person holding white printer paper

SUNANDO ROY – On Banking, Finance and Society

Managing Emerging Risks – OECD’s Emerging Critical Risks Framework

Written by:

Sunandoroy

Governing the unknown requires a fundamental shift from episodic crisis response to a continuous discipline of anticipatory risk governance that treats emerging, systemic, and even existential threats as part of the ordinary business of the state rather than as statistical outliers. The OECD’s Framework on the Management of Emerging Critical Risks operationalises this shift through a seven‑step, repeatable process that embeds emerging risks into strategy, institutions, and budgets, aligning directly with the 2014 Recommendation on the Governance of Critical Risks. For financial and public governance leaders, this offers a concrete architecture for integrating foresight, mapping, and stress‑testing of institutional capacity under conditions of radical uncertainty, rather than relying solely on backward‑looking models and conventional probability‑impact tools.

New Risk Landscape

Emerging critical risks are defined as either new risks or familiar risks evolving under unfamiliar conditions that meet the OECD’s “critical” test: strategically significant because of their likelihood and the national significance of their disruptive consequences. These risks tend to be transboundary, highly uncertain, and systemic, often cutting across climate, technology, geopolitics, social cohesion, and core infrastructure in ways that challenge existing mandates and silos.

Key characteristics include:

  • Expanding risks: familiar hazards (e.g. wildfires, heatwaves) that grow in frequency and scale, straining even otherwise sound management capabilities.

  • Evolving risks: familiar risks whose nature or propagation changes, rendering historic tools increasingly inadequate and demanding new strategies.

  • Novel risks: unprecedented or previously uncontemplated threats, often driven by rapid technological, climatic, or geopolitical shifts, with limited analogue data and deep uncertainty.

  • Unquantifiability and outlier status: lack of historical data makes frequency‑based probability estimates unreliable, turning “weak signals” and outliers into primary diagnostic inputs rather than statistical noise.

For finance ministries, regulators, and central banks, emerging critical risks translate into correlated shocks to balance sheets, collateral values, payment systems, and sovereign funding conditions that may not appear in standard risk registers until they are already systemic.

From crisis response to anticipatory governance

The OECD’s 2014 Recommendation framed critical risk governance as an all‑hazards, transboundary, whole‑of‑society challenge, calling for foresight analysis, national risk assessments, and robust crisis management capabilities. The emerging critical risks framework extends this by explicitly focusing on radical uncertainty, structural change, and the transition from hypothetical futures to operational realities.

Three conceptual moves are central:

  • Normalising the unknown: emerging and even existential risks are treated as a standing governance problem, not as “black swans” to be managed only ex post.

  • Coupling foresight with institutional diagnostics: mapping exercises and foresight work are used as much to surface gaps in knowledge, responsibility, authority, and capability as to list threats.

  • Treating lack of consensus as signal: divergent expert views on, for example, cyber threats, hybrid conflict, or AI‑enabled disinformation are read as evidence of knowledge gaps and contested assumptions that governance must address explicitly, not as a failure of analysis.

The OECD’s pilot mapping of emerging critical risks, conducted with 30 officials from 20 countries, illustrates this: participants surfaced climate‑driven displacement, disinformation and social polarisation, energy vulnerability with financial destabilisation, and hybrid threats, but also revealed low confidence and capacity in areas such as cyber‑enabled attacks and complex supply‑chain disruptions. This points to a governance agenda grounded in learning, iteration, and the politics of prioritisation.

The seven‑step framework at a glance

The framework sets out a seven‑step process designed to be repeatable and adaptable, with the explicit aim of transitioning emerging critical risks either into well‑governed “critical risks” or out of the risk portfolio altogether.

Overview of the seven steps

  • Step 1 – Identify emerging critical risks:
    Governments conduct horizon scanning and strategic foresight to construct plausible future operating environments over 5–15 years, then identify risks and trends that could significantly alter risk management requirements.
    The process distinguishes expanding, evolving, and novel risks and triages which ones require deeper analysis versus those that can be handled by existing processes.

  • Step 2 – Assess and share information:
    A common methodology is applied to characterise each risk, define conditions for emergence, estimate potential impacts and systemic effects, and assess confidence in the analysis.
    Assessments are shared across government and, where appropriate, with private sector and international partners to build a shared understanding and enable collective defence.

  • Step 3 – Assess management maturity and gap areas:
    For priority risks, authorities examine four pillars of management maturity: knowledge, responsibility, legal/administrative authorities, and capabilities.
    Gaps are identified collaboratively with stakeholders, recognising that emerging risks often fall between existing mandates or require new cross‑border and cross‑sectoral arrangements.

  • Step 4 – Develop and prioritise recommendations:
    Recommendations are crafted to manage both specific risks and the underlying uncertainty, using a mix of risk‑specific controls, all‑hazards vulnerability reduction, incident response strengthening, and recovery capacity.
    Options are prioritised by importance, effectiveness, timeliness, feasibility, and—where relevant—the possibility that a risk may become existential in scale.

  • Step 5 – Emerging risk exercise series:
    Table‑top and scenario exercises are used to test how risks might look at different points on the emergence continuum (pre‑emergence, emerging, emerged), validating gap analyses and proposed interventions.
    After‑action reviews generate lessons and refine recommendations, feeding back into strategy and capability development.

  • Step 6 – Develop flexible and adaptable strategic plans:
    Recommendations are sequenced across time or trigger events—e.g. early‑stage research and regulatory design versus later‑stage preparedness and response planning once emergence is likely.
    Plans clarify evolving responsibilities across scientific bodies, regulators, emergency services, and international actors, and are treated as living documents to be updated as futures become clearer.

  • Step 7 – Implement recommendations:
    Priority actions are integrated into existing policy, regulatory, and budgetary cycles, rather than managed through a separate “emerging risk” silo.
    A single, unified risk governance process is emphasised, capable of handling both legacy and emerging critical risks while institutionalising lessons from each iteration.

Annex table: Seven steps and governance focus

Framework step Core governance question Primary tools / practices Typical finance & public governance implications
1. Identify emerging critical risks What futures and risk conditions could fundamentally change our operating environment? Horizon scanning, strategic foresight, scenarios, expert panels Foresight units in MoF/central agencies; integration of emerging risk narratives into medium‑term fiscal frameworks
2. Assess and share information What do we know, how might risks emerge, and how confident are we? Common risk templates, evidence reviews, cross‑government sharing, international cooperation Shared taxonomies for emerging risks; mechanisms for structured information‑sharing with financial regulators and market infrastructures
3. Assess management maturity & gaps Where are knowledge, responsibility, authority, and capability misaligned with the emerging risk profile? Maturity assessments, mapping of mandates, legal reviews, capacity diagnostics Clarification of who leads on cross‑cutting financial stability threats; identification of capital, liquidity, and resolution capacity gaps under new stress channels
4. Develop & prioritise recommendations Which options best manage both specific risks and deep uncertainty? Policy option analysis, stress‑testing, portfolio approach to risk controls and resilience investments Design of prudential, macro‑prudential, and market‑conduct measures that address shared vulnerabilities (e.g. cyber, climate, data concentration)
5. Emerging risk exercise series How will institutions actually behave when risks cross key tipping points? Table‑top and simulation exercises, hot‑wash, after‑action reports System‑wide crisis simulations incorporating new channels (e.g. AI‑driven runs, climate‑conflict shocks), feeding into supervisory expectations and contingency plans
6. Flexible & adaptable strategic plans How do roles, priorities, and investments need to evolve over time or events? Time‑phased or trigger‑based planning, adaptive pathways, periodic review Phased investment roadmaps (e.g. data, modelling, supervisory skills) and clear triggers for tightening or relaxing financial safeguards
7. Implement recommendations How are emerging risk priorities embedded in ordinary policy and budget processes? Integration into national risk assessments, budget cycles, regulatory agendas, performance frameworks Budget lines and regulatory programmes that institutionalise emerging risk management across central banks, supervisors, and line ministries

Mapping emerging risks: weak signals as governance assets

The OECD’s pilot mapping exercise illustrates how emerging critical risks are perceived and contested across jurisdictions, and why mapping is as much about institutions as it is about hazards. Participants strongly converged on socio‑environmental risks—extreme heatwaves, water scarcity, forest fires, climate‑driven displacement, and food system disruption—but also elevated disinformation, social polarisation, strategic tensions, and hybrid threats.

Important patterns for governance emerge:

  • High impact / high probability, low confidence risks—such as disinformation, social polarisation, extreme heat, and energy‑financial vulnerabilities—signal priority areas where capacity and knowledge are lagging relative to perceived threat.

  • Absences in the shortlist (e.g. biodiversity loss, antimicrobial resistance, transformative AI, cyberwar, and digital rights) vis‑à‑vis other global studies indicate where institutional attention and expertise may be underdeveloped.

  • Survey‑based approaches risk bias towards known risks and suppression of weak signals, creating a “false finish line” where authorities believe the mapping is complete; data‑ and AI‑driven methods add power but bring their own limitations, including over‑reliance on past data and a misleading sense of objectivity.

For public finance and financial‑sector governance, this suggests a need to:

  • Treat divergent expert views and low‑confidence assessments as prompts for targeted research, supervisory dialogue, and experimental regulation.

  • Build diversified mapping systems that combine perception surveys, big‑data analytics, modelling, and AI‑enabled synthesis, while governing AI as a complement to—not a replacement for—human judgment.

Why implementation is the real test

Conceptually, the framework is robust: it defines emerging critical risks, links them to an existing recommendation, and offers a disciplined process for anticipation, prioritisation, and integration. Its credibility, however, depends on how states reconcile its ambition with real‑world political economy, institutional fragmentation, and competing fiscal demands.

Several fault lines are already visible:

  • Practice vs. ambition: many case studies lauded as exemplars still reflect sophisticated versions of conventional risk management, rather than governance genuinely designed for structural uncertainty and existential stakes.

  • Politics of “maturity”: maturity assessments risk becoming checklists that legitimise existing institutions and narratives, rather than probing misaligned mandates, under‑resourced regulators, or contested legitimacy in areas such as AI, climate justice, or information ecosystems.

  • Resource and attention constraints: emerging risks compete with immediate social and economic pressures, making it tempting to treat the framework as an optional overlay rather than an organising logic for budgets, regulation, and international cooperation.

For policymakers, regulators, and financial sector leaders, using the OECD framework as a “living architecture” means:

  • Stress‑testing it against real institutional fragilities, legal gaps, and funding constraints, including in financial stability frameworks and supervisory regimes.

  • Embedding foresight, emerging risk mapping, and management maturity assessments into statutory processes—national risk assessments, central bank mandates, fiscal risk statements, and macro‑prudential strategies—rather than as ad hoc projects.

  • Accepting that governing the unknown is political: choices about which risks count as “critical,” whose futures are protected, and how much uncertainty societies are willing to bear are inherently normative and distributive.

In that sense, the OECD’s emerging critical risks framework matters not only because it improves technical management, but because it offers a structured way to negotiate authority, accountability, and responsibility in an era where the most consequential risks are those we can neither fully quantify nor fully control.

References

  1. https://www.oecd.org/en/publications/framework-on-management-of-emerging-critical-risks_2f2eddd8-en.html
  2. https://www.oecd.org/content/dam/oecd/en/publications/reports/2024/06/framework-on-management-of-emerging-critical-risks_7924458a/2f2eddd8-en.pdf
  3. https://eird.org/pr14/cd/documentos/espanol/Publicacionesrelevantes/Gobernanza/OECD-Rec-Governance-CriticalRisks.pdf
  4. https://www.oecd.org/content/dam/oecd/en/publications/reports/2024/12/mapping-emerging-critical-risks_364fd5b7/eb642ada-en.pdf
  5. https://ideas.repec.org/p/oec/govaaa/78-en.html
  6. https://ideas.repec.org/p/oec/govaaa/79-en.html
  7. https://books.google.com/books/about/Managing_Emerging_Critical_Risks.html?id=g2il0QEACAAJ
  8. https://polycrisis.org/resource/framework-on-management-of-emerging-critical-risks/
  9. https://www.linkedin.com/posts/aarathikrishnan_managing-emerging-critical-risks-activity-7344017918218674177-VQ7A
  10. https://www.scribd.com/document/758637894/2f2eddd8-en
  11. https://katalog.bibliothek.kit.edu/bib/1431129
  12. https://www.linkedin.com/in/aarathikrishnan
  13. https://www.linkedin.com/posts/aarathikrishnan_2025-was-hard-were-ending-it-with-momentum-activity-7408202447799713793-zWTb
  14. https://www.linkedin.com/posts/stuartbasefsky_framework-on-management-of-emerging-critical-activity-7209166363582500864-G0qN
  15. https://www.marshmclennan.com/assets/insights/publications/2018/dec/emerging-risk/Assessing-Global-Progress-in-the-Governance-of-Critical-Risk/Content%20PDF%20-%20Assessing%20global%20progress%20in%20the%20governance%20of%20critical%20risks.pdf
  16. https://www.linkedin.com/pulse/when-institutions-fail-quietly-unpriced-risk-capital-krishnan–cehxe
  17. https://reform-support.ec.europa.eu/document/download/7164a760-298f-426b-b31d-16104f350add_cs?filename=Day+2+-+TSI+project+on+risk+management+and+resilience.pdf
  18. https://giaccentre.org/chess_info/uploads/2019/10/OECD.RISKAWARENESSTOOL.WEAKGOVERNANCEZONES.pdf
  19. https://www.linkedin.com/posts/aarathikrishnan_not-doing-the-achievements-of-2025-post-activity-7412168771961847808-GRMt
  20. https://www.dubaifuture.ae/speakers-forum/aarathi-krishnan-2/

Discover more from SUNANDO ROY – On Banking, Finance and Society

Subscribe to get the latest posts sent to your email.

Leave a Reply

Latest Articles

Previous:
Next: