Skip to main content
search

Visionary Voices

Finding Your Risk
Threshold

Finding Your Risk Threshold in a World of Uncertainty

Richard Toledo
Director
Financial Services & Risk

In our latest Visionary Voices  conversation, we sat down with Richard Toledo, a leader in our Financial Services Practice, to explore how financial institutions are managing risk in an era of unprecedented regulatory uncertainty. It’s all about finding your core when the rules keep changing—and discovering what the data is really telling you.

Here’s what stood out most:

Civil Suits Are Now Exceeding Regulatory Enforcement Payouts

Richard has been tracking a fascinating trend: “In the past three or four years, the payouts related to civil suits are now exceeding or on par with the payouts related to enforcement actions.” This shift fundamentally changes the risk landscape for financial institutions. While regulatory enforcement may be softening, customer litigation remains a significant threat that risk officers can’t ignore. “If you look at consumer protection, in 2023 for every $1 in regulatory fines financial institutions paid about $2.33 in civil lawsuits. And in 2024 the ratio was roughly 50-50.”

The implications are profound. As Richard notes, even when regulators say they’re not enforcing certain rules, banks still face the question: “What if we get sued? Which happens a lot.” This uncertainty creates a complex decision matrix for risk professionals who must navigate between regulatory relief and litigation exposure.

You're sort of straddling two very different worlds right now, right? One in which there's massive deregulation and one in which things are getting much, much, more challenging.

The International Dichotomy Creates Impossible Choices for Global Banks.

For institutions operating internationally, 2025 presents an unprecedented challenge. While the U.S. moves toward deregulation, “the regulations in Europe are getting far, far, far more stringent.” This includes initiatives like the European Commission’s proposed Financial Data Access Regulation (FiDA), the EU AI Act and other regulatory frameworks that are tightening rather than loosening.

Richard paints a striking picture: “You’re sort of straddling two very different worlds right now, right? One in which there’s massive deregulation and one in which things are getting much, much, more challenging.” For global financial institutions, this creates operational complexity that demands sophisticated risk management strategies.

“Hong Kong is still on the bleeding edge. Singapore is still on the bleeding edge. Europe is still following them.” In 2018 for instance, the Monetary Authority of Singapore released Principles to Promote Fairness, Ethics, Accountability and Transparency (FEAT) in the Use of Artificial Intelligence and Data Analytics. Three years later US regulators released a RFI on banks’ use of AI. This was meant to lay the groundwork for future rule-making that is still pending.

This regulatory leadership from Asia-Pacific markets provides a glimpse into the future. As Richard observes, “It begins with the Hong Kong or Singapore and makes its way to Europe and then it would typically make its way to the US.” The current U.S. divergence from this pattern may not be sustainable.

Forget the rules, forget the regs. Do you have the right thresholds set across all of your risk stripes?

When the Rules Are Uncertain, Go Back to Your Core: Risk Appetite

In this environment of regulatory confusion, Richard advocates focusing on fundamentals: “Forget the rules, forget the regs. Do you have the right thresholds set across all of your risk stripes? And are you confident that the risk data feeding your risk appetite is comprehensive, accurate, timely?”

A risk appetite isn’t just a single metric—it’s an entire framework encompassing market risk, liquidity risk, interest rate risk, operational risk, strategic and compliance risk. As Richard explains, “There are thresholds that are established by the executive team, approved by the board, and those thresholds cannot be breached.” Creating and maintaining this framework “takes months” and requires “a small army of people,” but it serves as the foundation for all risk decisions.

As we look ahead, the risk management landscape will be defined by three key realities:

1

Regulatory Uncertainty Management: Institutions must develop frameworks that can operate effectively regardless of which way regulatory winds blow, focusing on core risk principles rather than specific compliance requirements.

2

Global-Local Balance: International institutions need sophisticated approaches to manage the growing divergence between regional regulatory requirements while maintaining operational efficiency.

3

Data-Driven Decision Making: The most successful institutions will be those that challenge conventional wisdom with rigorous data analysis, even when it contradicts regulatory assumptions.

The Bottom Line

The financial services industry isn’t just adapting to change—it’s learning to thrive in permanent uncertainty, where the only constant is regulatory flux.

If you’re navigating these complex waters and need a partner who understands both the regulatory landscape and the data beneath it—let’s talk.

Visionary Voices is a segment of RGP’s LinkedIn newsletter, Mindshift. Each month we highlight a unique futurist who challenges us to think differently and to drive innovation. Mindshift also contains valuable research and curated content.

MINDSHIFT: RGP'S LinkedIn Newsletter

MINDSHIFT: RGP'S LinkedIn Newsletter

Subscribe Now for Bold New Perspectives
Insights

Insights

How Savvy Risk Management Can Build a More Resilient Supply Chain
Insights

Insights

Why a Proactive Risk Culture Is Mission-Critical for Financial Services Firms
Virtual Webinar

Virtual Webinar

Register Today for Navigating Risk in the Age of AI

Resources Global Professionals

Let's Talk
Privacy Preference Center
RGP logo

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change your default settings.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Functional Cookies

These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.