---
name: managing-emerging-risk-identification
language: en
description: Structures emerging risk scanning with horizon analysis and early warning indicator development. Use when identifying emerging risks, scanning for new threats, or developing early warning systems.
tags:
  - management
  - risk-management
  - risk
metadata:
  author: casemark
  practice_areas:
    - Risk Management
    - Enterprise Risk
    - Market Risk
  document_types:
    - Management Report
  skill_modes:
    - Management
    - Coordination
---
# Managing Emerging Risk Identification

## When To Use

- Standing horizon-scanning cycles (quarterly, semi-annual) where the risk committee needs a structured inventory of threats not yet captured in the existing risk register
- Ad hoc scanning triggered by macro events — geopolitical shifts, regulatory proposals, technology disruptions, pandemic signals, or sudden market dislocations
- Developing or refreshing early warning indicator (EWI) frameworks tied to specific risk categories
- Preparing emerging risk sections for board risk reports, ORSA narratives, or enterprise risk appetite statements
- Evaluating whether a newly surfaced threat warrants escalation from "watch list" to active risk with capital or limit implications

## Inputs To Gather

- **Current risk taxonomy and register** — existing categorization (credit, market, operational, strategic, reputational, climate/ESG, cyber, model, etc.) so emerging risks can be mapped or flagged as net-new categories
- **Scanning horizon** — define time bands (e.g., 0–1 year near-term, 1–3 year medium-term, 3–10 year long-term)
- **Source universe** — regulatory pipeline (proposed rules, consultation papers), industry loss event databases, internal incident trends, macro-economic indicators, technology and competitive intelligence feeds
- **Risk appetite statement** — quantitative thresholds and qualitative boundaries that determine when an emerging risk crosses into active management
- **Prior emerging risk inventory** — last cycle's output, including disposition decisions (promoted, retired, unchanged)
- **Stakeholder audience** — CRO, board risk committee, business-line risk owners, or regulators [VERIFY which governance body receives final output]

## Workflow

1. **Define scanning scope and horizons**
   - Confirm risk taxonomy version in use; agree on time-horizon bands
   - Identify any thematic focus areas requested by leadership (e.g., AI/ML model risk, sovereign credit deterioration, supply-chain concentration)

2. **Harvest signals from source universe**
   - Scan regulatory proposals, supervisory guidance, and enforcement actions relevant to the firm's jurisdictions [VERIFY applicable regulators — Fed/OCC/FDIC, PRA/FCA, ECB/SSM, MAS, etc.]
   - Review industry loss databases (ORX, SAS OpRisk), peer disclosures (10-K risk factors, Pillar 3 reports), and rating agency sector outlooks
   - Collect internal signals: near-miss incidents, audit findings, model validation exceptions, limit breaches, concentration drift

3. **Categorize and characterize each emerging risk**
   - For each candidate risk, document:
     - **Description** — what the risk is and its causal drivers
     - **Horizon band** — near / medium / long-term
     - **Velocity** — how quickly impact could materialize (sudden, gradual, episodic)
     - **Potential impact channels** — P&L, capital, liquidity, operational continuity, reputation
     - **Interconnections** — linkage to existing register risks or other emerging risks (contagion paths)
   - Assign a preliminary severity rating using the firm's impact/likelihood matrix or a qualitative High/Medium/Low scale

4. **Develop early warning indicators (EWIs)**
   - For each high- and medium-severity emerging risk, propose 2–4 leading indicators with:
     - **Data source and refresh frequency**
     - **Threshold / trigger level** — green / amber / red bands tied to risk appetite
     - **Owner** — business line or control function responsible for monitoring
   - Examples: CDS spread widening beyond historical percentile, regulatory comment-letter volume spike, patent-filing acceleration in disruptive technology, cyber-threat intelligence score elevation

5. **Disposition and escalation recommendations**
   - Compare current inventory against prior cycle; for each risk recommend one of:
     - **Promote** — move to active risk register with assigned owner, limits, and capital treatment
     - **Watch** — retain on emerging risk list; specify next review trigger
     - **Retire** — risk has materialized (now active) or dissipated; document rationale
   - Flag any risk where current risk appetite framework has no coverage and recommend appetite-statement amendment

6. **Compile management report**
   - Produce the emerging risk report with executive summary, heat map visual, individual risk profiles, EWI dashboard design, and disposition decisions
   - Include an appendix listing sources consulted and assumptions made

## Output

The deliverable is an **Emerging Risk Identification Report** containing:

- **Executive summary** — top 3–5 emerging risks ranked by severity and velocity, key changes from prior cycle
- **Heat map** — two-dimensional plot of likelihood vs. impact, color-coded by horizon band
- **Individual risk profiles** — one per emerging risk with description, drivers, impact channels, interconnections, EWIs, and disposition recommendation
- **EWI dashboard specification** — indicator definitions, data sources, threshold calibrations, and monitoring ownership
- **Disposition log** — promoted, watched, and retired risks with rationale
- **Assumptions and limitations** — data gaps, jurisdictional caveats, model uncertainty

## Quality Checks

- Every emerging risk is mapped to at least one risk taxonomy category or explicitly flagged as a proposed new category
- EWI thresholds are anchored to observable data and aligned with the firm's risk appetite bands — no arbitrary or undefined triggers
- Interconnections are documented; risks are not treated as independent when common drivers exist
- Prior-cycle risks are explicitly dispositioned — none silently dropped
- Regulatory and jurisdictional dependencies are marked with [VERIFY] where the analysis may not generalize across operating entities
- Report avoids speculative language; where uncertainty is high, confidence level is stated and escalation to subject-matter experts is recommended
- Severity ratings use the firm's approved impact/likelihood definitions, not ad hoc scales [VERIFY alignment with current risk appetite framework version]