Considerations for Enterprise Risk in a Pandemic

A pandemic is not only a health crisis, but also brings with it an enormous economic disruption that society must manage through. Apart from healthcare, central banks and the government play a major role; by providing access to much needed capital and liquidity, financial institutions and banks are designated as a critical service needed in order for the economy to function normally.

For financial institutions and banks to work effectively in any situation, it is imperative for leading firms to have an effective risk management process. Firms need to have a framework that is dynamic and adaptable to changing environments and is consistent with the firm’s strategic goals and growth aspirations.

To ensure effective business continuity, there are certain measures that banks should immediately institute during a pandemic.


Key Measures that can be undertaken immediately:

  • Engage the Board/ Oversight Committee more often and seek guidance.
  • Discontinue broad-based marketing campaigns and focus on specific, relevant, and appropriate products and services given the prevalent environment.
  • Focus on current and existing clients and create campaigns around support during and after a pandemic.
  • Have a view on competitors in terms of products, rates, and incentives. Make appropriate adjustments more often than normal and engage the relevant committees, including the Board.
  • Focus on caring for the greater good. Banks should make every effort to participate in government offered programs even though they may be onerous and may not generate significant income: It’s important for banks to show their commitment to their customers, employees and communities.


Key Risks for the Board and Management to Constantly Monitor



One of the most significant risks in a pandemic is how customers and regulators perceive the bank in terms of their conduct during this period. Any dissatisfaction with the bank’s actions and decisions related to its operating model, product offerings, approval decisions, administrative hurdles, and broad-based communications during the pandemic may result in negative opinions and create long-term harm to the institution.

Here are some considerations for Banks to mitigate this risk:

  • Implement proactive communications on services and offerings, including issuing FAQs and requirements that are easy to follow.
  • Incentivize associates in customer-facing positions through bonuses and other programs. Make them understand that they are vital and are appreciated for their efforts.
  • Monitor and respond to negative news and social media posts.
  • Understand current regulatory directives and requirements around forbearances and, if possible, delay foreclosures and collection efforts until after the pandemic.



A pandemic may force banks to consider new operating models of all critical processes, which will put a big strain on the people, process, and technology.

People: Employees that are customer facing may face widespread unavailability of critical support, combined with significant demand on their time to provide customer service in the new paradigm. Employees from functions that typically do not interact with customers, such as Finance, may be needed to support surges in loan operations or credit risk functions given new programs that may be put in place. There will be steep learning curves required to effectively understand and deliver on these programs.

Process: New processes, including automated workflows, that may need to be put in place to administer the work effort and inherent risks and controls over such processes may not be fully vetted.

Technology: “On the fly” approvals of unplanned systems and platforms may be needed to respond to the environment. Platforms may have unproven security and administration controls. Dependencies of each unplanned system and platform may not be fully understood and/ or may be outside of a bank’s control. Strains on VPN and work from home requirements could put added strain on hardware and software.

Third Parties: A firm’s dependency on third parties for key processes may hurt or benefit the efforts, so it is important to understand the extent of your reliance on others for daily processing. Effective contingency and Business Continuity Plans (BCP) that have been developed and tested will become a key resource. If BCP plans don’t exist, operations are likely to be significantly degraded and your institution will be subject to significant regulatory scrutiny down the road.

Cybersecurity: Vulnerability to hackers and others will increase. Customers under distress may resort to schemes that harm the institution.

Here are some considerations to mitigate this risk:

  • Engage providers/ consultants for contingency staffing for increased surges; constantly check in and train employees, digitize manual processes, show empathy, and monitor productivity weekly.
  • Reduce on-site transaction hours with reduced employee presence. Rotate teams on a biweekly basis to work at on-site locations in order to practice social distancing.
  • Train cross-functional teams who are required to provide support to meet increased demands to take on processes that they may not have had prior exposure to.
  • Enhance operational monitoring and the use of dashboards that are needed to be rectified in order to identify exceptions and non-compliance matters.
  • Increase connection bandwidth and monitor access to sensitive applications.
  • Proactively manage service-level agreements (SLAs) and communication with third parties, understand that they are also experiencing the pandemic. Focus on how to get the critical processes up and running, including allowing certain third-party employees to also work from home.
  • Monitor and respond to cyber threats, consider engaging with a third party to monitor networks, and establish protocols to respond.



For new programs instituted by the government, there may not be clear guidance on compliance requirements, as well as interim guidance that may seem to conflict other rules. A pandemic may also force compliance functions to monitor unusual transaction activities and trends, which may have to be incorporated into models and systems for effective supervision. For example, a customer may now have increased foreign transactions/ deposits/ cash movements within their account, which may not be the normal pattern in usual circumstances.

Increased demands may require assistance from employees that are not registered or authorized to transact on a customer’s behalf. Given new operating models not yet in compliance with corporate policy and regulatory requirements, supervision requirements may need to be increased.

Here are some considerations to mitigate this risk:

  • Reinforce training and regulatory requirements. New processes should have adequate risk and controls around Bank Secrecy Act (BSA)/ Anti-Money Laundering (AML)/ Know Your Customer (KYC) and other requirements.
  • Monitor and implement emerging guidance, and continually offer challenges to enhance processes with adequate controls and monitoring capability.
  • Document and maintain records for all exceptions that must be followed up and supervised subsequently.



A pandemic is likely to create an enormous economic disruption for borrowers. Loan payments may be delayed and collateral may be significantly devalued. Banks may have to set aside increased reserves impacting the financial performance of the bank. Credit risks are bound to increase during a pandemic and must be managed effectively to minimize unfavorable financial results. Credit risk is likely to increase across most asset classes, including investments held for sale and held to maturity.

Here are some considerations for Banks to mitigate this risk:

  • Continuously monitor CECL assumptions, run and test scenarios, and perform analyses that are monitored by management.
  • Formalize reporting of deferrals, modifications, and accommodations; monitor unutilized commitments regularly.
  • Limit investments to high-grade bonds only and minimize equity investments.
  • Increase frequency of stress test and portfolio monitoring by the Risk/ Investment Committee.



Customer and borrower demand for cash-on-hand during a pandemic will add stress to the liquidity scenario for banks. There should be a contingency funding plan for banks that is dynamic, forward looking, and one which continually evaluates changes in the macroeconomic environment and emerging regulatory views.

Here are some considerations to mitigate this risk:

  • Implement daily monitoring of secured line utilization (such as Federal Home Loan Banks [FHLB]) in coordination levels of uninsured deposits.
  • Provide ongoing review of liquidity risk, forecasts, and stress testing of results. Evaluate triggering events and respond appropriately.
  • Evaluate investments held for sale as an additional source of liquidity.
  • Prioritize access to funds for banks on a severity and grading scale (less to more), one of which could be:
  1. FHLB
  2. Secured borrowings
  3. Overnight cash
  4. Federal Reserve Discount Window



 The Federal Reserve is often called upon during a pandemic to manage the national economic impact by its function of setting interest rates. Interest rate cuts and other responses to the situation may reduce net interest income and earnings.

Here are some considerations to mitigate this risk:

  • Continue to perform stress testing and evaluate forecasts continuously.
  • Increase senior management-level oversight and review and look into hedging strategies not previously contemplated in order to minimize impacts of adverse movements.



No matter what the situation, firms that have effective and dynamic risk programs have a better chance to achieve operational resilience. While we have looked into specific risks and certain key steps that banks can take, we encourage them to look and plan for interdependencies across the enterprise. For example, a cyber event may snowball into a compliance issue, which could lower the bank’s rating and result in reputational risk. The Governance, Risk, and Compliance (GRC) platform can be used to create an aggregate view across risk management functions. The availability of real-time data increases in importance. There may be needs to digitize processes, invest in data visualization, and create holistic platforms that provide an enterprise view. In a pandemic, your enterprise risk management practices are likely to become one of the most critical factors in your ability to survive.



Our latest guidebook provides leaders with a roadmap to enhance resiliency plans, simplify operations, address new financial requirements, and more. To download, please click the link below.

Download Now

Taking a Strategic Approach to Cybersecurity in a Downturn Economy
COVID-19 Has Closed Stores But Not Your Books
Related Posts
CTR Transformation Generates $1 Million In Cost Savings for a Private Equity Firm
CTR Transformation Generates $1 Million In Cost Savings for a Private Equity Firm
Automated Multi-Currency Management and Accounting Transformation for a Hedge Fund Company
Automated Multi-Currency Management and Accounting Transformation for a Hedge Fund Company
Internal Audit Is More Than SOX: How IA Can Expand Risk Coverage
Internal Audit Is More Than SOX: How IA Can Expand Risk Coverage