Hunting down the cockroaches lurking in private-credit structures, controls and governance incentives
Getting a Psychological Edge: Why psychological safety should be the early warning system in hard risk infrastructure
Skin in the Game: Why fear should drive human sentinels guarding against catastrophic decisions
Banking on Disaster:
Your next cyber crisis is inevitable – your response should be too
connect.cefpro.com/magazines
PSYCHOLOGICAL SAFETY AS RISK INFRASTRUCTURE
Julien Haye explores why psychological safety is key to risk infrastructure, surfacing weak signals early and enabling faster decisions under pressure.
Julien Haye, Managing Director, Aevitium Limited
FOREWORD: HUNTING HIDDEN RISKS WHERE COCKROACHES, CULTURE AND GEOPOLITICS CO-EXIST
Guest Editor Julien Haye welcomes you to the latest edition of Connect Magazine and its focus on psychological risk
Julien Haye, Managing Director, Aevitium LTD
WHY TRADITIONAL RISK MODELS CAN’T SURVIVE THE AGE OF DEEP UNCERTAINTY
Roger Spitz explains why foresight, resilience, and humility must guide finance in uncertain times.
Roger Spitz, Chair at the Disruptive Futures Institute and CEO of Techistential
This month’s regular features in Connect Magazine
INFOGRAPHIC: HOW GEOPOLITICS HAS MOVED INTO THE CONTROL ROOM
In our regular look at the industry in numbers, we explore how geopolitics is reshaping governance, profit warnings and regulatory expectations
Chandrakant Maheshwari finds out how one risk leader turns unlearning and calculated bets into a blueprint for
Chandrakant Maheshwari, FVP, Lead Model Validator, Flagstar Bank
HUNTING FOR COCKROACHES: THE HIDDEN RISK BEHIND JPMORGAN’S TRICOLOR SHOCK
Mark Norman explains why JPMorgan’s Tricolor $170m hit exposes the hidden threat in private-credit risk and control frameworks
Mark Norman is Head of Content at The Center for Financial Professionals 22
WHY AI NEEDS HUMANS WHO HAVE SOMETHING TO LOSE
Chandrakant Maheshwari explains why fear-forged human vigilance is key to averting AI catastrophe in financial services
Chandrakant Maheshwari is FVP, Lead Model Validator at Flagstaff Bank, NY 30
36
MARKET RISK – ARE YOU READY TO FAIL?
Sandeep Jain warns that unmodelled shocks need playbooks not guesswork, and says concentration risk, not losses, breaks portfolios
Sandeep Jain, Senior Risk Executive, Bank of America
40
YOUR NEXT CYBER CRISIS IS INEVITABLE. ARE YOU READY FOR IT?
Shameela Miah explores why the inevitability of cyber incidents requires a rehearsed response to safeguard resilience and recovery
Shameela Miah, Event Producer, CeFPro
NEWS IN REVIEW
Our 3-minute read catches you up on some of the news stories and events that have been on the risk news agenda around the world over the last month
TRENDWATCH: CREDIT RISK’S CHANGING THEATER OF WAR
This month our regular look at key sector trends explores how the battlefield of Credit Risk is changing
Mark Norman, Head of Content, The Center for Financial Professionals
WHERE LEADERS GO TO LEARN
Got ideas shaping the future of financial risk?
Share your knowledge globally with Connect Magazine’s network. Get in touch today >
Magazine team
Publisher Andreas Simou
Managing Director CeFPro andreas.simou@cefpro.com
Marketing
Alana Cannatella Junior Marketing Manager CeFPro alana.cannatella@cefpro.com
Editor Mark Norman Head of Content CeFPro mark.norman@cefpro.com
Sales & Advertising Chris Simou Head of Sales CeFPro chris.simou@cefpro.com
Design Natasha Marino Head of Design CeFPro natasha@cefpro.com
HUNTING HIDDEN RISKS
Where Cockroaches, Culture and Geopolitics Co-exist
As guest editor for the November edition of Connect Magazine, I wanted to bring the hidden variables of risk out into the open.
JPMorgan’s Tricolor shock is a reminder that where you find one cockroach, there is usually an infestation nearby – in incentives, structures, and unchallenged assumptions.
But the real story is not just failed controls; it is what happens inside organizations when people feel unable to speak up about what they see.
That is why we open with a focus on psychological safety as a core risk infrastructure, not soft culture. When brains switch off under pressure, weak signals die before they reach decisionmakers.
We then move through AI, where humans with something to lose must remain the sentinels at the gate, however sophisticated our models become.
Risk is also personal. Our careers feature shows how one leader treats life as an audit – unlearning, rewiring and treating risk as a growth engine rather than a brake.
And, because the external context is shifting fast, we map how geopolitics has moved into the control room and how credit risk’s theater of war is being redrawn in real time.
I hope these articles, which frame current thinking about how our world continues to evolve, help you challenge where risk really lives in your firm –in data, structures, but above all in human behavior.
If you would like to guest edit a future edition, or explore advertising opportunities, please get in touch with the CeFPro editorial team.
The next edition of Connect Magazine will be out in mid-December.
Best wishes
Julien Haye Managing Director
Aevitium LTD
Real risk doesn’t live in models – it hides in culture, incentives and unspoken assumptions.
PSYCHOLOGICAL SAFETY AS RISK INFRASTRUCTURE
Julien Haye is Managing Director of Aevitium LTD and a veteran risk leader with 26+ years in global financial services. He has served as Chief Risk Officer, advises boards on governance, culture and resilience, and champions psychological safety as a foundation for better decision-making.
When risk decisions matter most, uncertainty, pressure, and cultural barriers often prevent weak signals from reaching decision-makers.
In volatile markets shaped by shifting regulation, geopolitical shocks, and fast-moving technology, these blind spots quickly compound into crises.
This is the central theme of my book The Risk Within, which positions psychological safety not as a cultural aspiration but as infrastructure for effective risk management.
When people feel safe to speak candidly, challenge assumptions,
and raise concerns without fear, early signals are surfaced and decisions improve under pressure.
What the Evidence Shows
Recent polling of more than 2,000 professionals and dialogue with more than 100 risk leaders confirm that human decisions, cultural adaptability, and structural clarity determine whether risks are surfaced and acted upon when uncertainty is at its peak. More specifically:
• Leadership support. Four in ten said lack of visible leadership backing is the main barrier to psychological safety.
• Resistance to change. More than half highlighted cultural resistance as the strongest blocker to stronger risk practices.
• Silence and conformity. A third pointed to silence in meetings or a lack of challenge as clear signals of risk blindness.
• Clarity of process. Almost a third said unclear pathways delay escalation and slow decision-making.
• Cross-line collaboration. Over a third identified collaboration across the three lines as critical to effective visibility.
From Insight to Action Embedding psychological safety into governance design translates intent into outcomes. Six levers stand out:
1. Make leadership support observable. Leaders should actively invite questions, acknowledge contributions, and close the loop on concerns raised.
2. Provide clarity of process. Simple thresholds and decision routes remove hesitation and speed up response.
3. Treat silence as data.
Periods without escalation in high-change areas are early indicators of suppression, not stability.
4. Equip middle management. Managers need a mandate, resources, and tools to surface risks quickly and credibly.
5. Build cross-line collaboration. Deliberate integration across the three lines strengthens ownership and reduces blind spots.
6. Reframe assurance as enablement.
Risk and compliance teams add value when they amplify weak signals and coach constructive challenge.
Psychological safety is not a cultural aspiration, it’s risk
infrastructure.
Lessons from Reviews Regulatory and independent inquiries reinforce these findings. The UK Parliamentary Commission on Banking Standards noted at HBOS that “warnings were ignored or not escalated.”
The FCA’s review of TSB’s 2018 IT migration highlighted weak governance and limited senior oversight. The Credit Suisse Archegos report concluded that management had multiple signals of risk concentration, but “failures of management and culture” prevented action.
What Boards Should Ask Boards cannot assume silence means stability. Five questions bring human factors into oversight:
• Where have risk signals decreased in areas of rapid change?
• Which decisions included dissent, and how was it addressed?
• How quickly did the organization move from first signal to decision?
• What leadership behaviours reinforced candour this quarter?
• What lessons were captured from near misses?
Conclusion
Resilience under uncertainty is built on the conditions that allow people to speak openly and act decisively.
Embedding psychological safety into governance is essential to capture weak signals earlier, challenge assumptions more effectively, and move from warning to decision with speed.
Small but deliberate changesclear pathways, visible leadership support, structured learning, and cross-line collaboration - turn psychological safety into risk infrastructure.
Treasury functions are being reshaped by market volatility, regulatory pressure, and rapid digitization.
The question is: how ready is your organization to adapt?
Risk Evolve Treasury Edition
JANUARY 20-21
Key Topics
Regulatory Alignment
Liquidity Stress Testing
Balance Sheet Resilience AI & Treasury Intelligence Digital Treasury Transformation and more...
DUBAI, UAE
Risk Evolve: Treasury Edition
Stand
Out Speakers
January 20-21, 2026
On January 20–21, 2026, Dubai becomes the meeting point for global treasury, risk, and finance professionals at CeFPro’s Risk Evolve: Treasury Edition. Over two days, attendees will gain exclusive insights from senior leaders across global and regional banks, regulators, and financial institutions, exploring how treasury functions are being reshaped by market volatility, regulatory pressure, and rapid digitization.
Forward-looking discussions will explore the power of AI and treasury intelligence to enhance liquidity forecasting and balance sheet planning, as well as the digital transformation of treasury through automation and technology. Additional sessions on ALM governance and culture will highlight the importance of ownership, accountability, and effective risk management.
With insights from leading experts and innovators, Risk Evolve: Treasury Edition 2026 offers a unique opportunity to benchmark strategies, expand your network, and prepare your organization to thrive in the next era of treasury and ALM.
Commercial Bank of Dubai
This event is your opportunity to join the forefront of financial risk management — equipping your team with the knowledge, tools, and foresight to shape the future of treasury and ALM, and prepare for the challenges ahead.
Deepak Mehra is the Chief Economist at Commercial Bank of Dubai, where he is primarily responsible for analyzing the macroeconomic landscape to identify emerging risks and opportunities that impact the bank. Previously, at CBD, he was the Head of Investments starting in 2007 and was instrumental in establishing the product and advisory platforms. He was also instrumental in launching the region’s first Robo Advisory app from a bank in 2021. In a career spanning more than three decades, Deepak has held leadership positions in banks like Citibank and Credit Suisse. He is an alumnus of Indian Institute of Technology and has an MBA degree from IMT. A regular speaker at conferences and on television, he is also the author of two successful books Ready, Steady, Go, and Think Like a Golfer.
Deepak Mehra Chief Economist
Tariq Mahmood Chief Finance Officer
Citi
Nabil Rahman
Managing Director, Global Head of Liquidity Management
Standard Chartered Bank
I am a postgraduate (MBA) and a Fellow Member of the Association of Certified Chartered Accountants (ACCA - UK), with more than 15 years of experience in international markets including Dubai, London & Bermuda, working with Top Tier Banks & Big 4 public practices delivering financial advisory services.
Nabil has been a Treasury professional for more than two decades, starting his career in Standard Chartered Bank Bangladesh. Before moving to Singapore, Nabil was the Head of ALM in Bangladesh driving ALCO agenda.
In Singapore, Nabil worked for Standard Chartered Bank in different roles spanning Treasury Projects Management, driving FTP and Risk policies, to Liquidity Management. He has been the Global Head of Liquidity Management since 2022, based in Singapore, driving the Group’s Liquidity agenda, managing Group and Regulatory metrics management and optimizing the balance sheet across the Group.
Zsombor Brommer is the Chief Compliance Officer at United Arab Bank, where he directs leadership of Corporate Governance and Compliance departments, steering regulatory implementation and remediation programs. He drives new initiatives, enhances daily operations, and launch products, ensuring regulatory compliance. His work includes developing and implementing customized compliance risk management frameworks, policies, and procedures, along with implementing AI and machine learning solutions, reducing false positive hits by 40% and achieving significant cost reduction.
Zsombor Brommer Chief Compliance Officer
United Arab Bank
Karim Adouane Head of Global Markets
Trading Ajman Bank
Karim Adouane leads the Global Markets Trading function at Ajman Bank, covering Rates, Sukuk, FX, and Islamic derivatives. With more than 25 years of experience across regional and international markets — including Paris, London, and Dubai — he specializes in liquidity management, debt capital markets, rate and FX strategy, and the development of Sharia-compliant hedging and investment solutions. He is a regular contributor to industry panels and thought-leadership forums in the region.
Nabil moved to Standard Chartered UAE in 2023 to manage the Treasury Markets Business for the Middle East, North Africa and Pakistan Region, in addition to his Global Liquidity Management role.
To find out more about our upcoming event click here >
WHY TRADITIONAL RISK MODELS
CAN’T SURVIVE THE ‘METARUPTIONS’ OF DEEP UNCERTAINTY
Roger Spitz is a leading authority on systemic disruption and strategic foresight. Before founding the influential Disruptive Futures Institute in San Francisco, he served as Global Head of Technology M&A at BNP Paribas, advising on over $25 billion in transactions.
For Roger Spitz, one of the world’s foremost authorities on strategic foresight, the problem with risk management today is simple: it is built for a world that no longer exists.
“The assumption of a relatively stable, predictable, linear, and controllable world is not only wrong,” Spitz says, “but the cost of relying on that assumption is increasing.”
Speaking about his recent paper in the Journal of Operational Risk, Spitz – Chair at the Disruptive Futures Institute and CEO of Techistential –said modern finance remains trapped in a “predict and act” mindset — one that assumes probabilities can be assigned to every possible outcome.
That framework, he explained, cannot cope with the complexity
of cascading shocks and nonlinear change now shaping the global system.
He believes the world has entered an age of “deep uncertainty,” where events are not only unpredictable but fundamentally unknowable.
“When rare becomes less rare and unprecedented becomes the norm,” he said, “you can’t rely on the same historical data or models that once worked.”
This shift has enormous implications for banks and insurers. Traditional stress testing and scenario planning, designed to measure known risks, fall short when shocks compound across domains — from climate and cyber to geopolitics and social unrest.
“There’s no data on the future,” Spitz said. “We have to move away from believing that data from the past can meaningfully predict what’s ahead.”
Instead, Spitz argues for an approach grounded in foresight and resiliency — building preparedness across a wide range of potential futures rather than betting on a few central scenarios.
“The purpose is not to predict but to build the muscle of anticipation,” he said. “It’s about being ready for whatever shape disruption takes.”
That philosophy – one that assumes ongoing uncertainty in the shape of continuously emerging threats that Spitz describes as ‘metaruptions’ – is gaining traction.
Spitz notes that some central banks, including the Federal Reserve Bank of Cleveland, have begun integrating multiple, equally weighted future scenarios instead of relying on a single base case.
“They’re not trying to guess which scenario will happen,” he said. “They’re training for resilience.”
Spitz also challenges the financial sector’s obsession with efficiency and optimization. In his view, these values have bred fragility.
“Optimized and efficient isn’t necessarily good,” he said. “Antifragile or resilient is effective.”
From supply chains to share buybacks, he argues that organizations must rethink what makes them truly robust in a world of constant shocks.
Technology, particularly artificial intelligence, complicates this picture further. Spitz warned that AI’s predictive power is often overstated.
“AI is very good with what’s complicated — things that are linear and can be calculated,” he said. “But in complex, emergent systems, it can’t predict the unpredictable.”
Worse, he says, over-reliance on algorithms could erode human judgment, leaving decision-makers less capable of sense-making when systems fail.
The deeper challenge, he suggested, is philosophical as much as technical. For 80 years, a relatively stable global order allowed policymakers, businesses, and investors to believe in predictability.
“Change is not new,” Spitz acknowledged. “But humanity has never before faced this combination of speed, scale, and existential threat.”
His message for financial institutions is clear: resilience, not prediction, must become the new currency of stability.
“We need humility,” he said. “The
The future isn’t a forecast — it’s a landscape we must learn to navigate, not control.
NEW SURVEY JUST LAUNCHED
Your Experience. Your Judgement. Your Impact.
As we move towards the end of the year, and when viewed through a risk management lens, the world is a very different place than it was we rang in the New Year 11 months ago.
How Geopolitics has Moved into the Control Room
Geopolitics has moved from background noise to a live control variable in financial institutions.
Boardrooms and executive committees are treating political instability, sanctions, trade friction, and state-driven cyber activity as core business risks rather than external context.
The effect is showing up structurally inside firms. Chief Risk Officers, who historically focused on credit quality,
market risk, conduct, and operational resilience, are now explicitly ranking geopolitical exposure alongside cyber and resilience as a top three forward threat.
The pressure is commercial, not just regulatory. Earnings guidance is now citing geopolitics. Nearly half of recent profit warnings by major listed companies referenced political instability or policy risk as a driver of underperformance.
In our regular feature that assesses risk management in terms of numbers, we look at how and where the landscape has changed since January, and how the risk sector is adapting to those changes.
CROs are formally elevating geopolitical risk
36% of bank Chief Risk Officers now cite geopolitical risk as one of the top three threats for the next three years, alongside cyber and operational resilience.
This is the first time geopolitical risk has entered the global top tier of CRO concerns. Ernst & Young
Why it matters: Banks are operationalizing geopolitical risk, not treating it as background noise.
Geopolitical risk now seen as single biggest industry threat
81% of respondents across the global financial services industry named geopolitical risk as the top risk for 2024, up from 68% the prior year. This is the second consecutive year it ranked number one, ahead of inflation. dtcc.com
Why it matters: The jump from 68% to 81% shows escalation, not just persistence.
Geopolitics is now board-level
90% of European CFOs rank geopolitics among their top three risks - the highest level since Deloitte began its CFO survey in 2015, and even higher than immediately after Russia’s invasion of Ukraine. Deloitte United Kingdom
Why it matters: Geopolitical instability has shifted from an external macro theme to a primary boardroom threat.
Geopolitics has moved from background noise to a live control variable in financial institutions.
Supervisors and firms see geopolitics as a systemic stability issue
In the Bank of England’s Systemic Risk Survey, 93% of financial firms said they were concerned about geopolitical risk to the UK financial system, an 8 percentage point increase in a single quarter. Reuters
Why it matters: Supervisors now treat geopolitics as a live channel for system-wide stress.
Geopolitical shocks linked to financial stability and governance expectations
European policymakers note that spikes in geopolitical risk indices are associated with lower bank stability, prompting supervisors to demand explicit geopolitical risk management systems, thematic reviews, and stress tests from banks. European Parliament
Geopolitics hitting earnings guidance in real time
In Q2 2025, UK-listed companies issued 59 profit warnings, up 20% year on year, and 46% of those warnings explicitly cited geopolitical instability - the highest share recorded in over 25 years of EY tracking. The Times
Why it matters: Political tension and trade policy are now directly referenced in market disclosures to investors.
Why it matters: Geopolitical risk has crossed the line from ‘emerging topic’ to something regulators expect to see embedded in formal risk frameworks and escalation routes.
HUNTING FOR COCKROACHES:
The Hidden Risk Behind JPMorgan’s Tricolor Shock
They say you’re never more than ten feet away from a rat. Following yet another bruising blow for New York heavyweight JP Morgan, it’s boss, Jamie Dimon, hinted that he and his board may have found themselves uncomfortably close to an infestation of a different kind.
JPMorgan’s $170m charge-off from subprime auto lender Tricolor is more than a headline – it’s a live case study in how fraud, weak controls and opaque counterparties can pierce the heavy armour of the big banks.
Tricolor, a Dallas-based used car retailer and lender serving mainly underbanked Hispanic borrowers, filed for Chapter 7 liquidation in September after warehouse lenders
uncovered what they described as apparent external fraud in a roughly $200m asset-backed facility.
Dimon’s pithy comment that “when you see one cockroach, there are probably more” may be destined to become part of banking lore, but it’s more just a thinly-veiled evisceration of Tricolor’s accounting processes.
It’s a clear message to his own senior risk managers, and to those at banks all over the world, that they should treat the scandal as an early warning of an ongoing problem, not a one-off.
JPMorgan had close to $200m of exposure through its wholesale unit and has written off $170m. On the Q3 earnings call, Jamie Dimon called the episode “not our finest moment”
and said the bank is “scouring” its underwriting and controls.
He also framed the Tricolor incident – and the related First Brands accounting scandal – as signs of excess in parts of private credit.
For risk leaders, it’s evidence that fraud in non-bank and private-credit counterparties is no longer a tail risk. Years of easy money allowed weaker structures to flourish: complex warehouse lines, double-pledged collateral and heavy reliance on selfreported data from fast-growing niche lenders.
In this case, Dimon’s single “cockroach” indicates an ecosystem
where incentives, governance and verification have drifted.
Commentary around Tricolor’s collapse highlights familiar weak spots: data integrity, collateral custody, perfection of security interests and control over physical and electronic loan files. Where banks lean on electronic chattel paper, APIs and automated feeds, reconciliations, lien searches, double-pledging checks and audit trails must match the speed of digital origination.
No individual control will defeat determined fraudsters – but thin control stacks make large, slowburning losses likely.
Mark Norman is Head of Content at The Center for Financial Professionals
Third, Tricolor shows that concentration hides in structures as well as names. Multiple banks shared exposure to the same originator, in the same subprime auto niche, via similar warehouse and ABS channels.
That is a recipe for correlated losses when the cycle turns or fraud surfaces.
So what should risk management teams do?
First, run targeted “cockroach sweeps” across portfolios that share Tricolorlike features: rapid growth, opaque collateral, complex warehousing and sectors with high fraud incidence such as subprime auto and smallticket leasing.
Make these reviews cross-functional – credit, operational risk, model risk and financial crime working from a single playbook.
Second, harden collateral and data controls in warehouse and privatecredit books. Insist on independent verification where feasible; intensify file checks and audits; tighten eligibility criteria and advance rates where documentation or servicing quality is marginal; and revisit covenants around reporting, earlywarning triggers and step-in rights.
Where counterparties cannot evidence robust controls, funding
terms should move accordingly – or be withdrawn.
Third, address governance and incentives. Boards and risk committees should demand clear, risk-based rationales for concentrated exposures to opaque counterparties and challenge “relationship-driven” exceptions.
Compensation for originators and coverage bankers must balance volume and return with control quality and long-term performance, or the cockroaches will keep finding gaps.
Finally, use Tricolor as a culture moment. Dimon’s admission that this was not JPMorgan’s finest moment, and that the bank is not omnipotent, matters.
CROs and heads of risk can use the episode to reset expectations with investors, regulators and business lines: fraud losses will occur, but resilient institutions that surface issues early, contain contagion and strengthen their control environment afterwards.
The Tricolor charge-off is manageable for JPMorgan. For the wider industry, it should be treated as a live-fire exercise – proof that in a long credit cycle, it is often the unseen cockroaches, not the obvious headline risks, that inflict the most damage.
If one fraudulent counterparty slips through, assume there are more hiding in your portfolio.
We are proud to announce the 5th Annual Treasury & ALM USA, held in New York City on March 10-11, 2026.
Join senior experts from Morgan Stanley, Goldman Sachs, and more as they explore key topics impacting treasury and ALM, including:
• Macroeconomic & Geopolitical Risk
• Regulatory Landscape & Monetary Policy
• Liquidity Risk
• Stablecoins & Digital Currencies
• Fluctuating Interest Rates
• Stagflation
FIND OUT MORE HERE >
Rethinking Risk, Rewriting Life
As told to Chandrakant Maheshwari
Adam Ennamli is the Chief Risk, Compliance and Security Officer at the General Bank of Canada. He was previously Global Vice President, Operations and Technology at Thomson Reuters.
The First Bet: Choosing Business over Engineering
Adam’s first conscious risk came at university. Two years into a civil engineering degree, he felt drained and constrained. An elective in business school became a turning point; the strategy class felt natural and energizing.
Building the Muscle of Unlearning
While many professionals focus on adding skills, Adam deliberately practices unlearning. He codifies his assumptions into principles, then stress-tests them against reality. If evidence proves them outdated, he lets go and rewrites the rule.
For most, “risk” evokes spreadsheets and regulations. For Adam Ennamli, it’s the throughline of his life; a philosophy for making choices, building resilience, and navigating crossroads. His journey is a blueprint for treating life as an audit, making bold but reasoned bets, and pivoting when the system no longer serves you.
The choice wasn’t easy. As the child of immigrants, he fought the belief that “quitters never win,” the weight of sunk costs, and his own fear of failure. He decided the greater risk was staying on a path that didn’t fit. This birthed his first principle: sustained discomfort is a signal.
“You have to audit your life as you go,” he explains.
“If discomfort becomes sustained, that’s the red flag.”
For Adam, unlearning isn’t discarding the past as “wrong,” but evolving toward a better model. “It always takes a trigger,” he says. “An obstacle that forces you to zoom out and find the real root cause.” He applies this to personal finance, reversing his approach from “save what’s left” to “invest first” to force discipline. The danger, he warns, is digging one hole too deep. “Twenty years in one role is like digging a hole without a way out. At some point you’re stuck.” The antidote is the willingness to climb out.
A Career as a Buffet, Not a Ladder
Adam describes his career not as a ladder, but a buffet. He has sampled operations, technology, governance, and compliance, becoming “a jack of all trades but a master of one thing at a time.” He immersed himself in each role, often volunteering for tasks outside his job description to learn new skills.
This versatility made him hard to categorize. To avoid being boxed in, he learned to build his brand by translation: speaking operations with the COO, finance with the CFO, and technology with the CTO. His ability to connect perspectives across silos became his greatest differentiator.
Humility, Ambition, and the Power of Community
A self-described “level-fifteen introvert,” Adam was raised with deep humility but recognized its professional peril. “Too much humility can kill ambition,” he observed, recalling brilliant coders whose contributions dissolved into anonymous “teamwork.” He learned to claim his role honestly, tempering humility with the understanding that recognition is necessary for survival.
Beyond the office, his philosophy is grounded in service. He began by helping international students navigate Canada’s immigration system, which grew into an informal “clinic.” He now mentors students and professionals, refusing payment. “Mentoring is sharing,” he insists. “I’m not a holder of absolute truth. I just share my experiences.” For him, community work is how he ensures his knowledge flows outward, not just upward.
Risk Reimagined: From Brake to Accelerator
Adam envisions a future where risk management is not a bolt-on compliance function but an invisible layer embedded into business processes; no more endless checklists, but a woven-in driver of both safety and growth.
“I want to contribute to the collective unlearning of risk management,” he says, “and the learning of a new way, where risk becomes a power of growth, not just a department of controls.” It’s a radical vision: risk not as a brake, but as an accelerator.
Excellence Over Perfection
At his core, Adam champions a crucial distinction: excellence over perfection. Perfectionism, he believes, paralyzes. Excellence energizes. It means knowing where to stretch and where the bare minimum is enough; a principle he applies to projects, pivots, and life itself.
His message for those at a crossroads is clear: Audit your life. Unlearn as much as you learn. Build breadth. Temper humility with ambition. Anchor yourself in community. Above all, treat risk not as a fear, but as a tool.
“Every decision is a bet,” Adam says. “The real regret comes not from what you did, but from what you never dared to try.”
Every decision is a bet. The real regret comes not from what you did, but from what you never dared to try.
WHY AI NEEDS HUMANS WHO HAVE SOMETHING TO LOSE
Chandrakant Maheshwari is First Vice President, Lead Model Validator at Flagstaff Bank, New York. He has more than 15 years’ experience in Financial Risk Management (Market and Credit risk) and has previously worked with business consulting firm Genpact.
We are in the age of the seemingly perfect employee. It doesn’t sleep, get bored, or demand a raise. For tasks of pure repetition, Artificial Intelligence is not just better than humans; it’s in a different league altogether.
Yet, we insist on keeping a “human in the loop” for the most critical decisions. The standard explanation is accountability and ethics. But this misses a deeper, more primal truth. The real reason is something we cannot code and may not even want to: fear.
Not the fear of failure in the abstract, but the visceral, gut-wrenching anticipation of consequence. The kind of fear that transforms ordinary vigilance into an unwavering shield. History offers us two perfect mirrors to see this truth.
An AI has no London to protect, no citizens in Sparta to save. It operates in a consequence-free vacuum.
The First Sentinel: Thermopylae
In 480 BC, a small force of Greeks, led by Spartans, held the pass at Thermopylae against a vast Persian army. Their legend is one of supreme bravery, but their motivation was rooted in a deeper, darker emotion. They were not just fighting for glory; they were terrified.
They feared what would happen if they failed. They fought with the knowledge that a Persian victory meant the subjugation of their citystates, the end of their way of life, and the suffering of their families, women, and children. This fear forged a resolve and a state of hyperalertness that allowed them to hold the line against impossible odds. Their vigilance was infinite because the cost of failure was absolute.
The Second Sentinel: The Battle of Britain
Twenty-four centuries later, in the skies over England, “The Few” of the Royal Air Force faced the same equation. Outnumbered and exhausted, they were driven by a fear not for their own lives, but for the world they would lose.
The sound of bombs on London was the soundtrack to their consequence. Failure meant invasion, subjugation, and the collapse of everything they knew.
They were sentinels, guarding a pass in the sky.
The AI’s Strength is Its Fatal Flaw
Contrast this with a Generative AI system. Its strength is its sublime repeatability. It will process a million data points without a flicker of fatigue. It is the ultimate analytical engine, operating without the messy interference of emotion.
But this is its fatal flaw in high-stakes scenarios. An AI has no skin in the game.
It cannot feel the chilling dread of a catastrophic system failure. It doesn’t comprehend the ethical weight of a biased decision that ruins a life. It has no London to protect, no citizens in Sparta to save. It operates in a consequence-free vacuum.
This is the unbridgeable gap. We can train an AI on datasets of “safety” and “ethics,” but we cannot instill the profound, stake-driven consciousness that screams, “If I get this wrong, everything falls.”
The Human-in-the-Loop is the Modern Sentinel
When we understand this, the role of the “human-in-the-loop” transforms. It is not merely about adding a slow, biological supervisor to a fast digital process. It is about installing the modern equivalent of the Spartan at the pass or the pilot in the sky.
The human is the conduit for stakes. The radiologist double-checking an AI’s cancer scan feels the weight of the patient’s future. The financial regulator overseeing an AI trader fears the domino effect of a flash crash. The engineer monitoring an autonomous system dreads a fatal error.
This “fear”, this profound sense of responsibility and anticipation of pain, is what creates infinite alertness. It is what forces us to question the AI’s confident output, to look for the edge case it missed, to feel unease when the numbers look right but the situation feels wrong.
A Call for Conscious Design
This is not an argument against AI. It is a call for a more thoughtful and deliberate integration of it.
We must be the sentinels, not because we are flawless, but because we are fallible beings who understand the cost of failure. Our vigilance, forged in the fires of consequence, is our ultimate value.
Before we automate the final decision, we must ask: who here has the capacity to be afraid of what happens if we’re wrong?
The answer will always be us.
This is an abridged version of a longer article written by Chandrakant for Connect. If you’d like to read the article in full, head over to our online Connect information hub, and search for our LONG READS section.
...and be part of the movement shaping finance for a sustainable future.
NOVEMBER
ECB Issues First-Ever Climate Risk Fine to Abanca
The European Central Bank has fined Spain’s Abanca €187,650 for failing to meet climate risk reporting requirements, marking the regulator’s first penalty linked to environmental oversight. The case highlights the ECB’s increasingly forceful approach to ensuring banks address the financial risks of climate change, even as lenders claim strong sustainability commitments and call the supervision “intrusive.” View here >
Fed Survey Flags Rising AI Risk and Policy Uncertainty
The Federal Reserve’s latest Financial Stability Report highlights policy uncertainty and geopolitical tension as the biggest threats to market stability, with artificial intelligence now emerging as a fast-growing concern. The findings come amid political pressure on the Fed’s independence, a prolonged U.S. government shutdown, and volatile investor sentiment around AI-driven market gains. View here >
EBA Tightens Third-Party Risk Rules in Sweeping New Framework
The European Banking Authority is preparing a sweeping overhaul of third-party risk management across EU financial services. Its draft guidelines extend well beyond traditional outsourcing rules, creating DORAlevel standards for non-ICT providers and mandating strict contractual, governance, and audit requirements. If finalized, the rules will impose a major compliance burden on banks, investment firms, and other financial entities, reshaping how they manage suppliers and partners. View here >
Regional banks play down credit hits as isolated setbacks
Regional lenders hit by recent bankruptcies and fraud-related losses are reassuring investors that the damage is contained. Executives from Western Alliance, Zions, and Fifth Third say the credit issues are isolated and not indicative of systemic weakness. Analysts agree the sector is far stronger than during the 2023 banking crisis, with ample reserves and tighter credit controls cushioning the impact. View here >
BNY CEO Warns Human Inertia is Biggest Risk to AI Progress View here >
Financial institutions face mounting insider threat risks View here >
JPMorgan lets staff use AI to write performance reviews View here >
ECB warns bank boards to strengthen governance for new risks View here >
MARKET RISK
ARE YOU READY TO FAIL?
Sandeep Jain is a New York–based senior risk executive with Bank of America. He specializes in market risk, fixed income, and risk due diligence. He leads highperforming teams, blends front-office insight with governance, and began his career in chemical engineering before moving into financial risk leadership.
When markets lurch, portfolios bleed, and counterparty failures mount, who holds the playbook for survival?
According Sandeep Jain, a senior risk executive at a global investment bank, the key to resilience lies in recognizing that while losses may be inevitable, concentrations are preventable – if you know what to look for.
Addressing delegates at CeFPro’s flagship Risk Americas industry conference, Jain unpacked his own five-part agenda for managing event risk, built on decades of market experience.
Stressing that what he was about to share were his personal thoughts and opinions, not necessarily those of the organization he works for, he went on to outline a perspective unmistakably rooted in firsthand experience and knowledge of major market shocks – from the 1987 crash to the SVB collapse.
Event risk, he explained, can be sliced into known and unknown categories. Known events with unknown outcomes – like central bank rate decisions – require a different playbook response to known events with unpredictable results, such as elections.
Inevitably, though, unknown events are the hardest to model and include
flash crashes, cyber breaches, or geopolitical escalations.
“It’s not about classifying risk academically,” Jain said. “It’s about preparing for how you’ll respond when the assumptions fail.”
To bring concept into practice, he walked through his thoughts on the development of stress scenarios.
“History does repeat – just not always the way you expect,” he noted.
By blending historical moves with present-day concentrations, risk teams can construct scenarios that simulate not just the initial market shock but the knock-on feedback loops across rates, equities, and credit.
“The goal isn’t to predict the future,” he said. “It’s to identify the stress points that will matter when it comes.”
The narrative then shifted from concept to mechanics – how to manage exposures in real time. Before the event, Jain emphasized the importance of scenario planning, reviewing position concentrations, and reducing exposures where possible.
During the event it’s about monitoring and fast mitigation, while post-event, the priority becomes learning –refining frameworks and embedding better controls, he said, adding: “The best time to manage a crisis is before it hits your P&L.”
Concentrated positions require extra vigilance. Proxy hedges can be helpful but carry their own dangers, he said, referencing the infamous ‘London Whale’ incident, in which a hedging strategy overreach by a single trade cost JP Morgan $6bn in losses.
“Your hedge shouldn’t become a new risk. If it’s too big, it can move the market,” Jain told the conference. Tools like synthetic risk transfers or
risk participations offer avenues to restructure exposures, but they’re no silver bullet – in the end, Jain said, you need to know your basis risk – and your blind spots.
Real-world case studies brought the session to life: A $140 million loss at a hedge fund due to misjudged basis trades; the collapse of Archegos due to concentrated equity swaps; the GameStop short squeeze – powered not by fundamentals, but Reddit threads.
“Social media is now part of your market risk landscape,” Jain warned. “If you’re not monitoring it, you’re already behind.”
The final takeaway was on hedging tail risks using derivatives. Instead of trying to hedge every exposure, he advised focusing on correlated asset classes and cost-effective portfolio protection.
But calibration is critical. As Jain noted, “You don’t want to find out your hedge doesn’t work when you need it most.”
His parting advice remains starkly relevant: “You can’t stop the storm –but you can make sure your ship isn’t the first to sink.”
Register your seat today >
You can’t stop the storm — but you can make sure your ship isn’t the first to sink.
Want to know how to advance models in a new era of complexity?
Gain insights on model governance, regulatory alignment, AI transparency, and the evolving role of the Chief Model Risk Officer - with expert speakers from leading financial institutions.
March 3-4, 2026
As the old saying goes, the only things you can be certain of in life are death and taxes. Yet, one senior risk manager told a recent CeFPro conference that in today’s digital world, another certainty can be added to that list: cyber threat.
YOUR NEXT CYBER CRISIS IS INEVITABLE. Are
The speaker, Head of Information Security at a leading UK financial services provider, offered a stark reminder of a truth that, he said, would rather not face.
You Ready for It?
But he claimed many organizations are focusing on the wrong thing. What matters, he said, is not whether an incident occurs, but how well an organization is prepared to respond, recover, and learn from it.
“Most mature organizations now expect cyber risk events to occur,” the senior executive explained. “It’s not a case of if, it’s when.”
His remarks captured the essence of a broader shift in the financial sectorfrom treating cyber risk as a technical problem to recognizing it as a core business resilience challenge.
Shameela Miah is an Event Producer at The Center for Financial Professionals
Cybersecurity isn’t an IT issue – it’s a live-fire drill for the entire business.
Drawing on nearly two decades in cybersecurity, including ten years advising the UK government on defending critical infrastructure from nation-state attacks, the executive described today’s environment as uniquely volatile.
Geopolitical instability, he said, has blurred the line between statesponsored and criminal cyber actors. “Most nation states use proxies to carry out their attacks, and that capability inevitably bleeds into the criminal underworld,” he noted. “That makes things worse for everyone.”
Financial institutions face the same kinds of threats as energy or defense organizations, but with higher stakes. Ransomware remains one of the most profitable attack vectors because, as the expert observed, it works.
“If your data gets encrypted and you can’t recover, you have no choice but to pay,” he said. “That’s why it’s a business model that keeps succeeding.”
He also warned of new and emerging risks. One growing concern is AI data poisoning - the manipulation of data sets that feed machine learning models, leading to corrupted outputs and compromised decision-making.
As banks and insurers adopt AI-driven systems for fraud detection, credit scoring, and customer service, this vulnerability could have real financial and reputational consequences.
To counter the evolving threat landscape, the executive urged firms to move beyond static cyber defenses and focus on dynamic, organization-wide incident response.
Effective recovery frameworks, he said, share three essential qualities: they are comprehensive, regularly tested, and cross-functional.
“This isn’t just an IT or security problem,” he said. “When something happens, business operations, legal, communications, and risk management must come together.”
A strong triage process is critical. The executive described it as the “front door” for incident management - a centralized team responsible for determining whether an alert represents a serious threat and which experts to involve.
That could include technical responders, forensic specialists, and senior leadership depending on the severity of the situation.
He also emphasized the importance of testing plans through tabletop exercises that simulate realistic attack scenarios.
“When the bad thing happens, people are like rabbits in headlights,” he said. “Unless you test your processes and people know what to do before the incident, it’s going to be very difficult to respond effectively.”
Preparation, he added, must also include suppliers. The rise of supply chain attacks, like the 2023 MOVEit breach, demonstrated how one vendor’s compromise can cascade through entire sectors.
“Ideally, you should be running exercises with your critical suppliers as well,” he said. “In a real-world situation, you don’t want to find out about an incident from the news.”
The session closed with a discussion on emerging priorities, including the need for playbooks covering new threat types such as deepfakes and AI poisoning.
The speaker confirmed that his own organization has begun developing these specialized response plans. “We’re seeing senior executives being impersonated in highly convincing ways,” he said. “It’s a real risk, and you need to be ready for it.”
On the question of cloud resilience, he predicted a gradual recalibration. While cloud technology increases flexibility, it also concentrates risk.
“Some organizations are already considering bringing certain services back in-house,” he said. “They’ve realized they’re too reliant on single suppliers. It’s likely to go in cyclesout to the cloud, then partly back again.”
For the financial sector, the message was clear: resilience cannot be outsourced.
The expert closed with a call for shared responsibility: “Cybersecurity is a team effort,” he said. “Technology helps, but success depends on people knowing what to do, how to communicate, and how to recover together.”
TRENDWATCH: Changing Theater of War CREDIT RISK’S
Mark Norman is the Head of Content at The Center for Financial Professionals
Credit risk management in financial institutions is being reshaped at speed, and not just because of normal credit cycles. Banks and lenders are navigating a set of structural pressures that cut across asset quality, market structure, governance, and technology.
Senior risk leaders are now dealing with higher interest costs, weaker growth, stressed commercial real estate, geopolitical instability feeding directly into credit decisions, tougher
regulatory expectations, and new scrutiny of AI in lending. These are no longer edge themes –credit risk is broader, faster, and more exposed to external shock than it was even a year ago, and risk managers have responded by moving the factors driving that change to the center of their thinking.
Here we unpack six key emerging trends around credit risk that risk managers need to be alive to.
SHIFTING CORE
CREDIT QUALITY
After a long run of strong performance, lenders expect delinquencies and charge offs to drift higher, especially in credit cards, auto lending, and other unsecured consumer products.
Higher rates have raised debt service at the same time wage growth has cooled, eroding household resilience.
On the commercial side, banks report weaker demand from businesses that are pulling back on inventory and investment. This is still being described as normalization, not crisis, but the direction is clear. Losses are expected to rise, and banks are positioning early.
COMMERCIAL REAL ESTATE DECLINE
This is still the most closely watched concentration risk on bank balance sheets. Office assets face high vacancy, softer rent, falling valuations, and more expensive refinancing.
Loans priced in a low rate world are now maturing in a high rate world, and that math breaks for older, less competitive buildings.
Meanwhile, provisions are rising, and some lenders now classify a larger share of their commercial property book as higher risk. Regulators still say the system is stable, but commercial real estate sits on the 2025 watch list because localized stress can escalate fast.
AI - OPPORTUNITY AND OBLIGATION
Banks are already using AI for underwriting, pricing, and early warning. But regulators are focused on accountability.
Black box models can embed bias, misread a shifting environment, or trigger simultaneous reactions across firms that amplify stress. AI must be explainable, governed, auditable, and owned by humans.
The job of credit risk management is no longer just to calculate probability of default. It is to manage risk on multiple battlefields. The task for 2025 is not just seeing the problem, but acting fast in a way that stands up to scrutiny.
CREDIT RISK MIGRATION
Credit risk is moving outside traditional banks and into private credit funds and nonbank real estate finance. That activity never disappeared. It moved. Those lenders are now exposed to weaker cash flows, falling asset values, and higher refinancing costs, often funded with short term money.
Risk managers warn that stress in those channels can still ricochet back to banks through counterparty exposure, collateral values, and market wide repricing, leaving the boardroom to ask not just what’s on the books, but where else does the same risk sit, and can it come back to us?
Sharper Supervision of Governance and Escalation
GEOPOLITICAL THREAT
Banks are treating sanctions, trade barriers, tariff risk, and supply chain fragility as direct inputs to credit appetite.
Lenders in Europe are already tightening corporate lending standards because of the macro and political outlook and expect to tighten again, even where policy rates are easing. Once geopolitics shapes lending, it feeds into concentration management, portfolio monitoring, and stress testing.
Credit risk is no longer just borrower default. It’s governance, concentration, contagion, and the credibility to act fast.
Regulators want proof that firms can spot concentrations, escalate emerging problems fast, and act with authority.
Commercial credit risk is now a declared supervisory priority. Examiners are asking whether banks can restructure exposures, manage workouts, and surface issues to the board without delay. This is being treated as a test of management credibility.
UPCOMING EVENTS IN 2026
Experience premier risk-focused conferences delivering powerful insights, innovations and discussions shaping financial services
