By Dominik Käfer, Dr. Lue Wu

In today’s global, interconnected environment, economic crime risk remains a pervasive challenge. Governments around the world are signaling their rising expectations that compliance programs become more sophisticated. The way financial institutions defend themselves against risks like fraud, money laundering, terrorist financing and cyberattacks has changed significantly as a result of the use of artificial intelligence (AI), particularly through advanced connected analytics. This article summarizes how AI is boosting banking security (and at the same time cost efficiency), showcasing a concrete use case and analyzing the industry’s ramifications.

By Markus Quick, KPMG AG WPG Frankfurt, Dr. Holger Spielberg, Armina Schädle, Tania Jötten

Five years ago, banks were faced with the challenge of measuring climate risks and integrating them into their risk management. Now, biodiversity loss is gaining attention and is joining climate risks on the political and regulatory agenda. Experience from the climate sector provides a valuable basis for all risk management processes. However, biodiversity risks are significantly more complex and extensive, which leads to challenges right from the definition and identification stage. Many institutions have started to assess their portfolios via established data providers such as Exploring Natural Capital Opportunities, Risks and Exposure (ENCORE).

By Eddy Henning, Prof. Dr. Michael Torben Menk, Dr. Joachim von Schorlemer

The majority of political and business representatives are aware that a European economic and monetary area will only have a competitive future if, around ten years after the European Commission’s action plan – the Green Paper on the creation of a Capital Markets Union – it finally succeeds in transforming the currently fragmented and mostly underdeveloped national capital markets into an integrated single European capital market. This article firstly highlights the need for investment in transformation, which is a fundamental and lasting challenge for Europe. In addition, the authors see the revitalization and deregulation of the European securitization market.

By Prof. Dr. Josef Scherer

The revised guidelines on internal governance of the European Banking Authority (EBA) and the guidelines on the assessment of the suitability of members of the management body and key function holders of the EBA and the European Securities and Market Authority (ESMA) have been in force since December 31, 2021. When studying the guidelines, the need for modern governance adapted to the times of transformation becomes clear. The addressees also get a feeling for what is included in the area of governance and which regulatory requirements need to be met. There is no fundamental discussion of the concept and legal scope of governance as a whole in the guidelines, meaning that there is still a need for further discussion, qualification and action in this respect.

By Björn Berg, Dr. Stefan Hirschmann

When it comes to collecting and storing data, the financial industry is one of the driving forces. And for good reason, because the smart use of data will be the key to success or failure in the future. But why are banks and capital management companies still finding it so difficult to generate added value from the existing mountain of data? A recent study by VÖB-Service and the management consultancy Cofinpro provides the answers. The financial sector of all sectors – a first mover in the IT world – has so far held back when it comes to tapping into the data economy for business purposes. In a survey of experts, we investigated the reasons and asked: Why are financial institutions not exploiting their potential?

By Prof. Dr. Markus Rudolf

With the crisis at the American Silicon Valley Bank in 2023, the decline of the Swiss Credit Suisse in 2024 and the start of the takeover of Commerzbank by UniCredit, 10 years of relative stability for international banks appear to have come to an end. All three cases have their origins in the banking and financial crisis of 2008 to 2012 and ultimately in the collapse of Lehman Brothers. The Lehman Brothers case in 2008 plunged numerous banks into crisis, initially in Iceland and Ireland and later also in the UK and on the European continent. Entire countries and the euro had to brace themselves against their own demise by rescuing entire banking systems.

By Joo-Yung Lee, Jan Schimmel

Last year we discussed the changes to the standardised approach (SA) for calculating risk-weighted assets (RWAs) for credit risk and its implementation challenges. All banks, including banks using the Internal Ratings Based (IRB) Approach will have to calculate the SA either as their main capital calculation or, in the case of ‘IRB banks’, in order to apply the output floor. The rules are now final in the EU with a go live date of 1 January 2025 with full implementation by end-2032 following a phase-in period. Several regulatory interpretation questions have emerged as banks are implementing these changes, some of them driven by larger banks who are focusing on the standardized approach more than they have in the past.

By Prof. Dr. Andreas Igl

The introduction of the Digital Operational Resilience Act (DORA) from January 17, 2025 takes the importance of robust ICT risk management to a new level. As part of operational risk, ICT risks are becoming particularly relevant, as their impact not only directly influences operational stability, but also the capital and liquidity planning of banks. Operational risks, including ICT risks, must therefore be systematically identified, assessed and managed as part of the Internal Capital Adequacy Assessment Process (ICAAP) and Internal Liquidity Adequacy Assessment Process (ILAAP). The article highlights approaches for approximating and quantifying ICT risks.

By Stefan Wendt

One of the key instruments required by the Digital Operational Resilience Act (DORA) is an effective information register. It is intended to ensure that financial service providers maintain an overview of existing dependencies on third party providers. What seems comparatively trivial is actually one of the higher hurdles on the road to compliance, which must be achieved by January 2025. There are tools for this – but their quality has yet to be proven. DORA focuses on dealing appropriately with the financial sector’s increasing dependence on third-party providers. The aim is to maintain operational stability in the event of a serious disruption.

By Volker Liermann, Oliver Wulle

The DRM model as the future IFRS portfolio hedge accounting model is intended to resolve the long-standing tension between interest rate risk management at portfolio level and its presentation in the IFRS financial statements and overcome the weaknesses of the still relevant IAS 39 Portfolio Fair Value Hedge. Some risk managers in particular are demanding for the risk management view to be fully incorporated into the IFRS financial statements. The question therefore arises as to the extent to which a complete risk management view is possible or sensible in IFRS financial statements and how the risk management view can be adapted as far as possible in the DRM model.

By Dr. Wilfried Paus

At the wake of the EU implementation of Basel IV it appears that the modernization of financial risk measurement, which was initiated by the 2008 Basel II reforms, has been largely dismantled. Even more so, there remain voices that go far beyond the reduction of excessive variability in the capital requirements envisaged by the framework underlying the EU CRR3 legislation [BCBS 2017]. This article is intended as a plea to revive precise risk measurement and re-think risk management processes for effectiveness rather than letting the sector slide back further into the intellectual middle ages.
In October 2024, I was invited to a book event at Frankfurt’s Goethe-University organized by the Leibniz Institute for Financial Research SAFE.

By Dr. Dimitrios Geromichalos, FRM

The increasing use of ever more advanced artificial intelligence (AI) methods is leading to a fundamental change in the financial sector. The main drivers for this are the many advantages of these methods, which enable complex classifications, precise cluster and outlier analyses and in-depth text analyses, among other things, and contribute significantly to optimized decision-making and increased efficiency in numerous processes. However, these advantages are also associated with considerable challenges. Data inaccuracies and bias can distort results, while overfitting impairs the reliability of the models. In addition, more powerful models are usually “black boxes” whose results are often not comprehensible and explainable, or only for individual examples.

By Frank Romeike

In recent years, large language models (LLMs) have made significant advances in their performance and in many areas are now achieving capabilities beyond those of the human brain. These models, including GPT-4, have the potential to be used in both value-added and malicious contexts. Academic research and practitioners have begun to investigate the potential of LLM agents to exploit cybersecurity vulnerabilities. However, previous studies were limited to simple vulnerabilities. The current paper “LLM Agents can Autonomously Exploit One-Day Vulnerabilities” investigates whether LLM agents can autonomously exploit real, complex vulnerabilities, in particular so-called one-day vulnerabilities, i.e. vulnerabilities that are known but not yet patched.

By Univ.-Prof. Dr. Arnd Wiedemann, Chair of Finance and Bank Management, University of Siegen, Yanik Bröhl, Chair of Finance and Bank Management, University of Siegen

IRO stands for Impacts, Risks and Opportunities.
This triad is the central basis of the European Sustainability Reporting Standards (ESRS).
In order to be able to report on the success of their sustainability activities, companies must have implemented a process for identifying, measuring and managing their impacts, opportunities and risks.
This triad also forms the basis of the materiality analysis and enables a comprehensive view of a company’s sustainability activities and the associated consequences.
Effective risk governance plays a central role here, as it links the IRO triad required for external reporting with internal corporate management.

By Dr. Jochen Papenbrock, Dr. Sebastian Fritz-Morgenthal, Philipp Adamidis

In the position paper "Challenges and opportunities for model risk management", the authors describe why the use of artificial intelligence (AI) in banks promises a variety of benefits - from increasing efficiency to improving decision-making. At the same time, the increased use of AI models brings with it new challenges, particularly in the area of model risk management.

Strategies pursued to date require a fundamental overhaul. The position paper examines the regulatory requirements and rules of the European Banking Authority (EBA), the European Central Bank (ECB), the German Federal Financial Supervisory Authority (BaFin) and the EU AI Act. It also shows how the expanded use of AI affects model risk and the challenges and, in particular, opportunities this presents for banks' model risk management.

By Dr. Til Bünder, Nicholas Martin

In the current FIRM Round Table ESG position paper, the authors examine the climate policy measures of the European Union (EU) and the United States (US) in terms of their impact on economic performance.

The authors Dr. Til Bünder and Nicholas Martin explain how the significantly more ambitious regulations in the EU will affect various economic levels, where opportunities will arise and what risks need to be considered. A comparison of the EU and US climate and energy policies shows that the US is becoming more attractive due to its direct and simple approach to promoting green investments. The EU, on the other hand, is jeopardizing its leading position in the field of green innovation and investment due to its more complex regulation and the fragmentation of financing mechanisms. It is therefore crucial that the EU continues to develop its political framework conditions in such a way that climate targets are achieved and its economic competitiveness is secured at the same time.