidence in SaaS supply chains
Julie Antonelli, VP of Sales, Escode
SPEAKERS ONBOARD
Stand out speakers from Vendor & Third Party Risk Dallas 10
THE COACH WHO NEVER STOPPED TEACHING
Chandrakant Maheshwari discovers how a lifelong coach turns complexity into clarity, strengthening identity and building resilience through reinvention
Chandrakant Maheshwari, FVP, Lead Model Validator, Flagstar Bank 24
32
INFOGRAPHIC: CREDIT RISK TIGHTENS AMID RISING DEFAULTS AND LOOMING REFINANCING WALL
Our regular feature looking at the non-financial risk in statistics. This month, we focus on credit risk
38
NEWS IN REVIEW
Our 3-minute read catches you up on some of the news stories and events that have been on the risk news agenda around the world over the last month
44
TRENDWATCH: WHY
CONCENTRATION RISK IS THE NEW SINGLE POINT OF FAILURE
In our monthly look at global risk trends we spotlight concentration risk - the hidden dependencies, and playbooks for meeting risk challenges
Alice Kelly, Head of Programming, CeFPro
Publisher
FROM ESG TO INTEREST RATES
The Risk Resilience Playbook You Need
A warm welcome to this month’s edition of Connect - a showcase of how wide the risk agenda now stretches, from climate and supply chains to market structure and operational resilience.
In this edition, Mikko Venermo demonstrates why going multitier into supplier networks - and grounding judgments in local context - has become non-negotiable for responsible financing within ESG risk management.
We balance that with a macro lens as Koen De Leus, in the last of his twopart series of articles, waves a long goodbye to low interest rates, arguing that the era of ultra-low rates has ended and that the new reality that brings will reshape funding, margins, and default dynamics for years to come.
Operational preparedness takes center stage in an article that examines how scenario planning will be essential in moving crisis simulation beyond checklists toward multi-day, compound-event recovery - with third-
party dependencies squarely in view. Our must-read this issue is our regular Trendwatch feature which looks at why concentration risk is the new single point of failure and offers a pragmatic playbook for mapping hidden fourthparty links, setting appetite, engineering portability, and rehearsing real-world exits. If you read one feature this month to strengthen resilience, make it this.
Round it out with our data-rich infographic on credit risk, which highlights delinquency trends, leveraged-loan defaults, and the looming CRE refinancing wall.
If you’d like to guest-edit a future edition of Connect - or discuss advertising and brand partnershipsplease contact the editorial team. We’d love to hear your ideas.
I hope you enjoy this month’s issue of Connect. The next edition lands on November 25.
Andreas Simou Managing Director & CEO The
Center for Financial Professionals
ESG RISK IS EVERYWHERE
- Go Deeper or Get Left Behind
Mikko Venermo is Senior Manager for Environmental & Social Policy, Standards and Knowledge Management at IFC, leading ESG frameworks. Formerly Associate Director at EBRD, he advised on sustainability policy and green finance. He contributes to ESG reporting initiatives and research.
What counts as ESG risk has exploded in recent years – and so has the depth at which financial institutions are expected to understand it.
From carbon footprints to conflict zones, supply chain scrutiny now spans multiple tiers, countries, and crisis scenarios. In today’s volatile world, ESG isn’t a checklist – it’s a high-stakes exercise in context, credibility, and constant vigilance.
As I noted during a panel session at CeFPro’s recent Vendor Risk Europe event, it’s not just child labor or carbon emissions anymore.
The number of ESG issues that stakeholders care about keeps growing, and going deeper into supply chains is no longer optional.
At IFC, we engage directly with our clients to understand how they manage ESG risks in their own operations and across their supplier networks, and that process begins with screening.
We identify potentially material risks, then dig deeper as needed. In many industries, this means going multiple tiers down the supply chain.
The scope and depth of issues has become critically important. Some of our clients now require insight several layers down, and this is increasingly the expectation for responsible financing.
Our approach balances rigor with practicality, meaning that after identifying risks, we rely on regular reporting from clients. If that reporting is solid – based on sound internal processes – we accept it. But if red flags emerge, we escalate.
That might mean an in-depth audit or deploying independent experts to verify specific claims, so it’s essential that you have a system that works both at the initial due diligence stage, and throughout the life of the investment.
One of the most valuable tools in our ESG risk framework is a regional risk database we’ve built over years, tracking vulnerabilities across countries and subnational areas.
We have to layer local risk into our ESG assessments. Screening for materiality means nothing if you don’t account for where the supplier is based – so regional context can change everything.
Geopolitical tension is another growing threat. Recent conflicts have disrupted food and energy markets globally, triggering domino effects far from the epicenter. These ripple effects highlight the fragility of interconnected systems.
Conflict and poor governance can produce shockwaves across global supply chains – we have only to look at the war in Ukraine to see how conflict creates food crises and fuel shortages thousands of miles away.
Climate risk, meanwhile, is a mounting concern. While many financial institutions have made progress tracking their corporate carbon footprints, the challenge lies in financed and third-party emissions – particularly scope 3.
At IFC, our own emissions footprint, at 2 percent, is just a fraction of the emissions associated with our investment portfolio. The other 98 percent are financed emissions. That disparity drives our focus on helping clients measure, manage, and ultimately reduce their supply chain impact.
Transparency, rather than perfection, is our guiding principle. Data gaps remain, especially in scope 3, but the direction of travel is clear, and global standards from ISSB and the EU are now embedding these requirements.
ESG isn’t a checklist - it’s a high-stakes exercise in context, credibility, and
We began building our own ESGfocused machine learning tool in 2018. It took six years to bring it to life. Today, that tool – called Malena – is up and running. We limited the data universe and trained it on high-quality, verifiable project data, because control over data quality is non-negotiable. Without that, AI can become just another source of
Stand Out Speakers
November 4-5, 2025
This November, Dallas becomes the meeting point for North America’s leading third party and vendor risk management professionals as Vendor & Third Party Risk Dallas returns for its 12th edition. Over two days, attendees will gain unparalleled insights from senior risk leaders, with sessions focused on evolving regulatory expectations, operational resilience, and the future of third party risk management in an increasingly complex environment.
Speakers will share strategies to strengthen TPRM frameworks—navigating concentration risk, ensuring cyber resilience, and balancing innovation with effective oversight. With forward-looking discussions on AI governance, ESG requirements, offshoring strategies, and exit planning, Vendor & Third Party Risk Dallas offers a unique opportunity to benchmark practices, expand your network, and elevate the maturity of your program.
This event is the place to equip your team with the knowledge, tools, and foresight to manage risk effectively and prepare for the challenges ahead.
Jennifer Wilkinson VP Third Party Risk Management Cenlar FSB
Jenn Wilkinson has over 25 years of experience in the mortgage industry with a special focus on third party risk and vendor oversight. Throughout her career, she has successfully built a robust and regulatory compliant Third-Party risk infrastructure. She is currently the Vice President of Third-Party Risk Management for Cenlar, a leading US mortgage subservicer. A self-proclaimed TPRM nerd, Jenn is a proud member of the ABA’s TPRM roundtable as well as Women in TPRM, a professional group aligned to the Third-Party Risk Association. While her institution’s primary regulator is the OCC, she also has extensive experience in FDIC, FRB, and CFPB expectations from working with a wide array of clients who are regulated by them. She is a people person with a positive attitude and enjoys building successful relationships with everyone she works with.
Ryan Langshaw
Director of Third Party Risk Management & Vendor Onboarding PayPal
Daniel Heid
Managing Director, Third Party Risk Management
Charles Schwab
Ryan Langshaw is a strategic enterprise risk leader with over 12 years of experience driving third-party risk management and vendor governance programs across global financial institutions. Currently serving as Director of Third Party Risk Operations & Vendor Onboarding at PayPal, Ryan leads enterprise-wide initiatives that enhance operational efficiency, regulatory compliance, and technology transformation.
He has a proven track record of building scalable risk frameworks, leading crossfunctional teams, and delivering multimillion dollar technology projects. Prior to PayPal, Ryan held senior leadership roles at Visa, First Republic Bank, and Bank of the West, where he spearheaded innovations in risk analytics, AI-driven monitoring, and regulatory compliance.
Ryan holds a B.A. in Applied Science from the University of Delaware and is a Certified Regulatory Vendor Program Manager (Level IV).
Daniel Heid is the Managing Director of Third-Party Risk Management at Charles Schwab. With leadership roles at Texas Capital Bank and Bank of America since 2007, he has extensive experience in international procurement, business continuity, global operations, and vendor risk management, including five years as an expatriate in Costa Rica and Mexico. Heid earned a B.S. from Brigham Young University and an MBA from the Thunderbird School of Global Management at Arizona State University. He is Six Sigma Green Belt certified and completed executive education at Harvard, Duke, Michigan, and the Indian School of Business in Hyderabad.
Bryan Phillips Director of ICFR and Third Party Risk Management
The Federal Home Loan Bank of Indianapolis
Bryan Phillips is a financial services professional with over 20 years’ experience in risk management, including third-party risk management, Sarbanes-Oxley (SOX) compliance, enterprise risk management, internal audit and external audit. He is currently responsible for the third-party risk management program and internal controls over financial reporting at the Federal Home Loan Bank of Indianapolis. Bryan has developed, implemented, managed, and audited third party risk management across several financial institutions.
Malcolm Smith SVP Global Lead Third Party Risk Management
Goldman
Sachs
A Navy veteran of 11 yrs, with a BS in Information Technology and a MBA.
Malcolm currently works as Risk and Resilience Global Lead at Goldman Sachs, specializing in operational resilience, third-party risk management, and regulatory compliance. Based in Dallas TX, he has a passion for focusing on continuous process improvement to drive his team and firm’s growth and goals.
To find out more about our upcoming event click here >
WHY BOWMAN MIGHT JUST BE RIGHT ABOUT TRADING CHECKLISTS FOR PROCESS
Riten Dixit, VP of Market Risk at Federal Home Loan Bank of Cincinnati, specializes in integrating risk management with strategy, enabling innovation, and aligning financial risk frameworks with long-term organizational objectives.
When Federal Reserve Governor Michelle Bowman suggested earlier this year that supervision had become too focused on procedure, the statement struck a chord with many in the financial risk community.
One of them is Riten Dixit, Vice President, Market Risk at the Federal Home Loan Bank of Cincinnati, who believes that shifting the emphasis from paperwork to purpose could make risk management more effective.
“Procedure and process are key components of risk management,” Dixit said. “But the focus should be on purpose. Impact-based risk management and impact-based supervision are naturally more effective and efficient.”
For Dixit, the problem is that process is easier to measure than judgment - but easy does not mean right. He argues that supervision and second-line oversight should match the size, complexity, and impact of
the risk a firm is taking, not just the completeness of its documentation.
“The depth of scrutiny should be tied to the scale of impact,” he said.
Bowman’s comments, Dixit believes, should prompt firms to ask a different set of questions: not “did we document everything?” but “are we managing risk well?” and “are we scanning for emerging threats?”
That means moving beyond what he calls “compliance or control
theater” to foster genuinely risk-aware conversations.
Shifting to outcomes over form-filling requires cultural change. Dixit stresses that this does not mean abandoning required regulatory processes - those remain vital - but rather allowing for professional judgment.
“A lot of debate over best practice may not be the one and only approach,” he said. “Allowing for judgment is what promotes a good risk-aware culture.”
The world is changing too fast for risk management to rely on static controls.
The risk of ignoring this shift is what he calls “over-engineering” - a creeping expansion of checklists and templates that compensates for a lack of trust in people’s judgment.
When this happens, highly capable staff spend more time proving they are compliant than they do improving processes or scanning for new risks.
“If your best and smartest people are spending time on these things, that’s time not spent somewhere more meaningful,” he warned, adding that over-engineering can paralyze action when decisive moves are most needed.
Instead, Dixit wants boards and executives to be prepared for an oversight environment that ties reviews to tangible outcomes.
That clarity, he says, makes it easier to understand what success looks like, treat issues with the right priority, and avoid creating a “suite of checklists to ensure nothing could ever go wrong.”
Looking ahead, Dixit hopes to see compliance functions judged more by how effectively they detect, prevent, and adapt to emerging risk than by the volume of documentation they produce.
“The world is changing too fast for risk management to rely on static controls,” he said. “If risk management is not moving at the speed of innovation, it will become irrelevant.”
In his view, the future belongs to proactive, adaptive risk managers who not only supervise but lead - providing strategic insight and enabling innovation while safeguarding resilience. “The best risk people are the ones who are going to lead in this proactive, adaptive risk lens,” he said.
For now, Bowman’s comments may be a sign that the regulatory pendulum could swing toward greater flexibility, giving risk teams more latitude to balance compliance with judgment.
If that happens, it could create a more dynamic environment where “doing it well” matters more than “doing it by the book.”
Risk Evolve Treasury Edition
Treasury functions are being reshaped by market volatility, regulatory pressure, and rapid digitization. The question is: how ready is your organization to adapt?
JANUARY 20-21
Key Topics
Regulatory Alignment
Liquidity Stress Testing
Sofitel Dubai Downtown Sheikh Zayed Road Dubai, United Arab Emirates
Balance Sheet Resilience AI & Treasury Intelligence
Digital Treasury Transformation and more...
Hear From
Commercial Bank of Dubai | Citi | United Arab Bank | First Abu Dhabi Bank | Ajman Bank | Standard Chartered Bank | HSBC | and more...
WHY WE’RE SLEEPWALKING
INTO RISK OF OUR OWN
CREATION
Mathew Wells is Associate Partner and Head of Risk Advisory UK at Wavestone, a global change and transformation consultancy. Previously he had senior roles at NatWest and Capco, and prior to this, a further 10 years with Wavestone.
AI has the potential to transform how financial institutions operate - and how they fail. As firms accelerate the use of AI and GenAI across the supply chain, the question is no longer if AI introduces risk, but how deeply embedded that risk already is.
From where I sit, we’re seeing too many organizations rushing to adopt models they don’t fully understand, deployed by third parties they barely oversee.
The starting point is simple –as I explained during a panel session I took part in at the Vendor Risk Europe conference recently - you need the right artefacts in place.
You cannot govern what you cannot see.
Institutions must build inventories of AI usage and classification matrices that distinguish between deployers and providers.
These aren’t academic exercises –they are essential to knowing where the AI lives, who controls it, and what it’s doing. After all, you cannot govern what you cannot see.
But visibility is only the beginning. True risk governance requires a deep integration of AI oversight into the third- party risk management lifecycle.
That means going beyond static due diligence and embedding dynamic, ongoing monitoring - especially when third- party providers may themselves be relying on subcontractors who introduce additional exposure.
Even large, reputable vendors may fail to disclose when AI components are added to existing services. You might think you have an AI model that’s internal, but your end users may be external, increasing your exposure in ways you hadn’t anticipated.
Regulatory complexity compounds the problem; The EU AI Act introduces a more defined, riskbased framework, while the UK has leaned toward an outcomes-based approach – and firms must navigate both, along with existing legal frameworks like GDPR.
The result is often paralysis or a fragmented response that leaves real gaps. It’s critical to understand how the AI fits into your legal frameworks: the rules may differ across geographies, but the risks don’t.
Contracting practices haven’t caught up either. Far too often, AI features are bolted onto legacy platforms with little contractual clarity.
It’s not just a question of liability - though that matters, it’s about understanding ownership of models, data, and outputs.
One panelist asked, “Who is accountable when the model is thirdparty, but the customer experience is yours?”
The answer is straightforward: you are. If those decisions are driving the strategy and the fundamentals of your organization, you need people who understand them and can govern them.
Part of the solution lies in talent. Financial services firms need new skill sets to properly govern automated decision-making and algorithmic models.
That doesn’t mean discarding traditional risk governance - it means augmenting it. AI governance doesn’t exist in a silo. It intersects with legal, compliance, data management, and operational risk.
But without dedicated roles or defined internal ownership, organizations will struggle to keep pace.
AI is not just a risk to be managed - it’s a tool to be used, and that includes within third-party risk management itself.
We’ve seen clients apply AI to detect data anomalies, enhance supply chain visibility, and streamline documentation review.
One example we’re tracking involves parsing a 40-page business continuity plan, extracting relevant fields, and auto-populating risk management systems – a process that once took hours, now completed in minutes. These efficiencies can’t be ignored.
But the risk rises with the value. Without structured oversight, without embedded governance, and without strategic clarity, AI becomes a blind spot – not an asset.
As I said during the panel, things will need to change. The incumbents in governance must evolve just as quickly as the technologies they’re tasked with managing, otherwise, we’re sleepwalking into exposure we don’t even recognize.
Vendor & Third Party Risk Amsterdam
Gain insights on post-DORA compliance, concentration risk, automated assessments, ESG mandates, and third party AI oversight, with expert speakers from leading institutions.
Nov 18-19
Leonardo Royal Hotel Amsterdam
Register here >
Bridging the confidence gap: Turning assumptions into evidence in SaaS supply chains
Julie Antonelli, VP of Sales, Escode
Financial institutions across the world have grown increasingly dependent on SaaS and cloud providers, which is no bad thing – but with that dependence comes new risk.
The latest Global Whitepaper: Supplier Stability in Operational Resilience, which we commissioned together with CeFPro, reveals that almost 80% of firms have not verified whether their providers’ downstream vendors – the “vendors behind the vendors” – have credible stressed exit plans in place.
In a sector where a single supplier’s failure can trigger prolonged outages, this confidence gap poses a material threat to business continuity and resilience.
What the confidence gap really means
The whitepaper highlights a stark imbalance. It shows that while many firms express confidence in their business continuity and resilience, that
confidence does not always equate to compliance.
In fact, only 21% have reviewed their providers’ stressed exit plans – and 40% of organizations admitted they had either not asked for evidence of a plan, had no intention to do so, or were unsure if such checks had been made. Within this group, not a single firm reported high confidence in their own stressed exit planning. The gap between perception and evidence underlines why regulators are pressing boards to demand greater oversight of third-party risk.
From assumption to control
One way to close this gap is through independent controls such as software escrow. Software escrow allows organizations to verify that critical applications can be rebuilt and run in practice if a supplier fails, withdraws support, or suffers disruption. The whitepaper found that firms using software escrow for
SaaS and on-premises applications were significantly more confident in their stressed exit planning. By turning contractual rights into proven recovery paths, escrow helps firms demonstrate compliance with evolving regulations like DORA, SS2/21, FFIEC, and the UK’s Critical Third Parties regime – while reducing the chances of costly downtime.
Looking ahead:
Where is the sector’s focus?
Encouragingly, the indications are that firms are starting to direct more resources into third-party oversight. Survey respondents pointed to regular financial stability checks, deeper scenario testing, and mapping of downstream dependencies as priorities for the next 12 months. These steps mark an important shift from reactive to proactive resilience. So the opportunity is clear: by evidencing the robustness of supply chains now, financial institutions can not only protect against future disruption but also strengthen their position with regulators, investors, and customers.
The overwhelming key takeaway from our whitepaper is that when it comes to downstream risk for financial firms, assumptions are just not enough. Firms that invest in evidence-based controls sooner rather than later will be better positioned to withstand shocks, which are frequent and costly.
With the right tools and oversight, financial institutions can bridge the confidence gap, turning operational risk into an opportunity to lead on resilience and control long-term trust.
Too
much cloud. Too little control.
93% of financial institutions now rely on cloud for critical functions.
Yet exit plans go untested. Risk ownership is undefined.
Continuity is assumed — not assured.
Regulations aren’t waiting and with DORA and SS2/21 in full force, firms must prove they can withstand disruption.
The new whitepaper from CeFPro and Escode reveals why escrow isn’t just protection - it’s proof of resilience.
David Asermely is VP, Global Business Development & Growth Strategy at ValidMind. He joined in May 2025, bringing more than 20 years of experience in analytics, model risk, and financial services—most recently shaping SAS’s model risk and AI governance solutions.
Earlier in his career, he progressed to Head of Asset Servicing Analytics Products at BNY Mellon. His unique blend of human centered leadership positions him to drive strategic growth and adoption with credibility and empathy.
Some people build careers in straight lines. They study one subject, pursue one profession, and never deviate from that track. Then there are people like David Asermely, who show us that strength comes not from following a fixed script but from carrying forward the deeper values that make us who we are. David’s story is not about sticking to one label. It is about refusing to be boxed in, while staying true to the core of what gives him meaning: listening, teaching, coaching, and building systems that help others thrive.
From Muscles to Minds
David began his academic life immersed in kinesiology and neuroscience. At the time, most people in his field were preparing for careers in therapy or clinical practice. But David’s curiosity pulled him elsewhere.
David wasn’t content simply to understand biomechanics or physiology for himself. He wanted to turn it into something teachable.
He wanted high school students to see how chemistry, biology, and physics were not abstract textbooks but principles alive in their own bodies. Out of that desire, he designed curricula that blended sports science with the underlying sciences, creating lessons that connected learning with curiosity.
The tone that would define David’s life was set, and he zeroed in on transforming his knowledge into something others could use.
The Teacher and the Coach
For three years, David taught high school biology, and coached baseball and girls’ basketball. He discovered how to communicate complex ideas in ways that could reach different minds. He learned how to motivate young people, how to structure practice and learning so that progress became visible, and how to coach teams to believe in themselves.
Coaching, as he came to see it, was not about shouting from the sidelines. It was about shaping an environment in which others could perform at their best. It was about bringing clarity to confusion. It was about turning potential into performance.
Reinvention Without Losing the Core
Eventually, David pivoted into the corporate world, first in banking and then into SAS and then to fintech. On the surface, it looks like a dramatic shift, but the continuity is clear. He was still translating complexity into clarity. Instead of athletes or teenagers, he was mentoring professionals and teams and still building systems that didn’t just solve today’s problems but anticipated tomorrow’s needs.
He didn’t cling to titles like ‘teacher’ or ‘coach’, but he carried their principles into every role, revealing a crucial truth that careers are made by the values we refuse to abandon along the way.
You don’t lose your identity when you change paths. You strengthen it.
The Power of Prevention
Whether in medicine, education, or banking technology, David has always leaned toward systems that reduce risk, empower people, and build resilience ahead of time. It is no coincidence that he is drawn to frameworks, curricula, and models that enable others to think ahead.
His journey reminds us that strength comes from investing in the long view and having the patience to build solid foundations even when quick fixes seem tempting.
Lessons for Anyone at a Crossroads
David’s journey speaks especially to those who feel stuck or pressured by the idea that their career must follow one narrow track. He espouses the reality you can make dramatic choices without losing your identity, as long as you hold on to the principles that make you come alive.
In his case they are teaching what you know, coaching rather than commanding, prevention above repair, and being transparent.
A Strength We Can All Borrow
David’s journey is evidence that what matters is carrying forward the essence of what makes you strong. For him, that essence is the teacher who translates complexity, and the builder of systems that last.
His story is a timely reminder that you don’t lose your identity when you change paths. You strengthen it.
Reinvention, when done with integrity, is not a break but a continuation.
THE LONG GOODBYE TO LOW INTEREST RATES
Koen De Leus is Chief Economist at BNP Paribas Fortis, based in Brussels. He was previously Senior Economist at KBC Bank and has written extensively on economic strategy and analysis.
The era of ultra-low interest rates is over, and it is not coming back anytime soon.
That is the message from Koen De Leus, Chief Economist at BNP Paribas Fortis, who believes the global economy has entered a fundamentally different phase - one that will be defined by structurally higher inflation and interest rates for decades.
“We’re not going back to the preCOVID period of ultra-low interest rates,” De Leus warns. “We are in a totally different environment, not just for a couple of years, but for a couple of decades.”
The shift, he explains, is driven by five major global trends, four of which exert upward pressure on prices.
Public debt levels are continuing to climb, aging populations are reducing the share of working-age people relative to consumers, globalization is reversing, and climate change is introducing persistent cost shocks.
Only one trend - a potential surge in productivity from technologies such as artificial intelligence, 3D printing, and renewable energy - offers meaningful downward pressure on inflation.
Deglobalization, De Leus noted, is particularly significant. For decades, cheaper imports and the offshoring of production helped suppress prices and wages.
“Now we see a period of deglobalization, certainly with the Trump tariffs,” says De Leus.
Climate change adds another layer of complexity, as extreme weather and commodity shocks disrupt supply chains, while massive investments in sustainability push costs higher.
Taken together, these forces mark a reversal of the 40-year trend of falling inflation.
“I think we could be in a period of 10 to 20 years of inflation going up,” De Leus predicts, adding that institutions such as the Bank for International Settlements and other think tanks also share this view.
Higher inflation almost inevitably means higher interest rates. De Leus points out that interest rates consist of two components: the real rate and the inflation premium.
With central banks likely to tolerate inflation in the range of 2 to 4 percent - rather than the 0 to 2 percent seen over the last four decades - the inflation component alone will be one to two percentage points higher.
We are not going back to the pre-COVID period of ultra-low interest rates.
The second factor is the risk premium that investors demand for holding long-term bonds. This premium, which compensates for potential shocks and uncertainties, fell to negative territory before 2020 but has since rebounded to 1 percent and could return to its historical average of 2 to 3 percent.
“All in all, you’re going to see interest rates that, compared to the period before 2020, will on average be three to six percentage points higher at certain points in the cycle” says De Leus.
For banks, this shift brings both opportunity and risk. Rising longterm rates will boost net interest margins, but higher borrowing costs will eventually lead to more nonperforming loans. Defaults remain at historic lows, yet De Leus warns they will rise as rate pressures build over time.
The political dimension is equally important. With sovereign debt in many advanced economies at or near record levels, governments will be under pressure to manage the burden.
“There are two ways to solve it,” De Leus says. “A country can default on its debts - which is unimaginable for most advanced economies - or it can use inflation.”
Allowing inflation to run above target for years gradually reduces the real value of debt without the political and market shock of default. De Leus expects this path to be favored.
“The ECB and the Federal Reserve are not going to say we’re going to increase our inflation target to 3 percent,” he said. “They’re just going to let it happen.”
For financial institutions, the implication is clear: the low-rate world is gone.
Instead, says De Leus, preparing for higher funding costs, tighter credit conditions, and an environment in which inflation remains stubbornly above recent norms will be essential for stability and growth in the decade ahead.
Vendor & Third Party Risk Dallas
Explore evolving regulatory expectations, concentration risk, AI governance, ESG requirements, and operational resilience, with insights from senior risk leaders across the financial sector.
Credit Risk Tightens Amid Rising Defaults and Looming Refinancing Wall
US household delinquencies climb to 4.4%
The New York Fed reports 4.4% of outstanding household debt was delinquent in Q2 2025, with total household debt reaching a record $18.39 trillion. Early-stage credit card and auto delinquencies remain elevated, signaling pressure on lowerincome borrowers and rising loss content for lenders as repayment buffers thin. SSGA
Source: SSGA
US bank net charge-offs at 0.60% - cards at 4.34%
FDIC’s Q2 2025 Quarterly Banking Profile shows the industry net charge-off rate at 0.60% (12 bps above the pre-pandemic average), with credit card charge-offs at 4.34%. Provisioning rose and noncurrent loan trends in CRE, multifamily and consumer credit stayed above pre-COVID norms, underscoring mounting credit costs into 2026.
Source: FDIC
About 20% of US CRE loans - nearly $1Tmature in 2025
The Federal Reserve’s Financial Stability Report estimates roughly onefifth of outstanding commercial real-estate loans - about $957–$998 billion - come due in 2025. Refinancing at tighter terms amid weak office fundamentals elevates default and loss risk for banks and nonbanks with concentrated CRE books.
US leveraged-loan default rate edges up to 5.2% (TTM)
Fitch reports the trailing12-month leveragedloan default rate rose to 5.2% in July 2025, driven largely by distresseddebt exchanges and selective bankruptcies. Elevated rates and weaker interest coverage keep downgrade and default risk high across lower-rated issuers, with implications for CLO performance and bank exposures.
Source: Fitch Ratings
EU ‘Stage 2’ loans at 9.5% - cost of risk 57 bps
The EBA flags rising early-warning credit risk: Stage 2 exposures reached 9.5% in Q1 2025, NPL stock €377.8bn, and cost of risk 57 bps - the highest since 2021. While headline NPL ratios remain low, migration to Stage 2 signals future impairments if growth and rates disappoint.
Source: MLex
Delinquencies are
climbing, leveragedloan defaults are sticky,
and a 2025 CRE refinancing wall is testing lenders’ nerves.
EU stress test shows €229bn CET1 depletion - resilience improved
The EBA’s 2025 EU-wide stress test indicates aggregate CET1 depletion of €229bn (about 370 bps), better than 2023, as profitability cushions credit losses. Banks remain above minima under a severe scenario, yet results highlight sensitivity to macro shocks and credit deterioration from trade and geopolitical strains.
Source: European Banking AuthorityKPMG
FINDING ALPHA IN A WORLD ADAPTING TO CLIMATE CHANGE
C. Robin Castelli is Head of Transition Finance Investing at Orange Ridge Capital. He’s an expert in climate risk, transition finance, and private equity, with a strong background in quantitative modeling, financial analysis, and strategic management.
The adaptation to a warmer planet isn’t only an environmental story - it is the largest capital reallocation in human history. For investors, that means extraordinary risks and oncein-a-generation opportunities. Miss it, and it’s like building horse-drawn buggies while the world shifts to cars.
My new book, Principles of Transition Finance Investing: Finding Alpha in a World Adapting to Climate Change reframes climate finance not as a matter of ‘being green’, but as a question of competitiveness, capital flows, and survival.
Why This Book, Why Now Throughout history, disruptive transitions have defined markets. Those who embraced new technologies thrived; those who resisted were left behind. The automobile, electricity, and the internet all redrew the economic landscape.
Today, the transition to a warmer world is reshaping energy, transportation, agriculture, manufacturing, and finance itself.
The book draws on my experience at Citibank, where I developed the models used to manage more than $730 billion in Wholesale Credit and Commercial Real Estate portfolios. That role was a masterclass in how to quantify and manage systemic risk at scale. The lesson I carried forward is simple: if you don’t measure risk, it will manage you.
Climate transition is the ultimate systemic risk. But it’s also the ultimate investment opportunity.
Beyond ESG: Why Transition Finance
Traditional ESG frameworks, while useful, often miss the real story. They can be backward-looking, compliance-driven, and overly focused on labels. What investors need is a forward-looking lens that captures the dynamics of adaptation and transition.
Transition finance offers that lens. It highlights where industries are being forced to adapt - and where capital should flow to capture alpha. It’s not about virtue signaling. It’s about anticipating disruption, positioning for resilience, and allocating capital to the companies and strategies most likely to thrive.
If risk management is not moving at the speed of innovation, it will become irrelevant.
Winners, Losers, and the Next Frontier
In the book, I explore how every sector faces a binary choice: adapt, or risk obsolescence. Some will be transition winners - firms reengineering their models for resilience, efficiency, and innovation. Others will be laggards, clinging to outdated paradigms, effectively investing in buggies while the market moves to cars.
For example:
Buildings: Inefficient properties risk becoming stranded assets under tightening regulation, while energy-efficient retrofits and smart management systems are poised for explosive growth.
Energy: Beyond wind and solar, underexplored areas like geothermal and advanced storage hold immense potential for investors who act before markets become crowded.
Agriculture: As equatorial farmland loses productivity, northern latitudes such as Canada, Scandinavia, and Russia are emerging as the next agricultural frontier.
These are not distant scenarios. They are investable opportunities today - and they are unfolding faster than many realize.
Practical Frameworks for Investors
What makes this book distinct is its emphasis on frameworks rather than anecdotes. Each chapter provides structured tools to evaluate opportunities and risks across sectors, addressing questions such as:
Is the technology mature enough to invest in now, or still years away? How crowded is the market, and where are valuations stretched? What policy or regulatory triggers are activating investment flows? How can portfolios capture upside while hedging systemic downside?
These are the questions that serious asset managers, corporate leaders, and policymakers need answers to - and they form the backbone of Principles of Transition Finance Investing.
Why It Matters
The numbers are staggering. Each year, trillions of dollars are being redirected toward adaptation and decarbonization. Governments are reshaping entire industries with policy and incentives. Supply chains and consumers are demanding new standards of resilience and sustainability.
For investors, ignoring transition finance isn’t neutral. It’s an active choice - one that risks missing
opportunities and being caught on the wrong side of history.
The challenge is urgent. The opportunities are vast. The winners will be those who see clearly, adapt early, and act decisively.
The book has been written for a broad but focused audience.
It will resonate with asset managers seeking tools to integrate transition dynamics into portfolio construction, corporate leaders navigating how their sectors will be reshaped, policymakers working to understand capital flows and their implications, and entrepreneurs and innovators who view transition as opportunity, not constraint.
So, whether you manage billions or lead a growing business, the frameworks in this book are designed to help you recognize and seize transition opportunities.
Food for Thought
The transition to a warmer world is the defining economic challenge - and opportunityof our generation. The question is not whether it will happen. It’s whether we will adapt fast enough to seize it.
Let’s not be the buggy builders. Let’s invest in the future.
Principles of Transition Finance
Investing: Finding Alpha in a World Adapting to Climate Change is now on sale at Amazon, Wiley, and Barnes & Noble
OCTOBER
News stories round-up
TD slashes costs with AI - C$2.5 billion plan
TD executives set out a multiyear overhaul to save up to C$2.5 billion annually by automating processes, shifting customers to digital channels and cutting third-party spend. Leaders also vowed tighter capital discipline, deeper client relationships and revived medium-term growth targets shelved after last year’s U.S. enforcement actions. U.S. chief Leo Salom said AML remediation is advancing, with AI and new monitoring systems already in place.
View here >
NYDFS shake-up - Harris exits, Asrow steps in
Adrienne Harris will leave New York’s Department of Financial Services, Governor Kathy Hochul said, with research and innovation chief Kaitlin Asrow named acting superintendent from 18 October. Harris, who began in January 2022, told the Financial Times she planned a four-year stint and that her exit is unrelated to politics. Her tenure featured tighter crypto oversight, high-profile penalties, and postSignature reforms to sharpen bank supervision.
View here >
Inside JPMorgan’s AI push - agents, concierges, upheaval
JPMorgan is accelerating a bank-wide AI overhaul built around “LLM Suite,” a portal to leading large language models. Chief analytics officer Derek Waldron told CNBC the bank updates the platform every eight weeks and is moving to agentic AI for complex tasks. The goal is an AI assistant for every employee, automated processes, and AI-curated client experiences, with far-reaching implications for jobs and margins.
View here >
Markets on edge as shutdown risk tests America’s fragile credit
Markets have largely shrugged off past shutdowns, but a fresh lapse could signal deeper governmental dysfunction and invite another look from rating agencies. With contingency plans for a data blackout ready and warnings from trading desks about tail risks, a downgrade would likely hit Treasurys first, push yields higher, and sap equities. Economists see limited immediate fallout, but hiring and investment could slow if a standoff drags on.
View here >
Banker charged after Carney profile breach - RCMP allege
View here >
Banks turn AI research into real-world gains
View here >
THE ART OF SCENARIO PLANNING TO
ANTICIPATE THE UNTHINKABLE
Mark Norman is Head of Content at The Center for Financial Professionals
In an evolving risk landscape where non-financial threats such as cyberattacks, geopolitical instability, and technology failures loom large, scenario planning has become a cornerstone of effective resilience strategy.
From the vantage point of a senior risk leader responsible for technology and data risk across a major financial institution, a recent CeFPro conference event offered a moment of critical reflection on how the practice of crisis simulation has matured – and where it must go next.
The regulatory shift in recent years has been palpable. Once focused narrowly on identification and control, the emphasis has now decisively moved toward response and recovery.
Scenario planning today is no longer a mere checkbox in a risk management playbook. It has become a dynamic tool to test the limits of organizational resilience under conditions that could fundamentally disrupt critical operations.
Scenario planning is no longer a theoretical endeavour. It is an exercise in applied resilience.
The message from supervisory bodies is clear: firms must be able to demonstrate not only how they would withstand a disruptive event, but also how quickly and effectively they can recover.
A significant part of the responsibility now lies in ensuring that scenario planning reflects operational realities.
This means involving those closest to the threat landscape - from cybersecurity teams to technologists – and, critically, external stakeholders such as third-party vendors.
Too often, organizations craft scenarios in isolation, ignoring the systemic risk embedded in shared service providers. Failure to engage these partners meaningfully can render even the most robust internal scenario design exercises incomplete.
Recent examples have shown just how fragile certain dependencies can be. The failure of widely used thirdparty platforms or routine software updates leading to mass outages have highlighted the limitations of short-term, one-dimensional thinking.
Truly resilient organizations must embrace the possibility of multi-day disruptions and compound events – cyber incidents cascading into liquidity stress, or supplier outages
triggering reputational damage and regulatory scrutiny.
Effective scenario planning also demands a governance model that is neither siloed nor superficial.
Committees dedicated to operational resilience should serve as coordination points, ensuring that scenario outputs influence broader risk and control frameworks.
These efforts must be auditable, traceable, and supported by data that informs decision-making at all levels of the organizations, including the board, and where possible, scenario inventories should be maintained, refreshed, and prioritized based on changes in the internal risk profile and external threat intelligence.
Crucially, scenario design must remain relevant. The best scenarios are those that resonate with key stakeholders and reflect the lived experience of the organization. Irrelevance, or a perceived lack of plausibility, undermines the entire exercise.
To counter this, firms should embrace input from across the enterprise, including business units, legal and compliance functions, and strategic planners.
What emerges is not a single, static threat narrative but a living, multilayered understanding of operational vulnerabilities.
There is a growing recognition that diverse perspectives are essential to avoid groupthink in scenario planning.
Hiring individuals from similar backgrounds, relying on homogenous teams, or anchoring decisions to past events may blind organizations to future risks. The challenge, then, is to embed horizon scanning practices that are not only inclusive but also attuned to societal shifts and external events.
Whether it is the erosion of geopolitical norms, the weaponization of disinformation, or the rise of adversarial AI, resilience strategies must be both wide-angled and deeply contextual.
Regulatory initiatives such as the UK’s operational resilience framework and the EU’s Digital Operational Resilience Act (DORA) are sharpening
These frameworks demand not just proof of continuity planning but also assurance that critical thirdparty dependencies are rigorously tested under extreme yet plausible scenarios.
Regulators are beginning to look beyond the institutions they supervise directly, aiming to assess systemic resilience across networks of suppliers and service providers.
In doing so, they are relying on firms to act as the first line of defence – a responsibility that cannot be fulfilled with paper-based exercises or outdated assumptions.
Scenario planning is no longer a theoretical endeavour. It is an exercise in applied resilience, a mechanism for truth-testing risk appetites, and a strategic lens through which business continuity, technology dependency, and organizational agility are all assessed.
It is about building a future-proof firm – one where rapid response capabilities are matched by clarity of
TRENDWATCH:
WHY
CONCENTRATION
RISK IS THE NEW SINGLE POINT OF
FAILURE
Alice Kelly is Head of Programming at The Center for Financial Professionals
Financial institutions have spent a decade outsourcing non-financial capabilities to a small set of hyperscale clouds, SaaS platforms, data utilities, and specialist outsourcers.
The payoff - speed and scale - has created a parallel problem: systemic concentration. When many firms depend on the same providers, failures can ripple across products, geographies, and even markets.
WHAT’S DRIVING CONCENTRATION
• Hyperscale gravity. Compute, storage, identity, messaging, and analytics have consolidated around two or three clouds, often in the same few regions and availability zones
• Critical SaaS. Payments gateways, KYC/AML utilities, trading venues, market data, and treasury tools are increasingly ‘few vendors serving many’
• Hidden fourth parties. Two ‘diverse’ vendors may share a common subprocessor (CDN, DNS, IAM, queueing), creating stealth coupling
• Data and AI supply chains. Model hosting, LLM endpoints, vector databases, and labeling services cluster around a handful of platforms
• Geopolitics and regulation. Data residency, sanctions, and vendor designation regimes (e.g., ‘critical third parties’) can narrow choices further
WHY IT’S HARD
• Correlation beats redundancy. Dual providers that share a sub-service (identity, DNS, PKI) can fail together
• Opaque dependencies. Contracts rarely expose full sub-processor trees or change notifications in time to mitigate
• Vendor lock-in. Proprietary interfaces and tooling raise exit costs; portability is an afterthought
• Testing limits. Providers may resist joint failover exercises or won’t simulate control-plane failures
• Governance gaps. Many boards see third-party risk as a procurement issue, not a resilience threat to important business services
A PRACTICAL PLAYBOOK THAT WORKS
01
MAP SERVICES, NOT JUST VENDORS
Start with important business services (payments, deposits, collateral, trading) and map every runtime and control dependency: cloud region/zone, identity, DNS, CDN, queueing, observability, data feeds, and critical people/process steps. Extend to fourth parties. Maintain this as a living graph, not a spreadsheet.
02
SET MEASURABLE RISK APPETITE FOR CONCENTRATION
Define thresholds such as: % of an important service reliant on one cloud region; % traffic on a single CDN; Herfindahl–Hirschman Index for vendor share; max number of IBS supported by the same identity provider. Report breaches like any other KPI.
03
ENGINEER FOR CREDIBLE PORTABILITY
Abstract where it counts: containerize workloads, externalize secrets, use open interfaces for data (Parquet/CSV + schema registries), keep infrastructure-as-code platform-agnostic where feasible, and maintain repeatable environment builds. Negotiate termination assistance and data-export SLAs with time-bound RTO/RPO.
04
DIVERSIFY THE RIGHT WAY
Pursue multi-region, multi-zone by default; selective multi-cloud where the business impact justifies active-active (payments, client onboarding, market connectivity). Avoid ‘check-box multicloud’ that doubles cost without reducing correlated failure.
05
TEST SEVERE - BUT PLAUSIBLE - SCENARIOS
Go beyond ‘instance down’. Rehearse cloud region loss, identity provider compromise, DNS poisoning, corrupted SaaS dataset, certificate/PKI failure, and prolonged degraded-performance states. Time recovery of client-facing outcomes (can payments settle, can clients authenticate), not just component uptime.
06
CONTRACT FOR TELEMETRY AND CONTROL
Bake in real-time metrics, incident hooks, change notices for sub-processors, step-in rights, and joint exercise obligations. Tie SLA credits to business impact (missed RTO/ RPO) rather than generic uptime.
09
PRACTICE THE EXIT
Run drills: export data, rebuild on alternate infra, switch traffic, and reconcile books/records. Document residual risks and time to safe service.
THE BOTTOM LINE
BUILD IDENTITY AND KEY
REDUNDANCY 08
Implement secondary auth paths for staff and clients, protect control planes with break-glass procedures, customermanaged keys (BYOK/ hold-your-own-key) where possible, and independent certificate lifecycle management.
ALIGN GOVERNANCE AND INCENTIVES
Make concentration a standing board topic. Require CIO/CTO/CRO attestation that new critical services meet mapping, portability, and test standards. Price concentration into Funds Transfer Pricing or product economics to disincentivize fragile architectures.
Treat concentration like market risk - set appetite, measure exposure, hedge with architecture.
Concentration risk won’t disappear; scale economics guarantee it. The winning posture is transparency (service maps and telemetry), credible portability (engineering and contracts), and rehearsed recovery (scenarios that mirror real failures). Treat concentration like market risk: set appetite, measure exposure, hedge with architecture, and test your ability to move when it matters.
