Monitoring emerging risks is a cornerstone of effective risk management. When done well, it provides boards and executive teams with timely insights that answer the critical "so what?" question and helps inform strategic decisions.
Historically, monitoring emerging risks has often been a broadly prosaic exercise, whereby the Enterprise Risk Management (ERM) team in a firm would likely have an annual workshop with the executive leadership team to review the existing risk radar, shift the positions of some items and discuss one or two areas that might be considered for inclusion.
This annual workshop would be complemented by a quarterly review of said radar and a deep dive of a pre-agreed risk area, which may result in some alterations to strategic direction or operational processes, in the most impactful of examples.
Driven by geopolitical uncertainty, technological advances (including artificial intelligence), market volatility and regulatory shifts in a number of areas, it appears that the velocity of emerging risks developing has increased, coupled with multiple risk areas moving towards a point of crystallisation on a similar timeframe, which have the potential to increase financial and operational considerations.
This new context demands that ERM teams move beyond static frameworks. They must be agile in identifying, assessing and communicating risks — highlighting both threats and opportunities — in ways that leadership can act upon. The scope to use the risk radar to identify opportunities is one that shouldn't be overlooked as ERM teams look to add value to the business in different ways.
These changes to the characteristics of emerging risk analysis raise a number of questions for chief risk officers (CROs) and their teams to ask themselves, to ensure their framework remains fit for purpose.
- Have we identified the right risks and opportunities to monitor?
- Does the existing framework support the effective assessment of identified risks and opportunities?
- Do we have the right skills sets in the ERM team to identify, comprehensively assess and communicate these risks and opportunities to the business?
At a recent CRO roundtable, Artex UK Advisory discussed and debated these questions with a panel of senior risk professionals from across the UK insurance sector. It elicited some insightful responses, with reassurance around the universe of risks identified and some interesting observations on what proved to be a fairly settled set of focus areas. More on that shortly.
Key emerging risks considered.
A poll of the roundtable attendees identified a broad selection of risks covering geopolitical issues, regulatory-driven topics and behaviours such as facilitisation.
There was also some interesting debate about a handful of risks covering cyber, AI, climate change (transition and biodiversity considerations), talent and supply chain risk. While none of these is novel and will have been subject to firms' ongoing internal consideration, the consensus was that the risks feel ever more interconnected and consequently increasingly difficult to attempt to assess or manage in isolation from one another.
A prime example of this interconnectedness is AI. Discussions on this topic often start from either the perspective of how a firm might leverage AI to create strategic advantage or how AI needs to be governed as staff engage it to realise operational efficiencies.
It's clear that both aspects are actively being assessed within firms, with some key observations shared related to the early challenges with assessing and managing the risks presented.
It was unanimously acknowledged that AI presents significant opportunities for businesses, yet the market still struggles with a lack of knowledge and understanding of what AI truly is, how it should be applied and the liabilities it introduces within products and services.
Many organisations lack the skills and resources — such as dedicated data science teams — to fully leverage AI, and misconceptions about its role persist. The benefits of AI are clear, from improving productivity to reshaping risk profiles, but firms must carefully balance pace with the need for careful consideration of the wide range of issues that the use of AI raises, to ensure responsible adoption.
This caution extends to managing third-party suppliers, with observations shared that, while firms try to address their adoption and governance strategies for AI internally, they're less focused on service providers' adoption and controls of AI.
Ultimately, AI is one of many technologies that can support process improvement, and success lies in understanding how to integrate it thoughtfully into existing systems to maximise value while managing risk.
The role of the regulators in assisting the market with addressing these issues was raised, with the consensus view that early guidance on how regulators expect to manage AI adoption and governance would be welcomed.
Our risk model has been created using the template the CRO Forum created, overlayed with input from Artex and the attendees at our roundtable event.
In our roundtable, the risk areas on the risk radar, while not necessarily an exhaustive list, were considered to represent the key themes that firms are focussed on addressing.
Framework adequacy and team skills sets.
Alongside our discussion about risk areas, two key questions were also considered related to emerging risk frameworks and the skills the next generation of risk talent will require.
Emerging risk framework adequacy.
The discussion here centred on whether traditional approaches to risk frameworks enabled adequate identification and prioritisation and where they might fall short in assessing novel or systemic risks.
Limitations of traditional risk management.
There was a shared view that traditional frameworks often rely heavily on individuals within Risk teams to identify and escalate issues for discussion with the business. This dependence can expose gaps, as teams may lack the breadth of expertise needed to anticipate novel or systemic risks across the full universe of potential exposures. Moreover, many frameworks remain skewed toward downside risk, neglecting the opportunities that can arise from upside risk.
The absence of a clear "so what?" narrative also weakens engagement with executives and boards, leaving risk discussions abstract rather than actionable — even when deep-dive reviews are conducted.
Current approaches frequently struggle to assess risks that cut across functions and processes; as a result, systemic vulnerabilities aren't always highlighted or well understood. Data, which should be a powerful enabler, is often underused. This underuse not only hampers the identification of external threats but also makes it difficult to identify internal risks that emerge from within the organisation itself. Without effective use of data, firms risk blind spots that undermine their ability to anticipate and respond to change.
Towards a more dynamic approach.
The challenge, then, is to evolve risk frameworks so they're capable of capturing both threats and opportunities, supported by diverse expertise and effective data use. By reframing risk management as a dynamic, cross-functional discipline, firms can ensure that emerging risks aren't only identified and prioritised but also translated into meaningful insights that engage leadership and drive strategic action— action that both manages potential downsides and understand how opportunities might be exploited.
Risk talent — the next generation.
The second area of discussion aimed to identify the skills that will define the next generation of Risk leaders and teams. The discussion sought to help identify the attributes of an effective risk team and its leader, ensuring diverse, future-ready teams are in place.
The demands placed on Risk teams are evolving rapidly as businesses face new challenges and opportunities. There was consensus that traditional skill sets are no longer sufficient; today's Risk professionals must combine technical expertise with strategic insight, data literacy and the ability to communicate effectively with leadership. As the asks and wants from the business change, Risk teams must adapt by broadening their capabilities and ensuring they can see across the entire organisational landscape.
This shift not only strengthens risk identification but also creates opportunities to learn the business in depth and position Risk as a trusted partner.
Pitching risk as a strategic enabler.
To remain relevant, Risk teams must rethink how they "pitch" their value. Risk should be presented as a driver of resilience and growth. Teams must demonstrate how risk insights can inform decision-making, highlight opportunities and support operational excellence. By building a pipeline of talent across the business and engaging with diverse functions, Risk teams can embed themselves more deeply into strategy and execution, ensuring their role is understood as integral to success.
Strategic enablement must then start with CROs evolving their capabilities to not only be a strategic partner to the board, but also be an effective communicator across the business and a budding technologist.
Embracing generational diversity.
The dynamics of Risk teams are also shifting with the arrival of Gen Z and Gen A professionals, whose working styles and expectations differ from previous generations. This challenge isn't unique to Risk teams, but it must be navigated with specific reference to the needs of a risk function. Younger team members often want to own emerging risk topics and bring fresh perspectives, while experienced professionals offer depth of knowledge and context. A future-ready Risk team must embrace this diversity, creating an environment where different generations complement each other. This environment requires breadth across skills rather than reliance on a single expertise and a willingness to tap into the experience market for mentoring and guidance.
Leveraging alternative resourcing models.
To build resilience and adaptability, Risk teams should explore alternative resourcing models. This exploration includes engaging part-time professionals, return-to-work talent or experienced individuals from the market who can help upskill younger, less-experienced team members.
By blending traditional expertise with new perspectives, firms can create a balanced team that's both agile and knowledgeable. This approach not only strengthens risk management capabilities but also ensures that the team remains future ready, able to respond to emerging challenges with confidence.
Conclusion
The accelerating pace and interconnected nature of emerging risks demand a fundamental shift in how organisations approach risk management. Static frameworks and periodic reviews are no longer sufficient; instead, firms must adopt dynamic, data-driven models that enable continuous monitoring and actionable insights. By leveraging tools like the risk radar not only to identify threats but also to uncover opportunities, ERM teams can position themselves as strategic enablers rather than reactive gatekeepers. This evolution requires diverse skill sets, cross-functional collaboration and a commitment to embedding risk thinking into decision-making at every level.
Ultimately, the organisations that succeed will be those that view risk management as a source of resilience and growth — transforming blind spots into insights that can continuously help adapt and inform strategic decisions to help shape the future.
If you'd like to discuss any of the issues raised in this article, please speak with the author or your usual Artex contact.
