By now it should be clear: the way most banks identify and manage risk is fundamentally broken.

McKinsey’s “Risk: Seeing Around the Corners” was published more than a decade ago, yet its warnings remain as unheeded as they are prescient. Banks continue to rely on risk frameworks that are narrow in scope, blind to second-order effects, and largely incapable of coping with the complexity of modern operating environments.

What McKinsey rightly pointed out—and what many financial institutions still fail to grasp—is that the most damaging risks are not the obvious ones. They are the indirect, cascading risks that flow through global value chains, third-party dependencies, and fragile financial linkages.

These are the very risks that traditional accounting, and by extension traditional enterprise risk management (ERM), fails to quantify, as discussed in ACCA’s “Risk Cultures in Banking: Where Next?”, released one year on from the collapses of Credit Suisse and Silicon Valley Bank.

The Flaw at the Heart of Financial Risk Management

Let’s be clear. Risk exposure is not a footnote. It is not a narrative disclosure buried in the back of a financial report. If an organisation accepts a risk, it also accepts the probability of a loss. And yet, no accounting standard currently mandates the measurement and recognition of expected losses tied to non-financial risk exposures.

The result is an illusion of profitability. Institutions appear healthy on paper—until they’re probably not.

Silicon Valley Bank reported a $2.2 billion pre-tax profit in 2022. Weeks later, it collapsed. What wasn’t accounted for? A massive build-up of risk in its deposit base and asset concentration—risks that were accepted, unmeasured, and therefore unmanaged.

The Case for Risk Accounting

Risk Accounting addresses this fatal blind spot. It is more than just a new layer of oversight - it is a new foundation.

Using a standardised metric called the Risk Unit (RU), Risk Accounting quantifies an organisation’s residual exposure to non-financial risks—by business unit, product line, geography, or risk type. These are not qualitative estimates or maturity ratings. They are measured values grounded in structured self-assessments and calibrated against organizational thresholds.

This approach enables management to:

• Monitor the accumulation of risk in real-time.
• Track proximity to risk appetite limits.
• Quantify the expected losses embedded in accepted risks.
• Link exposure directly to risk-adjusted profitability.

This is a far cry from the static, narrative-driven risk reports of today. It is a dynamic, accountable system of risk intelligence—fully auditable and operationally integrated.

Why It Matters Now

We are operating in a world defined by systemic fragility. Climate volatility, geopolitical instability, regulatory escalation, digital dependencies—all of it compounds.

The ability to see around the corners is not a strategic advantage anymore. It is a regulatory and fiduciary imperative. And it cannot be achieved through qualitative dashboards or backward-looking disclosures.

If banks are to maintain their clients' trust, preserve capital, and justify their returns, they must move beyond rhetoric and embrace the quantification of risk as an essential part of their accounting function.

Replacing Risk Narratives with Risk Discipline

The notion that accepted risks can remain off-balance sheet, unmeasured and un-auditable, is no longer tenable.

Risk Accounting provides the mechanism to bring discipline, transparency, and accountability to the way banks report and manage exposure. It restores integrity to the numbers. And it ensures that the next shock, whatever form it takes, is met not with surprise—but with preparedness.

Because resilience is not a matter of good fortune. It is a function of good accounting.