'If you define risk as the uncertainty of outcome, AI is that very definition,' says CRO at La Caisse
Across asset management and global institutions, chief risk officers (CROs) are recalibrating what it means to manage risk in a world where AI is evolving faster than regulation, geopolitics can shift overnight, and economic indicators are increasingly contradictory.
Stress testing, notably, once a compliance exercise, has moved to the frontlines of strategy. But as risk experts made clear at GRI’s 2025 summit on Wednesday, it's not enough. Particularly because today’s CROs must build resilience, drive insight, and often challenge the limits of traditional modeling.
"We’re operating in a very dynamic, challenging time that is evolving sometimes it feels like on a daily basis," said Shannon McGinnis, executive vice president and deputy CRO at Scotiabank, emphasizing how stress testing plays a key role in managing geopolitical risk.
"We’re constantly monitoring what's happening in the environments that we operate... We’re looking at different scenarios. We're doing stress testing, we're talking to our clients… How do we get prepared for whatever outcome might come our way?" she said.
Kelly Hepher, CRO at IGM Financial emphasized that while “she’s paid to worry about everything,” and she does, her top concerns are long-overdue market correction and the fast rise of AI-powered fraud.
"This is going to be a tough go for a while. It’s going to get really tough to stay ahead," she said.
David Latour, chief risk officer at La Caisse, argued that it’s not just the CRO role that’s changing but that the entire risk management profession is undergoing a transformation. He recalled how, a decade ago, the job was focused on crunching numbers, but today’s environment demands a much broader range of skills.
"If you define risk as the uncertainty of outcome, AI is that very definition," he said, highlighting the technology and today’s economic and technological environment are reshaping how risk must be assessed.
“It's just a completely different skill set,” he added. “Obviously, we still need to have very strong point analysis, and that's always going to be part of what we do. But suddenly, we have to be able to find risk on climates, we have to be able to find risk on geopolitical events. We have to have a view on where AI can take us. So we need to be able to recruit people that have a diverse background that help us wrap our head and help the organization think about what level of risk do we need to take in order to produce your returns that we need to get to?”
While scenario analysis and stress testing aren’t new, Latour believes they’re now essential to help leadership understand how portfolios or businesses might perform under radically different conditions.
"Nobody knows exactly what the future will look like," he said. "But it’s our job to make sure that management understands how the organization or portfolio will react to different scenarios."
Hepher agreed but also explained that senior executives can “get a bit confused” and think risk managers are supposed to be predicting the future.
“It’s absolutely not the job. The job is to withstand the future, not to predict it,” she said.
Latour also questioned the continued reliability of traditional risk models. Most are built on historical data stretching back 15 to 20 years, but correlations and volatility patterns from the past no longer reflect current realities. He pointed to breakdowns in long-held assumptions, like the relationship between equities and bonds or currency drivers, as signs that risk managers must update their toolkits.
But what unites all four executives is a shared understanding that risk must now serve business, not stand in its way.
Despite Canadian institutions being currently robust, Romy Bowers, chief risk officer at the International Monetary Fund warned that vulnerabilities still require close monitoring. She emphasized the importance of creativity and forward-thinking in risk planning, particularly when historical data doesn’t offer meaningful guidance.
She also agreed on the need for more rigorous scenario analysis, stressing that risk teams must go beyond traditional models.
"Any stress always emerges in ways you never anticipate,” she said. “You can’t let [historical data] guide your future projection.”
She noted that conventional data often falls short when modeling potential future crises.
“Sometimes, the data isn’t there to support the stress testing,” she said, arguing that risk leaders must be willing to imagine scenarios that haven’t yet occurred.
Bowers cited OSFI’s own guidance, which encourages risk managers to use creativity when designing stress tests that reflect today’s unpredictability.
"Risk is not about avoiding the risk, but taking the right risk," she said, highlighting that public sector risk management often defaults to aversion. "But when you’re actually executing programs for the public good, you need to take risk."
That strategic pivot - from gatekeeper to enabler – is changing the very structure of risk teams.
“The whole risk management industry needs to evolve. All the tools we’ve been relying on for the past 20 years are probably not as relevant as they used to be,” said Latour, underscoring that company culture becomes as crucial as modeling.
“You can have all the tools you want. If you don’t have the right culture, it probably won’t matter," he added. "Our job is to ensure that we take risks that are aligned with the risk appetite of the board and management."
