FRM Lessons and the Coronavirus Pandemic

Estimated reading time: 6 minutes



The financial crisis of 2008 exposed the vulnerabilities of firms that lacked adequate risk management systems and practices.

There was an unrealistic evaluation of liquidity risks and an inability to anticipate a drastic reduction in capital, among other concerns.

While the mortgage sector was the key driver at that time, today we have a health crisis that is predicted to lead to a similar scenario.

There is, therefore, a greater need to increase financial risk management best practices during and after the corona-virus pandemic.


Current weaknesses that need solutions

  • Failure by leadership to establish and adhere to acceptable practices
  • Projects that conflict with the control objectives in organizations
  • Inadequate reporting
  • Compliance issues
  • Bureaucracies
  • Insufficient and fragmented technological infrastructures
  • Inefficiencies in risk identification, measurement and management


The need for agility

A lesson from the 2008 crisis- bureaucratic structures can hinder risk evaluation, prediction, and control.

Firms must adopt a bottom-up approach when it comes to contingency planning, which includes the preparation of plans at even the lowest levels.

Relatively speaking, the corona-virus is a novel one, and how it will evolve remains a mystery as well.

Agility is required in the development of risk management strategies and their implementation.

Businesses could benefit from bringing everyone on board, for no department has been spared from COVID-related disruptions.

Designated staff must be empowered to make decisions fast without being bogged down by bureaucratic consultations.


Risk management must be proactive, not reactive

The 2008 crisis revealed a lousy risk culture in organizations where there were only reactive activities.

Too many organizations had minimal processes for identifying and evaluating risks.

Business leaders should start to see the value of formal risk assessments and proactively strengthening their risk management posture.

Part of that includes acquiring enough and highly qualified risk experts to strengthen internal capabilities.


Leadership must be involved

There is always a disparity between actual risks and what the boards of directors perceive.

Senior leadership must take part in setting the risk appetite for firms and recognize the implications of every project during a crisis.

Supervisors must share with their top leadership those measures related to risk exposure and the level of financial contingency that the firm would need to ride through a possible second wave of the corona-virus pandemic.

These reports should specify actions that management needs to take to restore capital after losses.

Active leadership participation in setting organizational risk tolerance builds discipline in the event of future stressors.


Adequate internal reporting

There should be both best-case and worst-case scenarios for this outbreak and its impacts on liquidity and volatility.

Every expert must be brought on board in reporting and forecasting risk exposure for up to 18 months from now.

In the past, where the entire focus has been on revenue generation at the expense of reporting and control, the eventual result has been accelerated losses.

Risk reports should review existing credit and debt conditions to ensure sustained liquidity throughout the crisis.

Possibilities of financial and legal penalties should also be considered as an ongoing concern.

A detailed assessment of revenue disruption is necessary, taking into account slowed productivity, disrupted supply chains, drops-in demand and late payments from customers.


Investors need to know everything

At the moment, many companies still don’t know what to tell investors about the corona-virus and its impact on performance.

Investors need reports that that provide a complete picture of what the current situation is and what it could be…no matter how grim.

Not having proper disclosures in these reports could lead to future woes.

The challenge is finding a language that shows investors both sides of the coin.

The biggest problem is telling them what will happen in the next 6 or 12 months because no one truly knows how the outbreak will transform by then.

Nevertheless, ‘covering up’ the extent of impact from the virus can only make matters worse.


Stress testing and planning

Increased use of stress testing exercises must be adopted to convey risks to top leadership and investors.

The pandemic found many companies still struggling with weak capabilities with regards to carrying out firm-wide stress tests.

The declining financial state of organizations has exposed weaknesses in approaches to liquidity stress testing.

This underscores the need for increased consideration of the overlay between systemic and company-specific events in the long run, and the link between stress tests and everyday liquidity management.

As a reference from the 2008 crisis, financial institutions can expect a further decline in income fees driven by lower customer spending.

Net interest margins will remain low as a result of losses in the credit portfolio.

Credit losses and operational losses are also to be expected from declining wages and the cost of remote working setups.

Adequate stress testing is needed to help maintain sound financials. Organizations need an up-to-date view of such expected impacts to prioritize and construct contingencies.

Application of stress testing tools and constant monitoring is therefore essential.


Tolerance levels must be established

As greater emphasis goes towards liquidity ratios, companies must also consider margin control and budget for future sustainability.

Often times, businesses are too focused on standard workflows while overlooking other important aspects.

A diagnosis of tolerance levels for all forms of risk is urgently needed.

It’s critical to understand the implications of COVID-19-related risks on revenues, supply chains, markets, and credit planning.

Contingency plans must establish the path to recovery and response strategies for each situation.


Growth and damage control

Controlling growth goes hand-in-hand with controlling risks. At this time, businesses need to define their growth objectives and start prioritizing capital.

A separate growth strategy at the time of the crisis can help to minimize costs.

Analyzing the market, doing credit checks and negotiating better payment schedules can help to keep the supply chain up and running.

Damage control should not take the focus off from your priorities. Factor into your plans the ongoing risk evolution.

That means accounting for temporary impacts that can be managed with faster incidence response through plans that you created ahead of time, and enduring effects that need you to re-look at your plans and change strategies.


The role of technological capabilities

Technology often drives the gap between actual and best practices when it comes to risk management in organizations, as was the case in the 2008 financial crisis.

In many cases still, existing IT infrastructure is ill-equipped to monitor risk exposures with a high level of efficiency and accuracy.

Strengthening IT capabilities now can help to minimize the impact of the pandemic on productivity.

The same infrastructure can help with adequate risk identification, reporting, and management through data integration.

Going forward, having a better IT infrastructure can be a key factor in the improvement of risk management.


Thinking beyond the obvious

It’s hard to identify COVID-19- related financial vulnerabilities by looking at the past.

There is no precedence, but still, using the experience from other economic disruptors can help to monitor the market and identify best practices during and after the pandemic.

We note however, that the extent of vulnerabilities could be broader in scope than seen in similar events of the past.

For instance, uncertainty and increased adoption of remote working without robust security structures could create a paradise for cyber-criminals.

A cyber-readiness strategy with a full risk assessment is therefore essential. Supply chain disruptions could have a trickling impact on balance sheets.

A financial institution must also prepare, build resilience and find alternatives for outsourced and co-sourced services, including payment processing and client on-boarding systems.


Keeping an eye on compliance

Compliance issues could stem from the crisis as well. Working from home could mean a compromise in supervision of certain processes.

Organizations must strengthen their internal controls and ensure that processes are well monitored (and documented) to reduce the risk of fraud and misappropriation of assets.

Clear and proper segregation of duties can also help to attain transparency and accountability.



Clear and focused financial risk management during and after the COVID-19 outbreak can help to minimize losses and keep businesses running.

Start with a clear goal and create several contingencies in your plan. Strengthen testing and reporting and remember compliance.


Thank you!

Thanks for stopping by once more. Please use the following hyperlinks to gain access to even more information:


Take care and see you soon,

The QuestionBank Family