Peter Plochan, EMEA Principal Risk Management Advisor at SAS – Interview Series

Peter Plochan is the EMEA Principal Risk Management Advisor at SAS who helps financial institutions to deal with their challenges around finance and risk regulations, enterprise risk management, risk governance, forward looking risk analysis, stress testing, model risk management, risk modelling and climate change risk management.

Peter has a finance background (Master’s degree in Banking) and is certified Financial Risk Manager (FRM) with 14 years of experience in risk management in financial sector. He has assisted various banking and insurance institutions with large-scale risk management implementations while working both internally and also externally as a risk management advisor (PwC). Since joining SAS in 2014, Peter serves as a global acting domain expert – leveraging the latest trends in risk analytics & technology with his deep risk management & finance expertise.

You’ve worked across major financial institutions and advisory firms including PwC, ABN AMRO, Atradius, and now SAS, with extensive experience in banking regulation, enterprise risk management, and financial stress testing. Looking back across your career, what structural weaknesses in how banks approach geopolitical risk have remained surprisingly unresolved?

I was hosting a recent webinar with geopolitical risk specialists. One bank chief risk officer summed up the ongoing challenge nicely when he noted, “Slow risk management is bad risk management.” When faced with geopolitical shocks, banks often need a sudden and rapid response.

The world economy is increasingly interconnected. And this means the speed of any contagion from a geopolitical shock is increasing as well.

Of course, geopolitical shocks are varied, from changes in oil prices to trade wars and tariffs to shooting wars, among others.

Banks and financial services institutions cannot afford to wait too long to assess the impact of such shocks to their balance sheets. Speed is still king.

In the last 10 years, the financial services industry has improved its ability to run risk calculations faster than ever. Yet stress testing remains one of the most compute-intensive and process-heavy activities at financial institutions.

Banks need to make an inventory of their loans and assets, then assess which parts of their balance sheet are susceptible to specific shocks. A key driver of success in this effort is how detailed and how complete the banks set up these inventories, and how thorough their analyses and assessments of risk are.

For example, banks need to look not just at the geopolitical shocks themselves, but also at their indirect effects, which are sometimes less obvious and slower developing than the shocks themselves. What does an oil price spike do not only at the gas pump but across the entire supply chain? And how might a rise in oil prices affect not only gasoline, diesel and other transportation costs, but also costs and prices for fertilizer, plastics and even pharmaceutical drugs produced in a specific country or region?

In many cases, banks do not have a deep understanding of the potential effects of geopolitical shocks on their customers and their customers’ supply chains, which makes geopolitical risk management more difficult.

Through geopolitical risk management, banks try to better understand and assess the impact of shocks on their customers and the customers’ loans, which comprise the bulk of the banks’ balance sheets. Geopolitical risk management for banks tries to answer a question that is simple on the surface but complicated beneath: What will this shock mean to each bank customer and their ability to repay loans?

As with climate risk management (which has many parallels with geopolitical risk management), each bank needs to go much deeper than they normally do. By gathering and analyzing the right data and applying methodologies like stress testing, a bank can better understand their customers’ exposure to a shock and their own balance sheet risk.

By treating all risk management – for geopolitical risk, climate risk, credit risk, liquidity risk et al. – as much more than a compliance exercise, banks can uncover insights that can guide core business planning.

By using analytical insights from a robust risk management program (including stress testing), the bank can make better business decisions to mitigate geopolitical and other risk and strengthen its operational resilience.

For readers unfamiliar with the term, what exactly is “stress testing” in banking, and why has it become increasingly important in today’s geopolitical and economic environment?

Stress testing is a form of scenario analysis. Using forward-looking simulations, a bank or other financial services firm can examine an economic situation (e.g., inflation going down, taxes or electricity costs going up) or change and assess its impact on the bank’s financial and risk indicators and performance.

Stress testing is one of the most complicated and compute-intensive activities at a financial institution, requiring many complex calculations. In order to answer key “what-if” questions and better understand the effects of geopolitical, climate and other risks, banks need to gather data on their customers, economic trends (from public and private sources) and their sensitivity to the specific risks they want to assess. They then must analyze this data to discover potential impacts across their loan portfolios and balance sheets.

Geopolitical stress testing focuses on determining the future performance of a bank based on the effects of shocks like war, trade restrictions, tariffs and sanctions, among others. Geopolitical stress testing shares many of the same characteristics as climate stress testing, which focuses on the effects of climate shocks (e.g., floods or constantly increasing temperatures).

Stress testing is a key risk management tool and a decisioning engine. Since no bank has a crystal ball, they do not know which scenario or shock will happen next. But banks can perform what-if analysis based on possible scenarios to determine future risks and possibilities – even opportunities – for their customers and their own operations and use the outputs to start preparing accordingly.

Geopolitical risk is on the rise, with shocks coming faster than ever and often overlapping. Since geopolitical events affect markets, trade and supply chains simultaneously, stress testing helps banks simulate future scenarios earlier and prepare potential responses.

As another CRO noted to me on a recent panel, “Insight without action has zero value.” By applying analytical insights, stress testing supports better business decisions. The result? Banks can take informed actions to navigate geopolitical shocks while fine-tuning their business strategy.

Geopolitical shocks today often unfold simultaneously across trade, energy, commodities, cyber threats, and supply chains. Are traditional banking risk models still capable of handling this kind of interconnected systemic risk?

Partially.

When we think about traditional banking risk modeling and its ability to handle interconnected and systemic risk, there are two layers at which banks assess the impact of a geopolitical shocks to their portfolios.

The first layer is at the macroeconomic level. If there is an oil-price shock, for example, a bank will try to understand the high-level impact on the regional or local economy where a customer sits.

So if a bank’s customer is a major Texas-based manufacturer, that state’s economy might actually improve during an oil shock, since it produces oil. The bank’s macroeconomic risk modeling might indicate that companies in Texas are more likely to flourish as unemployment goes down and business volume goes up locally, for example. On the other hand, most other economies will be impacted negatively, which would adversely affect the business activities of all Texas companies.

Today, at the macroeconomic level, most banks have a solid foundation in terms of modeling. In their stress testing, they can translate geopolitical shocks into macroeconomic indicators (at a state, country or regional level).

Using our example, a bank will have in place a model that predicts what will happen to the manufacturing sector in Texas in terms of probability of default if the state’s GDP increases by a specific percentage.

So banking risk models are already equipped to analyze the macroeconomic impacts of geopolitical shocks on the bank’s customers (and borrowers).

But the second layer remains a challenge.

At the micro level, a bank needs to zoom in to assess a specific customer’s sensitivity to a particular geopolitical shock and that customer’s risk of default as a result.

What is a drop of 50% in the production of fertilizers going to do to a manufacturer of cars? Not much, at least not directly (though this manufacturer would almost certainly feel the effects of resulting high inflation). But if the customer is an agricultural producer, it might mean a big drop in revenues.

At the micro level, banks need data granularity and specificity in their stress testing and risk modeling. They need to zoom in to business sectors, regions and individual counterparties in their portfolios, and understand which customers are sensitive to which types of geopolitical risks. Ultimately the banks need insights into how a specific shock will affect each customer and its ability to repay loans, as well as to support decisions on whether to extend loans, change terms or even choose not to extend credit.

What makes micro modeling particularly challenging is that you often cannot generalize across an industry or region. One of the bank’s agricultural customers might be a green producer that does not use any fertilizers. So making assumptions based on a customer’s industry or sector might lead to bad information and decisions.

Since banks typically do not have granular data on a customer’s operations, they need to balance the cost and effort in gathering this detailed data – via surveys and questionnaires, for example – with the benefits they receive from having more granularity in their models.

Sometimes this data is difficult to obtain. A bank’s customer might not know if their fertilizer travels through the Strait of Hormuz, for example.

The more granular the data a bank collects, the more potential insights it can derive. But the deeper it goes, the more expensive it is in terms of time and effort to gather this information.

To get around this challenge, banks often take a Pareto approach – the old 80/20 rule still applies. Banks often have 80% of their exposure or risk within 20% of their portfolio or customers. So they can concentrate on their top exposures and try to simplify the rest. Simplification would include performing analysis on (sub)region and/or (sub)sector level rather than on individual customer level.

As with climate stress testing, having limited or no data is not an excuse to skimp on these risk assessments.

The key message from European Central Bank guidance on climate risk applies to geopolitical risk as well. The ECB acknowledged that banks often do not have all the data needed to do climate stress testing. And that banks taking actions based on limited data will introduce challenges and errors. But the ECB noted that taking no action is even a higher risk. So banks need to act, even with limited data. The same logic holds for geopolitical risk analysis.

How are banks beginning to use artificial intelligence and large language models to monitor real-time geopolitical developments and turn them into actionable risk assessments?

Banks are starting to use AI agents to analyze unstructured data, a typical use case for AI.

For example, banks can apply AI agents to news portals, looking for predefined text that might indicate a geopolitical shock is coming, and raising raise alarm bells within the institution.

And as previously discussed, banks want to better understand their key customers and where their operations and supply chains are distributed geographically. Some banks are deploying AI agents to crawl through customer disclosures and other public information to understand where a company’s key factories and suppliers are located. When a shock happens in a certain region, the bank can better understand its impact on that customer.

Banks with hundreds of companies in their portfolio need to run these analyses at scale. AI agents can help automate parts of the stress testing calculations. So if certain geopolitical events breach predefined thresholds that the bank has set, the agent can prepare macroeconomic scenarios and execute a stress testing calculation automatically.

And in another example, AI and large language models (LLMs) can help explain the results of the stress test to business users and senior managers. Based on predefined playbooks, the AI agents can even suggest certain corrective actions.

So AI is already being used for different pieces of the stress testing process, though we are in the early stages.

Many financial institutions already face staffing and resource constraints inside risk and compliance teams. Where is AI currently providing the biggest operational advantage?

For bank risk and compliance teams, AI helps automate data gathering, scenario generation, calculation execution and interpretation. This gives these teams more time to spend interpreting the results of model analysis and advising leadership on risk strategy.

Traditional, generative and agentic AI also support many activities in geopolitical stress testing. This includes gathering data on and analyzing the sensitivity of customers (and their operations, supply chains, etc.) and bank portfolios to geopolitical shocks. As noted previously, LLMs and AI agents can also help explain the results of stress tests to leadership to support better decisions.

It is worth mentioning that using AI and analytical models for decisions introduces additional risks, because the model might be wrong or not accurate enough.

Banks have been performing model risk management for more than a decade. And as many model risk managers like to say, “All models are wrong, but some are useful.”

Since models are a simplification of a future state, by definition they are not completely accurate. Banks and financial services organizations need to be mindful of and manage model risk as they deploy AI-powered models for stress testing and risk management.

AI governance is crucial to banks and financial services firms. It helps them protect and manage sensitive data and comply with regulations while ensuring transparency and managing risk.

Governance is particularly important for AI and machine learning (ML) models, which can make accurate predictions but can also respond inappropriately to unexpected situations, leading to bad decisions. AI and ML models need frequent performance monitoring and data review. Oversight via AI governance and model risk management ensures transparency, with a bank able to clearly explain – to regulators and senior management – both how its AI models work and the decisions that come from them.

You’ve spent years working on climate risk and sustainability frameworks for financial institutions. Do you see geopolitical risk stress testing becoming just as strategically important as climate risk analysis?

Yes. Geopolitical risk management increasingly will become business as usual for banks and financial services firms. More and more, these risks will be embedded into traditional credit and market-risk models as they become a standard part of overall risk management efforts in the banking and financial services sector.

Climate risk has pushed banks to modernize their stress testing frameworks, due to its complexity and potentially massive impact on financial performance.

Similarly, geopolitical risk – and the speed and frequency of events and shocks – can substantially affect the financial results of banks. It puts pressure on banks to assess (through stress testing), mitigate and account for it.

Both are and will continue to be strategically important, as banks deal with geopolitical shocks like the conflict in Iran and its repercussions, as well as continued climate-related effects like the “Super” or “Godzilla” El Niño forecast for this year.

Many organizations still view stress testing primarily as a regulatory requirement rather than a strategic tool. What opportunities are banks missing by taking that approach?

It is short-sighted for a bank to focus its stress testing primarily on achieving regulatory compliance. While adhering to regulations is crucial, stress testing can help financial service organizations to do much more than just compliance.

By taking a more strategic approach to stress testing, banks can conduct what-if analyses that assess possible scenarios and the impact of alternative responses to both geopolitical shocks and climate change.

The results of these what-if analyses can help a bank choose the optimal path forward, recognize new business opportunities, adjust its lending strategy and find competitive advantage through its risk management efforts.

The data and models are already there. It is a missed opportunity not to use them fully.

Of course, the efficiency, flexibility and maturity of a bank’s underlying stress testing processes and systems will determine what the bank can achieve. And whether stress testing is a mere answer to regulatory compliance or a more comprehensive decision-support engine.

As that CRO told me, “Insight without action has zero value.”

The recent report, Climate Stress Testing Methodologies: Current Practices, Challenges, and the Road Ahead, benchmarks current practices; identifies gaps in modeling, governance and infrastructure; and offers practical advice for integrating climate stress testing into core risk frameworks. The report, from the United Nations Environment Programme Finance Initiative (UNEP FI) and SAS, is based on input from 21 global banks.

As financial institutions increasingly rely on AI-driven systems and automated modeling, are you concerned about new forms of model risk emerging inside banking infrastructure itself?

As noted previously, model risk management has been a core process at banks for more than 10 years. And the accelerating adoption of AI and analytical models introduce additional risk, because they might be inaccurate.

Recently I moderated a virtual panel discussion featuring model risk management (MRM) heads. One of the key conclusions, confirmed by both the experts and the global audience, was that AI risks are significantly higher than classical model risks.

Banks and financial services companies need to embrace and adopt comprehensive AI governance to protect and manage sensitive data, comply with regulations, and ensure transparency and effective risk management.

Which geopolitical risk factors do you believe are currently underestimated most by the financial sector: cyber conflict, trade fragmentation, sovereign debt pressure, energy disruption, supply chain instability, or something else?

All of these are risk drivers that can emerge from geopolitical events. And I would say the one causing the most headaches for banks is supply chain disruption.

This connects to our earlier discussion of macro and micro-economic factors.

If there’s an oil price shock, for example, a bank can analyze the macro numbers and see the resulting market volatility and pressure on credit and liquidity.

But it is harder for banks to assess the impact on their portfolio because most banks do not have granular micro customer-level information on how such a shock affects each customer and their operations.

For banks, it boils down to using stress testing to better determine how geopolitical events and climate change affects their portfolio of loans and the ability of each customer to repay them.

Of course, more often than not, these risk drivers do not occur in isolation, but rather in combination. So it is not that banks underestimate any of them. Through the powerful tool of stress testing, banks can better assess the impact of multiple drivers and factors on their operations and overall risk exposure.

Looking ahead over the next five years, how do you see AI-enhanced stress testing changing the way banks allocate capital, evaluate risk, and prepare for future crises?

Over the next five years, AI will help banks form a much better view of future scenarios. And AI-driven stress testing will be less a periodic exercise and more a continuous capability.

Banks will run more scenarios, more often, and use them to inform business decisions.

Because financial service firms that can act quickly on AI-powered insights will have a clear competitive advantage, especially in fast-moving geopolitical crises.

Banks and their technology teams and partners must remain committed to creating processes that build more trust in AI-driven calculations.

So when a bank uses a generative AI tool with its Asset & Liability Management (ALM) system, for example, it can trust the results and not overly worry about hallucinations.

Or when it runs a geopolitical or climate risk stress test, the bank can have even more confidence in the results of the analysis and the business decisions it makes as a result.

Thank you for the great interview. Readers who wish to learn more about Peter Plochan’s work and thought leadership can visit PeterPlochan.com or explore the risk management, analytics, and AI solutions offered by SAS.