Risk is an unavoidable reality in today’s fast-paced business environment. For financial institutions, regulatory shifts, economic fluctuations, and technological advancements create new uncertainties that can disrupt operations and impact long-term sustainability. While known risks—such as loan defaults, customer service failures, or system downtimes—can be anticipated and mitigated, unknown risks present a far greater challenge.
Unknown risks, often referred to as emerging risks, are uncertainties that organizations cannot predict or prepare for in advance due to their unprecedented nature. These risks are particularly common in highly regulated industries like banking, insurance, and project management, where regulatory and market dynamics shift rapidly.
This article by our CEO, Dr. Bamidele Oseni, explores the difference between known and unknown risks, provides strategies to manage emerging risks proactively, and highlights how organizations can turn risks into opportunities through a strong Enterprise Risk Management (ERM) culture.
Understanding Known vs. Unknown Risks
Known Risks: Predictable and Measurable
Known risks are uncertainties that can be identified, analyzed, and proactively managed based on historical data and past experiences. These risks fall into two categories:
- Known Knowns – Risks that are well-understood and can be controlled.
- Example: Customer service failures, system downtimes, and loan defaults.
- Known Unknowns – Risks that are expected but whose timing or magnitude is uncertain.
- Example: Likelihood of fraud when there is an opportunity for it.
Since known risks have been encountered before, businesses can develop risk management frameworks to mitigate their impact through control mechanisms and predictive modeling.
Unknown Risks: The Challenge of Emerging Uncertainties
Unknown risks are unanticipated events or uncertainties that organizations struggle to predict due to insufficient data, changing environments, or new industry trends. These risks often stem from:
- Regulatory and policy changes – Example: Interest rate capping laws in the Kenyan banking sector.
- Technological advancements – Example: Cybersecurity risks due to increased digital banking.
- Organizational changes – Example: Mergers and acquisitions leading to operational inefficiencies.
- Market shifts – Example: Unexpected inflation spikes or supply chain disruptions.
Because these risks cannot be proactively assessed using traditional risk management models, businesses must adopt adaptive strategies to identify and mitigate their impact before they escalate.
Recognition of our CEO by League of East African Directors
How to Manage Unknown Risks
1. Environmental Scanning and Market Monitoring
One of the most effective ways to prepare for unknown risks is continuous scanning of internal and external environments. Organizations must:
- Monitor local and international economic reports from sources like the IMF, World Bank, and regulatory agencies to identify early warning signals of policy changes.
- Engage in industry-wide discussions with competitors, regulators, and stakeholders to anticipate shifts in market trends.
- Analyze geopolitical developments that could influence regulatory and operational risks.
By staying ahead of regulatory and economic trends, businesses can position themselves to mitigate emerging risks before they materialize.
2. Reverse Stress Testing: Preparing for the Worst-Case Scenario
Reverse stress testing is a proactive risk identification tool where businesses:
- Start with a failed scenario (e.g., a major cyber-attack or regulatory crackdown).
- Work backward to determine how such a scenario could unfold.
- Identify vulnerabilities in existing processes that could lead to such an outcome.
Example:A reverse customer database check can help a bank identify Politically Exposed Persons (PEPs) that were not initially marked as high-risk clients. This ensures that the institution remains compliant with anti-money laundering (AML) regulations and prevents reputational damage.
3. Integrating ERM with Strategic Planning
Many organizations treat risk management as a separate function, but the best practice is to embed ERM into corporate strategy. Organizations should:
- Align risk assessments with business objectives to ensure risk considerations are factored into strategic decisions.
- Situate the ERM function within the strategy team rather than treating it as an isolated compliance requirement.
- Establish cross-functional risk committees that involve executives, business leaders, and compliance officers to identify emerging threats early.
By making risk assessment a core part of business planning, organizations can develop holistic strategies that are resilient against unknown risks.
4. Utilizing Insurance as a Mitigation Strategy
For risks that cannot be predicted or controlled, insurance serves as a crucial risk transfer mechanism. Businesses should:
- Assess their exposure to emerging risks and obtain relevant insurance coverage.
- Consider cyber insurance to protect against hacking, ransomware, and data breaches.
- Invest in business continuity and disaster recovery insurance to mitigate financial losses from unforeseen events.
A well-structured insurance plan ensures that financial liabilities from unknown risks are minimized.
5. Viewing Risks as Opportunities
Unknown risks are not always negative. Businesses that embrace uncertainty as an opportunity can gain a competitive edge. Instead of only focusing on the downside of risks, organizations should explore how to leverage risks for growth.
- Technological Disruptions: Companies that invest in AI-driven risk analytics can predict and manage risks more effectively than competitors relying on traditional risk management methods.
- Regulatory Changes: Banks that proactively align with new regulatory trends (e.g., ESG compliance, open banking) can attract investors and customers seeking ethical financial services.
- Market Shifts: Businesses that anticipate shifts in customer behavior (e.g., the rise of digital transactions) can pivot their strategies early and dominate emerging markets.
By adopting a growth mindset, organizations can turn risk into a driver of innovation and resilience.
Managing unknown risks requires a dynamic and proactive approach that goes beyond traditional risk management frameworks. While known risks can be controlled using past experiences, emerging risks demand adaptability, foresight, and strategic agility.
Key Takeaways:
✔ Regularly scan and monitor regulatory, economic, and geopolitical environments.
✔ Implement reverse stress testing to identify and mitigate vulnerabilities.
✔ Integrate ERM within strategic planning to create a unified risk management approach.
✔ Utilize insurance as a safety net against financial losses.
✔ Embrace uncertainty as an opportunity rather than a threat.
By embedding a strong ERM culture, financial institutions and businesses can effectively navigate uncertainties, remain compliant, and build long-term sustainability.
Next Steps for Organisations:
🔹 Conduct risk awareness workshops to educate employees on emerging threats.
🔹 Establish a dedicated risk intelligence team to track unknown risks.
🔹 Use data-driven risk analysis tools to improve predictive risk management.
🔹 Foster a culture where employees feel empowered to report risks without fear.
In an era of unprecedented uncertainties, businesses that embrace ERM as a strategic tool will not only survive disruptions but thrive in an ever-changing world.