Risk management is a reflection of the issues that affect our society. Because wherever new developments emerge, risks arise. Nowhere is this more evident than in the geopolitical developments that are currently keeping us on tenterhooks. Two years ago, this was still a topic for thought leaders. Today, it is the dominant risk with a direct impact on the economy and society.
In the FIRM Yearbook 2025, we have taken up some of the focal points that are high on many risk managers’ lists of priorities. In specialist articles and position papers by authors from our network and beyond, we shed light on both financial and non-financial risks, look at geopolitics and artificial intelligence, examine the impact of ESG regulation, delve into the topics of ESG and biodiversity, resilience and banking crises, the future of the European capital market, new regulatory requirements and DORA in particular, as well as the currently important risk models.
Geopolitics And the new view of risks
The central question that is being discussed globally and which also determines the direction in our committees and round tables is: How is geopolitics changing the risk map? In view of developments around the globe and the changed balance of power, it is clear that risks in general and for banks in particular have recently become even more acute. This also increases the risks in the areas of money laundering and sanctions, the danger of cyberattacks has risen significantly and the issue of IT and data security has moved far up the list of priorities. ESG risks also remain relevant. It is worth discussing whether the focus here needs to be broadened. At the moment, the focus is on climate risks. However, topics such as biodiversity and environmental pollution are becoming increasingly important.
At FIRM, we see it as our task to address these issues at an early stage and to engage in intensive discussions with representatives from the worlds of business, science and supervision. As early as 2023, for example, we looked closely at possible scenarios resulting from geopolitical developments and further intensified this dialog in 2024. This is because we are talking about a polycrisis, i.e. many critical developments that are taking place simultaneously and in some cases exacerbating each other. On the one hand, there is the ever-intensifying conflict between China and the USA, which is manifested not least in the Taiwan issue. This can certainly be understood as a systemic conflict – as a competition for supremacy between the liberal democratic policies of the West and the autocratic system of Eastern countries with China at the top.
Cyber risks and enormous loss potential
These developments are extremely important for banks. The high dependency of the European and German economies on China is well known. Germany in particular is heavily dependent on China as a trade and investment partner. Twelve percent of German imports come from China and six percent of exports go to China. If there is an escalation over Taiwan, this will result in sanctions and trade restrictions, which will make supply chains vulnerable and affect creditworthiness. German banks have a credit exposure of around 36 billion euros directly in China and 140 billion euros indirectly via export-dependent German companies. We must also bear in mind that around 45 percent of cyber attacks on German companies come from China. The risk is also increasing here.
Geopolitical tensions are also exacerbating the threat situation in other areas, as we are already seeing. Take cyber risks, for example. It is a fact that cyber attacks are often not perceived as strongly as physical attacks. But the potential damage is immense. In addition, there are increasingly severe AI-driven attacks, particularly in the area of identity fraud and AI-supported phishing. For banks and companies in general, it is therefore extremely important to deal with the threats in detail in extended scenario analyses and to align governance and security structures accordingly. We launched the Cyber Risk Round Table at the beginning of 2024 to raise awareness and organize exchanges with cyber experts from various areas. We are convinced that a cross-institutional exchange on this topic in particular brings enormous added value.
Banks have addressed immediate risks
The past few months have shown that banks are dealing intensively with the new risks and taking the right measures. This becomes clear when dealing with the war in Ukraine and the resulting bank-specific risks. It is well known that dependence on Russia has been reduced at all levels. Banks have significantly reduced their direct exposure to Russia. Sanctions, trade restrictions and the decoupling of Russian banks from the SWIFT system have reduced the risks. All of this has led to significantly increased compliance requirements for banks and also to potential reputational risks in the event of non-compliance. But the direct risks have been addressed. Indirect risks are more difficult, including, for example, a bank’s customers who find themselves in financial difficulties as a result of the conflict.
The past few months have shown that banks are dealing intensively with the new risks and taking the right measures.
Gerold Grasshoff, CEO FIRM
Another source of risk is the Middle East region. There is a lot of financial activity here overall, but it is important to look at the Gulf states with their infrastructure financing. In contrast, European banks only have limited direct exposure in Israel or Iran. If you look at the region in isolation, the risk potential is significantly lower. However, every conflict contributes to further exacerbating the globally unstable situation, which is why this region must also remain the focus of a risk manager.
Set up and quantify scenarios
The key question for us is: how can banks prepare themselves for the current pressing risks? This is an issue that is currently preoccupying all major institutions. My experience is that fear is not a good advisor and radical measures are not helpful. It is much more important to think ahead, draw up scenarios, quantify the effects and precisely define the risk drivers. That’s why we at FIRM addressed geopolitical risks at a very early stage, drawing up our first position paper with a comprehensive scenario analysis at the beginning of 2024 and discussing this with the banks and the supervisory authority. At the beginning of 2025, we analyzed the impact of geopolitical risks on the banking sector in another position paper.
It is very important to us that we cultivate a culture of debate that allows for different opinions and positions, without narrowing or even tabooing them too quickly. This opens up scope and perspectives for us to develop scenarios comprehensively – and that is very important, especially in this mixed situation. We want to make a well-founded contribution to this with the work in our committees and round tables, with our position papers and specialist articles.
This yearbook offers a selection of these topics and we are open to new impulses and ideas. Discuss with us and give us your opinion! We look forward to hearing from you.
I wish you a stimulating read
Gerold Grasshoff, CEO FIRM