[CM] [RYT] [E3] [CRA] [T3] Risk Impact and Likelihood Assessment

Conclusion

Introduction

More Information About Crisis Management Blended/ Hybrid Learning Courses

Part 3: RAR – Risk Impact and Likelihood Assessment for Ryt Bank (Categorised by Crisis Types)

Risk Rating Guide

The chapter titled “Part 3: CRA– Risk Impact and Likelihood Assessment" for Ryt Bank (Categorised by Crisis Types)” presents a structured analysis of potential crisis scenarios that could affect the operational resilience of Ryt Bank.

This assessment builds upon the crisis scenarios identified in Part 1. It classifies them based on internationally recognised crisis categories, ranging from natural disasters and technological failures to organisational misconduct and acts of malevolence.

Each identified crisis scenario is evaluated based on its potential impact across eight critical areas: finance, operations, legal and regulatory compliance, reputation, social responsibility, human resources, and assets, including IT systems and information.

The likelihood of occurrence and the severity of impact are quantified to derive a Risk Rating and Risk Level for each scenario.

This assessment enables Ryt Bank to prioritise risks based on severity and likelihood, forming the foundation for effective risk mitigation strategies and business continuity planning.

Table Below: Notes for BCM Institute's Course Participants: This is the template for completing the "Part 3: RAR – Risk Impact and Likelihood Assessment."

GN RAR 3-1 Risk Impact and Likelihood Assessment

Category of Crisis Types	Type of Crisis Scenario	Impact Area - Finance	Impact Area - Operations	Impact Area - Legal & Regulatory	Impact Area - Reputation & Image	Impact Area - Social Responsibility
Natural	Flooding at the Data Centre	4	5	3	4	3
Technological	Core Banking System Failure	4	5	4	4	3
Technological	Data Breach (Customer Information)	5	4	5	5	4
Confrontation	Employee Industrial Action	4	5	3	4	4
Malevolence	Cyberattack / Ransomware	5	4	5	5	3
Organisational Misdeeds – 5.1	Aggressive Profit-Maximisation Tactics	4	3	4	5	4
Organisational Misdeeds – 5.2	Concealment of Customer Data Breach	5	4	5	5	4
Organisational Misdeeds – 5.3	Misappropriation of Funds by Mgmt	5	3	5	5	4
Due to Workplace Violence	Physical Assault in the Office	3	3	3	4	3
Due to Rumours	Social Media Rumour on Bank Insolvency	4	3	3	5	3
Lack of Funds	Liquidity Crisis	5	4	4	4	4

Category of Crisis Types	Impact Area - People	Impact Area - Assets/ IT Systems/ Information	Risk Impact Area (Highest Score)	Risk Likelihood	Risk Rating	Risk Level	Expected Period of Disruption
Natural	3	5	5 (Assets/ IT)	3 (Possible)	15	Medium	24–48 hours
Technological	3	5	5 (Assets/ IT)	4 (Likely)	20	High	>48 hours
Technological	3	5	5 (Legal/ Reputation)	4 (Likely)	20	High	>72 hours
Confrontation	5	3	5 (People)	2 (Unlikely)	10	Medium	>24 hours
Malevolence	4	5	5 (Multiple)	4 (Likely)	20	High	>72 hours
Organisational Misdeeds – 5.1	3	3	5 (Reputation)	3 (Possible)	15	Medium	>1 week
Organisational Misdeeds – 5.2	3	5	5 (Legal/Reputation)	3 (Possible)	15	Medium	>72 hours
Organisational Misdeeds – 5.3	3	4	5 (Finance/Legal)	2 (Unlikely)	10	Medium	>48 hours
Due to Workplace Violence	5	3	5 (People)	2 (Unlikely)	10	Medium	<24 hours
Due to Rumours	3	2	5 (Reputation)	3 (Possible)	15	Medium	<24 hours
Lack of Funds	3	3	5 (Finance)	2 (Unlikely)	10	Medium	>72 hours

Risk Level bands (example guidance notes based on BCM Institute)

Very Low: 1–5
Low: 6–9
Medium: 10–14
High: 15–19
Very High: ≥20

How to use this template

Impact Area Ratings: Score each of the seven categories from 1 (Very Low) to 5 (Very High).
Highest Impact: Select the highest score among those seven.
Likelihood: Assign a 1–5 rating based on your organisation's experience/frequency
Assign Risk Level based on the rating’s band.
Expected Disruption: Estimate downtime using organisational intelligence and context.

The Risk Impact and Likelihood Assessment is a key component of Ryt Bank’s broader crisis readiness and operational resilience framework.

By categorising threats and systematically evaluating their consequences across multiple impact dimensions, Ryt Bank gains a clear and actionable understanding of its risk exposure.

High-risk scenarios—particularly those involving technological failure, cyber threats, and reputational damage—require immediate focus in terms of mitigation planning, resource allocation, and crisis response testing.

As a fully digital bank operating in a rapidly evolving financial landscape, Ryt Bank must remain proactive in identifying emerging threats and continuously updating its risk posture.

The insights from this assessment will guide the development of targeted control measures, improve response capabilities, and enhance overall preparedness to ensure continued trust, regulatory compliance, and uninterrupted banking services for its customers.

Crisis Management Blueprint for Ryt Bank

eBook 3: Starting Your Crisis Management Implementation

To learn more about the course and schedule, click the buttons below for the CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].