Operational Resilience and Geopolitical Risk

In this article, we explore considerations for financial institutions from the recent speeches by APRA Executives, specifically that of Chris Gower¹, Executive Director of Cross Industry Risk.

Mr Gower sought to focus Australian financial institutions on an external risk which appears on few Australian risk registers: Geopolitical Risk.

Read the full article

.

What is Geopolitical Risk?

Geopolitical risk refers to the potential for political, economic, military, or social events—often arising from tensions, conflicts, or shifts in international relations—to disrupt the normal functioning of societies, economies, and markets on a global or regional scale. These risks can stem from wars, terrorism, territorial disputes, trade conflicts, political instability, or diplomatic tensions between countries.

.

Why is Geopolitical Risk Important?

Geopolitical risks can be many years in the making and often, though not always, materialise suddenly and in ways which are difficult to predict.

They are often systemic and “macro” – and standard risk management techniques such as internal controls may not foresee their consequences adequately.

Historical data may be unavailable or unreliable – challenging the value of mathematical modelling. Real time qualitative scenarios are likely to be key to understanding qualitative and quantitative outcomes, with a focus not on mitigation but on resilience.

.

Why Now?

Australia has been slow to include geopolitical risk in its lexicon, whereas in other developed economies and regulatory regimes it has been actively considered for some time. Lloyds 2025 RDS Specification includes a specific approach for the assessment of political risk. CPS230 Operational Risk Management does not mention Geopolitical Risk, nor does CPS220 Risk Management.

With escalating tensions between states and non-state actors, as well as in relation to international trade, the geopolitical effects of events around the world are already being felt in Australia.

Australian financial institutions should consider the messages in APRA’s speech and what it means for their resilience, individually and collectively.

.

Key Characteristics of Geopolitical Risk

• Multi-faceted Nature: Geopolitical risk is not limited to a single type of event; it encompasses a wide range of threats including armed conflicts, acts of terrorism, political and economic upheaval, and even cyber warfare.
• Global Impact: Such risks can have far-reaching consequences, affecting not only the countries directly involved but also the broader international community through disruptions to trade, supply chains, financial markets, and energy supplies.
• Fragmentation of Global Systems: Rising geopolitical tensions can lead to financial and economic fragmentation, reducing cross-border investment, disrupting international payment systems, and limiting risk diversification. This fragmentation increases macro-financial volatility and can threaten long-term global stability.
• Economic and Financial Effects: High geopolitical risk is associated with lower economic activity, increased market volatility, spikes in uncertainty, lower stock returns, and capital flight from emerging to advanced economies.
• Difficult to Predict: The timing and magnitude of geopolitical risks are notoriously difficult to forecast, as they depend on complex interactions between nations, non-state actors, and global events.

.

Transmission Vectors

Geopolitical risks influence global stability and decision-making primarily through two channels:

• Financial Channel: Increased uncertainty leads to risk aversion, increased market and currency risks, changes in investment portfolios, and shifts in capital flows, affecting financial stability and market performance[1][2].
• Real Economy Channel: Disruptions to trade, supply chains, and commodity markets directly impact economic growth, employment, and inflation.

At a system level, the effects can be felt via national developments, localised geographic exposures and industry impacts.

The system level impacts may affect companies and institutions on an asymmetric basis.

.

Examples of Geopolitical Risk Events

• The Russia-Ukraine war and the Israel-Hamas conflict have both caused widespread disruptions in global supply chains, financial markets, and energy prices, illustrating how regional conflicts can escalate into significant geopolitical risks with global repercussions.
• Cyberattacks targeting critical infrastructure, such as the 2021 ransomware attack on the US Colonial Pipeline, represent a newer dimension of geopolitical risk.

.

How Can Financial Institutions and the Australian Financial System safeguard their interests in an unpredictable global environment?

• Shifts in Investment and Capital Allocation: Heightened geopolitical risk prompts investors to reallocate capital, often moving funds away from high-risk regions to safer assets or countries. This can result in sudden reversals of capital flows, particularly impacting emerging markets.
• Policy and Strategic Adjustments: Policymakers and business leaders must adapt strategies to account for increased uncertainty and potential shocks. This includes building more resilience into industries and company level supply chains, enhancing cybersecurity, and holding greater capital and liquidity buffers.
• Scenario Planning and Risk Mitigation: Organizations and governments increasingly incorporate geopolitical risk assessments into their strategic planning, using scenario analysis and stress testing to prepare for potential disruptions.
• Innovation and Adaptation: While risks can destabilize, they can also drive innovation as countries and companies seek new solutions to mitigate vulnerabilities and adapt to changing global dynamics.
• Insurance or Risk Transfer: Insurance is available in limited circumstances.

.

How Financial Institutions Can Respond to Geopolitical Risk

To effectively respond, institutions can adopt comprehensive, proactive strategies that integrate geopolitical risk into their core risk management and decision-making processes.

.

Key Response Strategies for Financial Institutions:

Integrate Geopolitical Risk into Enterprise Risk Management. Geopolitical risks should be treated as an ongoing part of business-as-usual (BAU) operations, not just as rare or extreme events. This involves embedding geopolitical risk assessments into existing risk management and strategic planning frameworks, ensuring that these risks are considered alongside other core risks. Financial institutions may be responsible for, exposed to, or reliant on Critical Infrastructure to support their resilience.² Examples include payments systems and telecommunications networks.

Analyse and document your entity’s business. Entities should develop a granular understanding of their country risk profile, sovereign risk exposures and supply chain risks. For example, globally 17% of goods are sourced from fewer than three countries.³

Establish Clear Governance and Ownership. Boards set the tone from the top and can start the conversation. Assign responsibility for geopolitical risk management across relevant functions, such as risk, strategy, government affairs, and corporate affairs. Some institutions may set up dedicated geopolitical risk functions, while others ensure cross-functional collaboration and clear lines of accountability.

Scenario Planning and Stress Testing. Develop and regularly update a range of plausible geopolitical scenarios—base-case, worst-case, and best-case—to assess potential impacts on capital, liquidity, and business operations. Use these scenarios to stress test the institution’s resilience to shocks such as conflicts, sanctions, or regulatory changes.

Continuous Monitoring and Horizon Scanning. Invest in tools and expertise to monitor global political developments, economic trends, and conflict zones in real time. Devote resources to participating in industry forums and national security information exchanges. This enables early identification of emerging risks and supports timely decision-making.

Develop and Test Contingency Plans. Prepare predefined crisis response processes, including communication strategies, cyber defenses, and operational continuity plans, to ensure the institution can act quickly and effectively when operational risk events occur.

Engage External Expertise. Consult with geopolitical analysts and leverage intelligence from think tanks and international organizations to validate assumptions and inform scenario development. Smaller financial institutions should consider leveraging intelligence and collaboration opportunities afforded by industry bodies and cross industry networks.

Adjust Capital Allocation and Risk Appetite. Reassess risk appetite and adjust lending, investment, and exposure strategies in response to changing geopolitical landscapes, reducing vulnerability to high-risk regions or sectors.

Transfer Risk via Insurance. Insurance cover is available in global markets for many political risks. For insurers themselves, reviewing and maintaining appropriate reinsurance cover is critical to enable them to fulfil their ability to act as a “shock absorber” to the global economy.

.

The role of Insurance in a volatile global economyPolitical risks for which insurance is available include Trade Credit, Kidnap & Ransom and Terrorism.

A few examples are:

• Parametric insurance or discretionary mutuals can potentially be used to transfer risks relating to cyber-terrorism, political unrest, pandemic, warfare, global economic downturn: Parametric Insurance a tool to speed your disaster recovery
• The Australian Reinsurance Pool Corporation (ARPC) provides terrorism reinsurance for commercial property in Australia and associated business interruption
• The ARPC has investigated extending its coverage to include cyber terrorism: Insurance Coverage for Cyber Terrorism in Australia
• Specialty insurance providers in Australia are able to provide war and terrorism insurance across a broad spectrum of industries
• UK War Risks provides specialist war risks insurance to protect international flag ships of any type or size against malicious loss or damage by a third party, anywhere in the world

.

Using Business Continuity & Disaster Recovery scenarios and testing to build resilience

“Whether it’s the prospect of a trade war sparking a global recession or a major cyber-attack on the payments system, Australians expect their banks, insurers and superannuation funds to be resilient and prepared for these risks.”

– John Lonsdale. APRA Chair (July 2025)

.

1 APRA Executive Director of Cross-industry Risk Chris Gower speech to AFIA Risk Summit 2025

2 Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Act 2024 – Federal Register of Legislation

3 Moody’s Analytics Trading Blows Part 2: Shining a Light on Hidden Supply-Chain Vulnerabilities published May 2025