| Key Takeaways |
| Counterparty credit risk (CCR) is the risk that a counterparty defaults before the final settlement of a transaction’s cash flows. Unlike standard credit risk on a loan, CCR creates bilateral exposure because the market value of the transaction can be positive or negative to either party. |
| The Basel Committee on Banking Supervision (BCBS) issued finalized CCR management guidelines in 2024, requiring comprehensive due diligence, credit risk mitigation strategies, complementary exposure metrics, and strong governance frameworks. These guidelines replace the 1999 sound practices document. |
| Two core metrics drive CCR measurement: Potential Future Exposure (PFE), which estimates maximum exposure at a future confidence level, and Expected Exposure (EE), which calculates the average positive exposure over the life of the contract. Both require Monte Carlo simulation for derivatives portfolios. |
| The Archegos Capital collapse in 2021 caused over $10 billion in losses across six global banks, demonstrating how leverage through total return swaps can concentrate counterparty risk invisibly. The Federal Reserve issued explicit supervisory guidance in response. |
| Credit Valuation Adjustment (CVA) quantifies the market value of counterparty credit risk. Under Basel IV, banks must calculate CVA capital charges using the standardized approach (SA-CVA), which directly affects profitability on derivatives transactions. |
| Effective CCR management requires seven pillars: governance, due diligence, exposure measurement, limit management, collateral and margining, stress testing, and close-out preparedness. This guide provides implementation details for each pillar. |
| A 90-day roadmap takes organizations from basic counterparty monitoring to a structured CCR framework aligned with BCBS guidelines, including PFE calculations, limit governance, and stress testing. |
The Basel Committee on Banking Supervision (BCBS) finalized its counterparty credit risk management guidelines in late 2024, replacing a framework that had been in place since 1999. The update was not cosmetic.
The Committee identified persistent weaknesses across the global banking sector: inadequate due diligence on leveraged counterparties, exposure metrics that failed to capture tail risk, and governance structures that did not keep pace with the complexity of modern derivatives portfolios.
The urgency behind these guidelines traces back to a series of costly failures. The collapse of Archegos Capital Management in 2021 caused over $10 billion in losses across six major banks.
The 2008 financial crisis, triggered in part by the failure of Lehman Brothers, demonstrated how counterparty defaults cascade through an interconnected financial system.
More recently, private equity deal activity in the U.S. surged roughly 50% in the first half of 2025 compared to 2024, creating increasingly complex webs of interconnected exposures that make risk assessment harder than ever.
This guide provides a comprehensive counterparty risk management framework aligned with the BCBS guidelines, the U.S. Federal Reserve’s supervisory guidance, and ISO 31000 principles.
Each section includes practitioner-ready tables covering exposure measurement, limit governance, collateral strategies, and stress testing, plus a 90-day implementation roadmap.
What Is Counterparty Risk?
Counterparty risk, formally counterparty credit risk (CCR), is the risk that a counterparty to a financial transaction defaults before the final settlement of the transaction’s cash flows.
CCR differs from standard loan credit risk in a critical way: the exposure is bilateral. The market value of a derivative or securities financing transaction can be positive or negative to either party, and that value changes as underlying market factors move.
This creates a dynamic, market-sensitive credit exposure that standard credit models were not designed to capture.
The BCBS describes CCR as a multidimensional form of risk, affected by the exposure to a counterparty, the credit quality of the counterparty, and the correlation between these two dimensions.
Constructing an effective CCR management framework requires techniques drawn from credit risk, market risk, operational risk, and liquidity risk disciplines. The table below defines the core terminology.
Counterparty Risk: Core Terminology
| Term | Definition |
| Counterparty Credit Risk (CCR) | The risk that a counterparty defaults before final settlement of a transaction’s cash flows. Creates bilateral exposure that fluctuates with market conditions. |
| Potential Future Exposure (PFE) | The maximum expected exposure at a given confidence level (typically 95% or 99%) at a specific point in the future. Measured using Monte Carlo simulation. |
| Expected Exposure (EE) | The average positive mark-to-market exposure to a counterparty over time. Used as the basis for Expected Positive Exposure (EPE) calculations. |
| Expected Positive Exposure (EPE) | The time-weighted average of EE over the life of the transaction. A key input into regulatory capital calculations. |
| Credit Valuation Adjustment (CVA) | The market-priced cost of counterparty credit risk. Represents the difference between the risk-free portfolio value and the value accounting for default probability. |
| Wrong-Way Risk (WWR) | Occurs when exposure to a counterparty increases as the counterparty’s credit quality deteriorates. Example: buying a CDS from a bank on that same bank’s debt. |
| Netting Agreement | A legal arrangement allowing offsetting of positive and negative exposures with the same counterparty, reducing net exposure. Governed by ISDA Master Agreements. |
| Credit Support Annex (CSA) | An annex to the ISDA Master Agreement that defines collateral posting requirements, thresholds, minimum transfer amounts, and eligible collateral types. |
| Settlement Risk | The risk that one party delivers its obligation (cash or securities) while the counterparty fails to deliver the corresponding obligation. Full notional is at risk. |
| Close-Out Netting | The right to terminate and net all transactions with a defaulting counterparty, calculating a single net payment obligation. |
Why Counterparty Risk Management Matters: Lessons from Failure
The cost of poor counterparty risk management is measured in billions. The table below documents the most significant CCR failures and the specific management weaknesses each exposed.
Major Counterparty Risk Failures and Lessons Learned
| Year | Event | Losses | Root Cause | Lesson for CCR Management |
| 2008 | Lehman Brothers bankruptcy | $46B+ in unsettled CDS contracts | Systemic interconnection; inadequate collateralization; no central clearing for most OTC derivatives | Central clearing reduces bilateral exposure. Collateral must be marked-to-market daily. Netting agreements are essential. |
| 2008 | AIG Credit Default Swaps | $182B U.S. government bailout | AIG sold CDS protection without adequate reserves. Counterparties demanded collateral as AIG’s credit rating fell. | Wrong-way risk must be identified and limited. Collateral triggers tied to credit ratings create liquidity spirals. |
| 2011 | MF Global bankruptcy | $1.6B in customer funds misused | Concentrated sovereign debt positions with excessive leverage. Inadequate segregation of customer assets. | Concentration limits on sovereign counterparties are essential. Asset segregation must be independently verified. |
| 2021 | Archegos Capital Management | $10B+ across six banks | Leveraged total return swaps obscured true exposure. Banks failed to aggregate exposure across prime brokerage desks. | Aggregation of exposure across products and desks is non-negotiable. Leverage through synthetic instruments must be captured in PFE models. |
| 2022 | FTX/Alameda Research | $8B+ in customer deposits | Commingling of customer and proprietary funds. No independent risk management function. Unregulated entity. | Due diligence on unregulated counterparties must be enhanced. Independent risk governance is a baseline requirement. |
Each failure reinforces the same message: counterparty risk accumulates silently through complex structures, correlated exposures, and inadequate governance, then materializes suddenly when market conditions shift.
The BCBS guidelines and U.S. interagency supervisory guidance exist specifically to prevent these patterns from recurring.
The Seven Pillars of Counterparty Risk Management
An effective CCR management framework rests on seven pillars, each aligned to the BCBS guidelines and the U.S. interagency supervisory expectations.
The table below maps each pillar to its regulatory source and the primary deliverables required.
| Pillar | Description | Regulatory Source | Key Deliverables | KRI to Track |
| 1. Governance | Board-approved risk tolerance for CCR. Independent risk function. Clear escalation and exception management. | BCBS D588 Section 3; Fed SR 11-10 | CCR policy. Board risk appetite statement. Governance charter with roles and authorities. | Exceptions to CCR limits as % of total counterparties |
| 2. Due Diligence | Comprehensive onboarding assessment and ongoing monitoring of counterparty credit quality, leverage, and business model. | BCBS D588 Section 4 | Counterparty approval process. Risk-based disclosure framework. Ongoing monitoring schedule. | Counterparties with overdue due diligence reviews |
| 3. Exposure Measurement | PFE, EE, EPE calculation across all products. Aggregation across desks and entities. Wrong-way risk identification. | BCBS D588 Section 5; Basel IV SA-CCR | Exposure reports by counterparty, product, and confidence level. Wrong-way risk register. | PFE utilization vs. limits by counterparty tier |
| 4. Limit Management | Counterparty-level and aggregate CCR limits. Sector, geography, and product concentration limits. Exception governance. | BCBS D588 Section 6 | Limit framework document. Daily limit monitoring reports. Breach escalation protocol. | Number of limit breaches per month; time to resolve |
| 5. Collateral & Margining | CSA negotiation. Eligible collateral definitions. Daily margin calls. Collateral concentration monitoring. Rehypothecation controls. | BCBS D588 Section 7; BCBS-IOSCO margin requirements | Collateral policy. Daily margin call reports. Collateral concentration report. | Uncollateralized exposure as % of total CCR exposure |
| 6. Stress Testing | CCR-specific stress scenarios. Integration with enterprise-wide stress testing. Reverse stress testing for counterparty default scenarios. | BCBS D588 Section 8; Fed CCAR/DFAST | CCR stress testing methodology. Quarterly stress results. Reverse stress test report. | Stressed PFE vs. capital buffers at P99 |
| 7. Close-Out Preparedness | Pre-defined close-out procedures. Legal enforceability of netting agreements. Operational readiness to manage a counterparty default event. | BCBS D588 Section 9 | Close-out playbook. Legal opinion inventory on netting enforceability. Default management drill. | Time to execute close-out netting in simulation (target: <48 hours) |
Measuring Counterparty Exposure: PFE, EE, and CVA
Accurate exposure measurement is the technical core of counterparty risk management. Three metrics work together: Potential Future Exposure (PFE) captures the tail risk at a high confidence level; Expected Exposure (EE) captures the average exposure over time; and Credit Valuation Adjustment (CVA) prices the cost of counterparty credit risk into derivative valuations. Monte Carlo simulation underpins all three calculations.
Exposure Metric Comparison
| Metric | What to Measure | How to Calculate | When to Use |
| Potential Future Exposure (PFE) | Maximum expected exposure at 95% or 99% confidence at a future time horizon | Run 5,000-10,000 Monte Carlo simulations of market risk factors. At each time step, calculate the mark-to-market of all transactions with the counterparty. PFE is the 95th or 99th percentile of the exposure distribution. | Setting counterparty credit limits. Monitoring against risk appetite. Regulatory reporting under SA-CCR. |
| Expected Exposure (EE) | Average positive mark-to-market exposure at each future time step | From the same Monte Carlo simulation, calculate the mean of positive exposures at each time step. EE captures the average case, not the tail. | Calculating Expected Positive Exposure (EPE) for regulatory capital. Pricing CVA. Portfolio-level exposure aggregation. |
| Credit Valuation Adjustment (CVA) | The market-priced cost of counterparty default risk on a derivative portfolio | CVA = sum over time of [Discount Factor x Change in Default Probability x Expected Exposure at each time step x Loss Given Default]. Requires both exposure simulation and counterparty credit curve. | Pricing derivatives. P&L reporting. Regulatory capital (SA-CVA under Basel IV). Hedge effectiveness testing. |
| Debt Valuation Adjustment (DVA) | The value of the institution’s own default risk to the counterparty (mirror of CVA) | Same methodology as CVA but using the institution’s own credit curve instead of the counterparty’s. | Symmetric P&L reporting. IFRS 13 fair value measurement. Not recognized for regulatory capital. |
Under Basel IV, the standardized approach to counterparty credit risk (SA-CCR) replaces the older Current Exposure Method (CEM) and Standardised Method (SM).
SA-CCR produces more risk-sensitive exposure calculations by incorporating netting, collateral, and asset class-specific add-on factors.
The exposure at default (EAD) under SA-CCR feeds directly into risk-weighted asset (RWA) calculations and the leverage ratio. Organizations using the risk management lifecycle should integrate CCR exposure measurement into the analysis and evaluation stages.
Collateral, Netting, and Risk Mitigation Strategies
Counterparty risk mitigation starts with structural protections: netting agreements reduce gross exposure to net exposure; collateral agreements (CSAs) require counterparties to post margin against negative mark-to-market positions; and central clearing through CCPs mutualizes default risk.
The table below maps each mitigation technique to the risk dimension the technique addresses.
CCR Mitigation Techniques
| Technique | How the Technique Reduces CCR | Key Implementation Requirement | Residual Risk to Monitor |
| Close-Out Netting | Reduces gross exposure to a single net amount across all transactions with a counterparty under a master agreement. | Legally enforceable ISDA Master Agreement with netting provisions. Legal opinions confirming enforceability in each relevant jurisdiction. | Enforceability risk in emerging market jurisdictions. Potential delays in close-out valuation during market stress. |
| Variation Margin (VM) | Requires daily or intraday posting of collateral to cover current mark-to-market exposure, reducing the uncollateralized gap. | CSA with daily margin calls. Eligible collateral definitions. Operational capacity to process daily calls. | Liquidity risk from margin calls during market stress. Collateral disputes delaying settlement. |
| Initial Margin (IM) | Provides a buffer against potential future exposure between the last margin call and counterparty default (margin period of risk). | Regulatory IM requirements under BCBS-IOSCO. ISDA SIMM model or grid/schedule approach. Custodial arrangements for segregated IM. | Model risk in IM calculations. Procyclicality of margin requirements during volatile markets. |
| Central Clearing (CCP) | Replaces bilateral counterparty exposure with exposure to a central counterparty, which mutualizes default losses through a default waterfall. | Clearing membership or client clearing arrangement. Compliance with CCP margin and default fund contributions. | CCP concentration risk. Default fund loss allocation. Porting risk if clearing member defaults. |
| Credit Limits | Caps the maximum exposure to any single counterparty or group of connected counterparties. | Limit framework approved by board. Daily monitoring against limits. Exception governance and escalation. | Limit breaches during volatile markets. Delayed detection if monitoring is not real-time. |
| Credit Derivatives (CDS) | Transfers counterparty default risk to a protection seller. Reduces credit exposure but introduces basis risk and new counterparty risk to the protection seller. | ISDA confirmation. Assessment of protection seller credit quality. Basis risk monitoring. | Wrong-way risk if protection seller is correlated with reference entity. Basis between CDS spread and actual default. |
The risk treatment options for counterparty risk map directly to ISO 31000’s framework: avoid (decline to trade with high-risk counterparties), reduce (collateralize and net exposures), transfer (use CDS or clear through a CCP), and accept (retain exposure within approved limits and hold appropriate capital).
The choice of treatment should reflect the organization’s risk appetite statement and the specific risk-return profile of each counterparty relationship.
Stress Testing Counterparty Credit Risk
The BCBS guidelines and the ECB’s 2025 counterparty credit risk exploratory scenario exercise both require banks to maintain comprehensive stress testing frameworks.
CCR stress testing differs from standard credit stress testing because exposures change with market conditions, meaning the stress scenario must shock both the market risk factors that drive exposure and the credit quality of counterparties simultaneously.
CCR Stress Testing Scenarios
| Scenario Type | Description | What to Measure |
| Historical Replay | Replay past crisis events (2008 Lehman, 2020 COVID, 2021 Archegos) on the current portfolio. Apply historical market factor shocks and counterparty downgrades. | Stressed PFE and CVA losses. Counterparties that breach limits under stress. Collateral shortfalls. |
| Hypothetical Adverse | Design forward-looking scenarios: interest rate shock + credit spread widening + equity decline + commodity spike. Calibrate severity to 1-in-25-year or 1-in-100-year events. | Impact on total CCR capital requirement. Counterparties moving from investment-grade to sub-investment-grade. Margin call capacity. |
| Wrong-Way Risk | Stress scenarios where exposure and counterparty credit quality deteriorate simultaneously. Example: energy company counterparty defaults as oil prices collapse, increasing derivatives exposure. | Identification of specific wrong-way risk positions. Quantification of additional losses beyond standard PFE. |
| Reverse Stress Test | Start from a defined loss threshold (e.g., $500M CCR loss) and work backward to identify which combination of counterparty defaults and market moves would produce that loss. | Critical vulnerability points. Concentration risks that are invisible under normal conditions. Required mitigating actions. |
| Counterparty Default Simulation | Simulate the default of the institution’s top 5 counterparties (one at a time and simultaneously). Model close-out process, collateral liquidation, and replacement cost. | Time and cost to close out. Adequacy of collateral. Operational readiness of default management procedures. |
Stress test results should feed directly into limit reviews, collateral policy adjustments, and capital planning.
The scenario analysis and stress testing framework at the enterprise level should incorporate CCR stress results alongside market risk, credit risk, and operational risk scenarios.
Key risk indicators derived from stress testing, such as stressed PFE versus available capital buffers, provide early warning signals to the risk committee.
Regulatory Landscape: BCBS, Basel IV, and Beyond
The regulatory environment for counterparty risk management has tightened significantly since 2008.
The BCBS finalized its CCR management guidelines in 2024, and Basel IV implementation is reshaping capital calculations for derivatives exposures.
The table below summarizes the key regulatory requirements and their impact on CCR management.
| Regulation / Guidance | Key CCR Requirements | Impact on Risk Management |
| BCBS D588 (2024): CCR Management Guidelines | Comprehensive due diligence. Wide variety of exposure metrics. Strong governance. Replaced the 1999 framework. | Banks must demonstrate robust CCR governance, independent risk functions, and comprehensive monitoring. Supervisors will assess implementation on an ongoing basis. |
| Basel IV SA-CCR | Standardized approach replacing CEM and SM. Incorporates netting, collateral, and asset-class-specific add-ons. | More risk-sensitive EAD calculations. Feeds into leverage ratio and RWA. Increases operational demands on data infrastructure. |
| Basel IV SA-CVA | Standardized CVA capital charge. Two approaches: basic (BA-CVA) and standardized (SA-CVA). | Banks must calculate CVA capital charges on all derivatives exposures. Directly affects profitability of uncollateralized derivatives. |
| BCBS-IOSCO Margin Requirements | Mandatory exchange of initial and variation margin for non-centrally cleared derivatives. | Increases collateral demands. Requires custodial arrangements for segregated IM. Phase-in completed for all covered entities. |
| U.S. Interagency Guidance (Fed, OCC, FDIC) | Sound practices for CCR management. Specific expectations for governance, limits, stress testing, and close-out preparedness. | Banks must demonstrate compliance during supervisory examinations. Archegos-related guidance added explicit expectations on leveraged counterparties. |
| EU EMIR / DORA | Central clearing obligations. Reporting requirements. Digital operational resilience for CCPs (DORA effective January 2026). | European entities must clear eligible derivatives. CCP resilience and recovery requirements expanding under DORA oversight framework. |
Organizations building or refreshing their CCR framework should use the BCBS D588 guidelines as the primary reference document.
The guidelines are broadly applicable to all banks with CCR exposures, regardless of size. Enterprise risk management frameworks should integrate CCR as a distinct risk category within the overall risk taxonomy, with dedicated KRIs and reporting lines.
Implementation Roadmap
| Phase | Actions | Deliverables | Success Metrics |
| Days 1-30: Foundation | Establish CCR governance: appoint a CCR risk owner, define board risk appetite for CCR, draft the CCR policy document. Inventory all counterparty exposures across products (derivatives, SFTs, deposits, FX). Classify counterparties by tier (systemic, major, standard, occasional). | CCR policy (draft). Counterparty inventory with tier classifications. Gap analysis against BCBS D588 requirements. | CCR policy approved by risk committee. 100% of derivatives counterparties inventoried. Gap analysis completed and prioritized. |
| Days 31-60: Build | Implement PFE and EE calculations for top-tier counterparties (initially using simplified approaches if Monte Carlo is not yet available). Establish counterparty credit limits by tier. Negotiate or review ISDA/CSA agreements with top 20 counterparties. Design the CCR stress testing methodology. | PFE reports for top-tier counterparties. Limit framework with breach escalation protocol. ISDA/CSA review tracker. Stress testing methodology document. | PFE calculations operational for top 10 counterparties. Limits set and monitored daily. Stress testing methodology approved by CRO. |
| Days 61-90: Operationalize | Run the first CCR stress test (historical replay of 2021 Archegos scenario). Launch monthly CCR reporting to the risk committee. Integrate CCR exposure data into the enterprise risk dashboard. Conduct a tabletop exercise simulating a top-3 counterparty default. Plan full Monte Carlo implementation for the next quarter. | First stress test report. Monthly CCR report template (operational). Enterprise risk dashboard with CCR exposure. Tabletop exercise report with lessons learned. Monte Carlo implementation roadmap. | Stress test completed and reviewed by risk committee. Monthly CCR report delivered on schedule. At least one corrective action from tabletop exercise implemented. Monte Carlo rollout timeline approved. |
Common Pitfalls and How to Avoid Them
| Pitfall | Root Cause | Remedy |
| Exposure measured at the desk level but not aggregated across the institution | Different desks (prime brokerage, OTC derivatives, repo) use separate systems with no consolidated view | Build a single counterparty exposure aggregation layer. Map all legal entities to a parent counterparty. Aggregate PFE across all products daily. |
| Due diligence stops at onboarding | The counterparty approval process is treated as a one-time gate rather than an ongoing obligation | Implement tiered review schedules: annual for standard counterparties, semi-annual for major, quarterly for systemic or highly leveraged counterparties. |
| Limits set but not actively monitored or enforced | Limits exist in policy documents but are not connected to real-time exposure feeds | Connect limit monitoring to the trade booking system. Automate pre-trade limit checks. Escalate breaches to the CRO within 24 hours. |
| Wrong-way risk is unidentified | The exposure model treats counterparty credit quality and exposure as independent variables | Screen the portfolio explicitly for positions where exposure increases as counterparty credit deteriorates. Flag and limit specific wrong-way risk positions. |
| Close-out procedures exist only on paper | The default management playbook has never been tested | Conduct an annual default management drill. Test legal enforceability of netting in each jurisdiction. Validate operational capacity to close out positions within 48 hours. |
| CVA calculated for accounting but not used for risk management | CVA sits in the finance function and is not integrated into CCR limits, pricing, or portfolio decisions | Use CVA as a risk management input. Incorporate CVA into counterparty profitability analysis. Set CVA-based limits alongside PFE limits. |
Looking Ahead: CCR Management Trends 2025-2027
Basel IV implementation continues to reshape CCR capital requirements. The standardized approach (SA-CCR) is now the baseline, and banks that relied on internal models face higher floors.
The ECB’s 2025 counterparty credit risk exploratory scenario exercise revealed that most banks do not apply specific risk limits or stress-testing frameworks tailored to non-bank financial intermediaries (NBFIs), even though the highest concentration of sub-investment-grade counterparties sits in hedge funds and private equity. Expect supervisors to close this gap in 2026-2027.
AI is entering CCR management through counterparty credit monitoring, early warning systems, and automated exposure reporting.
However, 26% of CROs in the 2026 ProSight survey said their risk management framework is too immature to govern AI properly, suggesting that AI adoption in CCR will be gradual and heavily supervised. AI risk assessment frameworks will need to extend to cover AI models used in counterparty credit scoring and exposure calculation.
Operational resilience requirements are expanding to cover central counterparties. The EU’s DORA framework launched its critical third-party provider oversight in January 2026, and the Bank of England is setting out CCP resolvability assessments.
Organizations that rely on central clearing must now assess not just their bilateral counterparty risk but also the resilience of the clearing infrastructure itself. Business continuity management programs should include CCP default or disruption scenarios, especially given the systemic importance of a small number of global clearing houses.
The organizations that will manage counterparty risk most effectively in the years ahead are those that treat CCR not as a compliance exercise but as a strategic risk management capability.
The BCBS guidelines provide the floor. Building above that floor, with integrated exposure aggregation, dynamic stress testing, and real-time limit monitoring, creates a genuine competitive advantage in financial markets where trust and transparency determine who gets to trade.
Ready to strengthen your counterparty risk management framework? Visit riskpublishing.com to access risk registers, risk assessment templates, and enterprise risk management guides. Need a tailored CCR framework? Contact our consulting team to design a counterparty risk program aligned with BCBS guidelines and your organization’s risk appetite.
References
1. BCBS D588: Guidelines for Counterparty Credit Risk Management — Basel Committee on Banking Supervision, 2024
2. Interagency Supervisory Guidance on Counterparty Credit Risk Management — Federal Reserve, OCC, FDIC
3. Federal Reserve: Supervisory Guidance on Credit Risk Management — Board of Governors of the Federal Reserve System
4. ISO 31000:2018 Risk Management Guidelines — International Organization for Standardization
5. Managing Counterparty Credit Risk: Best Practices for Banks in 2026 — Credit Benchmark
6. BCBS Publishes Counterparty Credit Risk Guidelines — Moody’s Regulatory News, 2025
7. ECB Counterparty Credit Risk Exploratory Scenario Exercise — European Central Bank, 2025
8. Setting Up an Effective Counterparty Risk Management Framework — Zanders Group
9. Counterparty Risk Management Policy — Norges Bank Investment Management
10. Prudential Regulation in 2026 — Allen Overy Shearman Sterling
11. COSO Enterprise Risk Management Framework — Committee of Sponsoring Organizations
12. 2026 ProSight CRO Outlook Survey — ProSight Financial Association / Oliver Wyman
13. The Future of Risk: How Global Trends Are Reshaping Risk Management — McKinsey & Company, 2025 14. NIST Cybersecurity Framework 2.0 — National Institu
Chris Ekai is a Risk Management expert with over 10 years of experience in the field. He has a Master’s(MSc) degree in Risk Management from University of Portsmouth and is a CPA and Finance professional. He currently works as a Content Manager at Risk Publishing, writing about Enterprise Risk Management, Business Continuity Management and Project Management.