This assessment builds upon the crisis scenarios identified in Part 1. It classifies them based on internationally recognised crisis categories, ranging from natural disasters and technological failures to organisational misconduct and acts of malevolence.
Each identified crisis scenario is evaluated based on its potential impact across eight critical areas: finance, operations, legal and regulatory compliance, reputation, social responsibility, human resources, and assets, including IT systems and information.
The likelihood of occurrence and the severity of impact are quantified to derive a Risk Rating and Risk Level for each scenario.
This assessment enables Ryt Bank to prioritise risks based on severity and likelihood, forming the foundation for effective risk mitigation strategies and business continuity planning.
Table Below: Notes for BCM Institute's Course Participants: This is the template for completing the "Part 3: RAR – Risk Impact and Likelihood Assessment."
|
Category of Crisis Types |
Type of Crisis Scenario |
Impact Area - Finance |
Impact Area - Operations |
Impact Area - Legal & Regulatory |
Impact Area - Reputation & Image |
Impact Area - Social Responsibility |
|
Natural |
Flooding at the Data Centre |
4 |
5 |
3 |
4 |
3 |
|
Technological |
Core Banking System Failure |
4 |
5 |
4 |
4 |
3 |
|
Technological |
Data Breach (Customer Information) |
5 |
4 |
5 |
5 |
4 |
|
Confrontation |
Employee Industrial Action |
4 |
5 |
3 |
4 |
4 |
|
Malevolence |
Cyberattack / Ransomware |
5 |
4 |
5 |
5 |
3 |
|
Organisational Misdeeds – 5.1 |
Aggressive Profit-Maximisation Tactics |
4 |
3 |
4 |
5 |
4 |
|
Organisational Misdeeds – 5.2 |
Concealment of Customer Data Breach |
5 |
4 |
5 |
5 |
4 |
|
Organisational Misdeeds – 5.3 |
Misappropriation of Funds by Mgmt |
5 |
3 |
5 |
5 |
4 |
|
Due to Workplace Violence |
Physical Assault in the Office |
3 |
3 |
3 |
4 |
3 |
|
Due to Rumours |
Social Media Rumour on Bank Insolvency |
4 |
3 |
3 |
5 |
3 |
|
Lack of Funds |
Liquidity Crisis |
5 |
4 |
4 |
4 |
4 |
|
Category of Crisis Types |
Impact Area - People |
Impact Area - Assets/ IT Systems/ Information |
Risk Impact Area (Highest Score) |
Risk Likelihood |
Risk Rating |
Risk Level |
Expected Period of Disruption |
|
Natural |
3 |
5 |
5 (Assets/ IT) |
3 (Possible) |
15 |
Medium |
24–48 hours |
|
Technological |
3 |
5 |
5 (Assets/ IT) |
4 (Likely) |
20 |
High |
>48 hours |
|
Technological |
3 |
5 |
5 (Legal/ Reputation) |
4 (Likely) |
20 |
High |
>72 hours |
|
Confrontation |
5 |
3 |
5 (People) |
2 (Unlikely) |
10 |
Medium |
>24 hours |
|
Malevolence |
4 |
5 |
5 (Multiple) |
4 (Likely) |
20 |
High |
>72 hours |
|
Organisational Misdeeds – 5.1 |
3 |
3 |
5 (Reputation) |
3 (Possible) |
15 |
Medium |
>1 week |
|
Organisational Misdeeds – 5.2 |
3 |
5 |
5 (Legal/Reputation) |
3 (Possible) |
15 |
Medium |
>72 hours |
|
Organisational Misdeeds – 5.3 |
3 |
4 |
5 (Finance/Legal) |
2 (Unlikely) |
10 |
Medium |
>48 hours |
|
Due to Workplace Violence |
5 |
3 |
5 (People) |
2 (Unlikely) |
10 |
Medium |
<24 hours |
|
Due to Rumours |
3 |
2 |
5 (Reputation) |
3 (Possible) |
15 |
Medium |
<24 hours |
|
Lack of Funds |
3 |
3 |
5 (Finance) |
2 (Unlikely) |
10 |
Medium |
>72 hours |
Risk Level bands (example guidance notes based on BCM Institute)
How to use this template
The Risk Impact and Likelihood Assessment is a key component of Ryt Bank’s broader crisis readiness and operational resilience framework.
By categorising threats and systematically evaluating their consequences across multiple impact dimensions, Ryt Bank gains a clear and actionable understanding of its risk exposure.
High-risk scenarios—particularly those involving technological failure, cyber threats, and reputational damage—require immediate focus in terms of mitigation planning, resource allocation, and crisis response testing.
As a fully digital bank operating in a rapidly evolving financial landscape, Ryt Bank must remain proactive in identifying emerging threats and continuously updating its risk posture.
The insights from this assessment will guide the development of targeted control measures, improve response capabilities, and enhance overall preparedness to ensure continued trust, regulatory compliance, and uninterrupted banking services for its customers.
Crisis Management Blueprint for Ryt Bank |
||||||
| eBook 3: Starting Your Crisis Management Implementation | ||||||
To learn more about the course and schedule, click the buttons below for the CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].
|
Please feel free to send us a note if you have any questions. |
||