David Northen has spent over 10 years advising firms on risk strategy, with experience at Parker Fitzgerald, Accenture and the Coventry Building Society. Now, as Jaywing’s Risk Transformation Lead, he is focused on helping businesses modernise their risk frameworks and stay ahead of regulatory changes. We spoke with him about where firms are struggling and what they should prioritise in 2025.
Regulators expect more dynamic risk frameworks. How can firms proactively refine their approaches rather than react to new rules?
This regulatory expectation is in response to an increasingly volatile and interconnected risk environment. To be more proactive, firms should work in close collaboration with regulators—not just in consultation but in shaping regulation from the outset. An industry that is both safe and beneficial for its consumers is also beneficial for financial service providers.
We’ve seen this need for cooperation before, particularly with the shift to digital services, and the same will apply as AI becomes more embedded in financial services. The increased use of RegTech solutions will also support firms in maintaining compliance more efficiently. It will be interesting to see how joint industry: regulator initiatives aimed at digitising the regulatory rules themselves develop in the coming years.
Many firms struggle with embedding risk oversight into their broader strategic decision-making. What are they getting wrong?
This will always be a challenge for dynamic businesses expanding into new customer segments, product lines, or distribution channels. Risk oversight needs to sit at the heart of decision-making rather than on the periphery as a signatory to the finished article. Businesses must recognise that new risk profiles come with any strategic change, and understanding how different risk types interact should be a fundamental part of the process.
Post-merger integration often results in risk misalignment. What practical strategies should firms deploy to avoid compliance gaps?
From a business perspective, it is essential to retain and empower the acquired entity's risk expertise, particularly in areas that are less familiar to the acquiring firm. The business was acquired for a reason—typically because its products or services complement the existing portfolio.
Some of the most high-profile failures in post-merger integration have stemmed from rapid technology migrations. These projects are among the most complex and challenging in the industry, requiring significant expertise. Ensuring realistic timelines, budgets, and expectations from the outset is critical to preventing reputational damage and financial loss following an acquisition.
With risk models under increasing scrutiny, what advancements do you see shaping model validation and stress testing?
Central banks are continuously refining their stress testing methodologies to reflect evolving and interconnected risks. This year, the Bank of England will introduce the new biennial Bank Capital Stress Test, supplemented in alternate years by targeted exercises that should be less burdensome than the current ACS tests.
Across Europe, the ECB’s Working Group on Stress Testing (WGST) has taken a similar approach, fostering collaboration among central banks and supervisory authorities to ensure stress-testing frameworks remain relevant.
For model validation, AI adoption will be a major development—bringing both challenges, in the form of more complex models, and opportunities through more powerful, self-learning solutions. Alongside AI, we are seeing increasing maturity in technologies such as workflow automation, real-time reporting, and customisable threshold alerts, which will improve the efficiency of risk model governance.
Technology is reshaping risk governance, but implementation is often flawed. What should firms focus on to ensure real impact?
Flawed technology implementation often results from a lack of business understanding and leadership. Any change programme must be business-led, starting with a clear definition of the capabilities it aims to deliver and how these align with the overall strategy.
The same applies to risk governance. Senior leadership must sponsor and steer delivery, ensuring that key SMEs are integral to shaping the solution's design. Technology teams play a vital role but should act as key suppliers rather than decision-makers in defining the end product.
Looking to 2025, what are the biggest threats and opportunities in risk management that leaders should be addressing now?
The prominence of non-financial risks—including technological (such as cyber risk) and operational (including fraud) risks—is rising alongside traditional credit and market risk management. This shift is accompanied by increasing volatility and interconnectivity across risk types.
AI-based solutions, particularly Explainable AI (XAI), will present both opportunities and threats. These tools will be used by both good and bad actors. Fraud and financial crime prevention are likely to see the fastest adoption of AI, while in credit decisioning, lenders may be slower to transition due to the inertia around existing, well-established models. While there is strong potential for XAI to enhance risk assessment, firms will require compelling business cases before migrating from their current model suites, which are still often considered fit for purpose.
What are you most looking forward to in your new role at Jaywing?
Working in all of the areas above! I believe risk transformation is central to keeping the financial sector competitive and delivering the services customers need for their personal financial journeys. It remains one of the most critical and fascinating components of the wider economy.
Final thoughts
This year, collaboration between regulators and the industry, investment in RegTech, and a clear strategy for embedding risk into decision-making will be critical. As financial institutions move forward, those that successfully integrate new technologies, such as XAI, while maintaining strong governance will be best positioned to manage both opportunities and threats in the years ahead.
Want to connect with David? Get in touch on LinkedIn or learn more about how Jaywing supports risk management here.
Stay ahead of risk news and insights. Sign up for our newsletter here to get expert insights straight to your inbox.