Welcome back! The Risk Queue has a packed lineup of stories today: the administration's big economic shake-up, a massive bank settlement for tax schemes, Morgan Stanley's regulatory win, the Fed's surprising bank ratings freeze, alarming predictions about AI fraud, and why market volatility has risk managers rewriting their playbooks.

-From Naeem, CEO & Founder - Risk On Q

In today’s Risk Queue:

• The administration's three-step economic growth plan

• Credit Suisse pays $511M fine

• SEC ends Morgan Stanley cash sweep investigation

• Fed reviewing its "secret ratings" for largest banks

• Gen AI could drive banking fraud to $40B by 2027

• Risk management enters "high entropy" era

• Operational Risk Deep Dive

Risk Headlines 

Risk Headlines

The U.S. Three Steps to Economic Growth - source wsj.com

The Administration aims to rebalance decades of globalization through an integrated approach of tariffs, tax reforms, and deregulation to revitalize American manufacturing while ensuring Wall Street and Main Street prosper together.

Key Points:

• Regulatory relief for community and small banks appears to be a priority, potentially reducing compliance costs and creating competitive opportunities

• Manufacturing renaissance strategy may open significant commercial lending opportunities in industrial, technology, and energy sectors

• Tax policy changes could alter consumer financial behaviors, savings rates, and credit demand

• Tariff policies may reshape global trade flows and supply chains, affecting international banking operations

• The integrated economic approach (tariffs + tax cuts + deregulation) aims to drive growth while maintaining a strong dollar, impacting currency positions and interest rate environments

_________________________________

Credit Suisse to Pay $511 million for Helping U.S. Taxpayers Hide over $4 Billion Overseas - source cnbc.com

Credit Suisse Services AG has pleaded guilty to criminal conspiracy charges and will pay nearly $511 million for helping wealthy American taxpayers hide over $4 billion in at least 475 offshore accounts. This represents significant regulatory and compliance risk within the industry.

Key Points:

• The $511 million settlement emphasizes regulators' continued focus on offshore tax evasion facilitation, highlighting the need for robust cross-border compliance programs

• Banks face substantial financial and reputational penalties for enabling client tax evasion, with this representing Credit Suisse's second major settlement for similar conduct

• Whistleblower involvement from former employees was central to exposing the misconduct, underscoring internal reporting system importance

• UBS is addressing this as a "legacy issue" post-acquisition, demonstrating the critical importance of thorough compliance due diligence in M&A activities

A.I. Risk / Technnology Risk

A.I. Risk / Technology Risk

How can Tech Leaders Manage Emerging Generative AI Risks Today While Keeping the Future in Mind? - source dekuitte.com

Deloitte's analysis reveals how generative AI introduces multidimensional risks requiring financial institutions to fundamentally rethink security, compliance, and infrastructure strategies beyond traditional frameworks.

The interconnected nature of these risks—spanning enterprise data leakage, novel AI-specific vulnerabilities, increasingly sophisticated adversarial threats, and structural marketplace challenges—demands a coordinated response that extends across technological, operational, and governance domains.

Key Points:

• Gen AI introduces novel security risks including prompt injection attacks, evasion attacks, and data poisoning that traditional security measures may not address

• Deloitte forecasts gen AI could increase banking fraud losses from $12.3B to $40B by 2027 (32% CAGR), primarily through sophisticated deepfakes

• Unsanctioned employee use of gen AI through personal accounts creates significant data exposure risks, similar to Samsung's experience with sensitive data leaks

• Regulatory uncertainty remains the top concern for organizations implementing gen AI, creating compliance challenges in the already highly-regulated banking environment

• Cybercriminals are rapidly adopting gen AI for sophisticated attacks, with IBM reporting over 800,000 dark web posts mentioning AI/GPT in 2023

_________________________________

A Risk Manager’s Guide to Dealing with Market Volatility - source garp.org

The convergence of unprecedented tariff, interest rate, and monetary policy volatility has created a new "high entropy" financial environment that demands transforming risk management from isolated, reactive approaches to integrated, anticipatory systems that combine technology-enabled monitoring with organizational resilience.

Key Points:

• The convergence of tariff, interest rate, and monetary policy volatility creates unprecedented and interconnected risks that traditional isolated risk management approaches cannot adequately address

• Tariff uncertainty introduces both direct impacts and significant second-order effects on supply chains, contracts, and inventory management that directly affect client creditworthiness

• Interest rate volatility and changing market correlations challenge traditional bank asset/liability management and investment models

• Central bank "forward guidance" is being replaced by data dependency, reducing monetary policy predictability that banks have relied on for planning

• Effective risk management now requires real-time systems that incorporate policy signals, market movements, and internal exposures simultaneously

Regulatory News - Fines, Losses, & Rules

Regulatory News - Fines, Losses, & Rules

US SEC Ends Inquiry into Morgan Stanley's Cash Sweep Program With no Enforcement Action - source reuters.com

The SEC's decision to conclude its investigation into Morgan Stanley's cash sweep program without enforcement action represents a significant positive outcome in contrast to the $60 million in penalties assessed against Merrill Lynch and Wells Fargo earlier this year for compliance failures in similar programs.

Key Points:

• Regulatory scrutiny of cash sweep programs is focused on compliance and disclosure rather than prohibiting the practice itself

• Significant penalties ($60 million) for competitors versus no action for Morgan Stanley creates clear compliance benchmarks

• High-margin wealth management practices continue to attract regulatory attention as potential areas of client conflict

_________________________________

Fed Reviewing Its Secret Ratings for the Nation’s Biggest Banks - source wsj.com

The Federal Reserve's review of its supervisory ratings system for large banks represents a pivotal shift in the regulatory landscape, with Michelle Bowman's criticism of last year's predominantly unsatisfactory ratings signaling a probable easing of standards that have restricted strategic options like mergers and acquisitions.

Key Points:

• The Fed's supervisory ratings have direct strategic consequences, with poor ratings blocking mergers, acquisitions, and new activities

• Unprecedented procedural changes (pausing ratings release) signal determination to implement fundamental rather than incremental regulatory shifts

• Reducing regulatory independence through White House oversight raises questions about political influence in bank supervision

• Industry complaints about "subjectivity" in ratings have apparently gained traction with the new administration

Geek Out On Risk Data

Risk Management

Managing Operational Risk: A Key Subset of Non-Financial Risk - riskonq.com

This week, we’re turning our attention to Operational Risk. Last week, we defined the Non-Financial Risk and the range of non-financial risks that banks must manage is even broader than their financial risks.

We will continue our focus on non-financial risk types to deepen our understanding and explore how they fit into the broader risk management ecosystem within the financial sector.

Operational Risk Management: Comprehensive Analysis for Financial Institutions

Operational Risk Management (ORM) focuses on identifying, assessing, and mitigating risks arising from internal processes, systems, human errors, or external events. For financial institutions, robust ORM is essential to ensure operational resilience, regulatory compliance, and sustained profitability.

1. Core Principles and Objectives

Definition:
ORM involves systematically addressing risks that disrupt day-to-day operations, such as IT failures, fraud, or regulatory breaches. Its goal is to minimize operational losses while balancing risk-taking with strategic growth.

Core Principles:

• Risk Acceptance: Only accept risks where benefits outweigh costs.

• Proactive Planning: Anticipate risks through scenario analysis and contingency planning.

• Decentralized Decision-Making: Empower teams to manage risks at appropriate levels.

• Continuous Monitoring: Track risks dynamically to adapt to evolving threats.

Key Objectives:

• Ensure business continuity during disruptions.

• Align risk appetite with organizational strategy.

• Foster a risk-aware culture across all departments.

2. Framework and Governance

An effective ORM framework integrates seven elements:

3. Implementation in Financial Institutions

Institutional Adaptations:

• Banks: Prioritize fraud detection, IT resilience, and compliance with AML/KYC regulations.

• Investment Firms: Focus on third-party vendor risks and trading system outages.

• Credit Unions: Mitigate risks in customer data handling and community trust.

Regulatory Drivers:

• Basel Accords: Require capital reserves for operational risks.

• OSFI Guidelines: Mandate risk appetite statements and stress testing.

• GDPR/CCPA: Enforce strict data privacy controls.

4. ORM Strategies and Processes

Five-Step ORM Process:

1. Risk Identification:

   • Use audits, workshops, and historical loss data to pinpoint vulnerabilities.

   • Analyze external factors (e.g., geopolitical shifts, regulatory changes).

2. Risk Assessment:

   • Score risks using impact/likelihood matrices.

   • Categorize risks (e.g., IT, fraud, legal) for targeted mitigation.

3. Risk Mitigation:

   • Implement controls (e.g., dual authorization, encryption).

   • Allocate resources based on risk prioritization.

4. Monitoring:

   • Track KRIs like incident frequency or audit findings.

   • Update risk assessments quarterly or after major changes.

5. Reporting:

   • Share insights with stakeholders via heat maps or dashboards.

Best Practices:

• Conduct scenario analysis for black-swan events (e.g., cyberattacks).

• Automate control testing to ensure effectiveness.

5. Emerging Risks and Technology

Digital Transformation:

• AI/ML: Detect fraud patterns and predict system failures.

• RegTech: Automate compliance reporting across jurisdictions.

Emerging Threats:

• Cybersecurity: Ransomware targeting payment systems.

• Third-Party Risks: Vendor failures disrupting operations.

6. Actionable Insights

Best Practices:

1. Integrate ORM with ERM: Align operational risks with enterprise goals.

2. Leverage Automation: Deploy AI for real-time risk detection.

3. Stress Test Regularly: Simulate extreme scenarios (e.g., data breaches).

Case Study:
A multinational bank reduced fraud losses by 30% after implementing AI-driven transaction monitoring and monthly risk workshops.

Pitfalls to Avoid:

• Siloed Data: Fragmented risk reporting delays response times.

• Static Frameworks: Infrequent updates to risk appetite statements.

• Overlooking Human Factors: Inadequate training leads to process errors.

_________________________________

Thank you for reading.

Naeem

p.s. Empower your colleagues with essential risk intelligence. Forward the Risk Queue newsletter—trusted by leading financial professionals. Subscribe here!