I found myself writing the first edition of this book during a time of crisis for financial institutions around the world. The global financial crisis was under way, and it was clear that poor risk management had played a part – both within firms and on a macro-economic scale. As a result, regulations were strengthened. For banks, Basel III was introduced. This brought capital requirements that were stronger yet more flexible, and a new focus on liquidity. For insurance companies, planning for a new regulatory regime was already well underway. However, the financial crisis meant that Solvency II included measures to provide some protection for insurance companies from capital market volatility.

In the years since the crisis, the stability of financial institutions has largely been maintained. However, we are still in a time of enormous uncertainty. With interest rates reaching new lows around the world, the efficacy of monetary policy is now being questioned. And from a local perspective, the decision of the United Kingdom to leave the European Union could have global implications, both economic and political, even if the nature of these implications remains to be seen.

On a smaller scale, the issue of cyber risk is of growing importance. Hackers seem regularly able to gain access to supposedly secure account information through attacks on firms’ IT systems. Individuals are also at risk from phishing emails, which can lead them to infect their computers with malware, or even to hand over personal data explicitly. These and other forms of cyber risk are causing ever growing losses for individuals and for financial institutions.

But risk management techniques are also developing. For example, Bayesian approaches are being used increasingly to model complex networks of risks, even extending to the calculation of capital requirements.

In this second edition, I have tried to address these changes as well as updating the book more generally. I have also added questions at the end of each chapter, to try to help understanding of the various topics covered. More questions can be found at http://www.paulsweeting.com; a QR code for this site is given at the end of this preface.

Despite these changes, the principle behind the way in which these risks should be approached remains the same – in particular, all risks should be considered together.