In financial services, risk management is often treated as a static function — a robust framework built to withstand external shocks and internal missteps. But as the sector continues to evolve in Canada, from open banking to digital transformation and DEI/ESG expectations, is it enough to rely on the same risk frameworks we built five or ten years ago?
Recently, I came across the concept of the Capability Life Cycle in organizational behaviour — a perspective that sparked a broader question:
Can and should risk management evolve alongside the organization’s capabilities, rather than react to their decline?
Think of the Capability Life Cycle like a product life cycle — but applied to a specific internal capability or function. It typically moves through these stages:
- Founding / Development – New capabilities emerge in response to opportunity or necessity (e.g. a fintech initiative or digital onboarding system).
- Growth – The capability gains internal buy-in, funding, and operational maturity.
- Maturity – The capability becomes embedded and optimized, but innovation slows.
- Decline or Renewal – The capability either loses relevance or is reimagined and adapted to new conditions.
Now apply this to risk management in Canadian banks, insurers, or credit unions. Many frameworks were developed during a time of regulatory stabilization following the 2008 financial crisis. Those frameworks have matured — some might say ossified. Yet the world they operate in — cyber risk, geopolitical shifts, climate finance, GenAI — continues to change rapidly.
Here’s the challenge:
Disruption or uncertainty may force a change in how risk is managed — but can risk management proactively adapt over time?
This isn’t about compliance checklists or audit cycles. It’s about ensuring that risk management itself doesn’t become a mature capability in decline. It must be a living function that aligns with the business strategy, the pace of innovation, and — crucially — with the evolving behaviours of the organization.
A few takeaways for Canadian financial services leaders:
🔍 Look outside traditional risk functions for inspiration
Organizational behaviour, behavioural economics, and even marketing offer models that better reflect how people and systems actually behave under uncertainty.
🔄 Think in life cycles, not permanence
A great risk framework in 2018 might be a liability in 2025. Capabilities need ongoing investment, feedback loops, and the occasional reinvention.
🧭 Build for adaptability, not just resilience
Resilience helps you survive a disruption. Adaptability helps you evolve before the disruption hits.
💬 Ask the hard questions
- Is our risk culture aligned with how our business is actually evolving?
- Are we over-relying on historical metrics to define emerging risks?
- Is our framework enabling strategy — or inhibiting it?
The Canadian financial services sector is at a pivotal moment. Open banking, evolving customer expectations, and systemic digital shifts mean the very nature of financial risk is changing.
So let’s ask ourselves — is our risk capability evolving too?