13. Strategies to Govern Systemic Risks

Stephane Jacobzone
Charles Baubion
Jack Radisch
Stefan Hochrainer-Stigler
Joanne Linnerooth-Bayer
Wei Liu
Elena Rovenskaya
Ulf Dieckmann

Governments, businesses and civil society worldwide realise more and more that the risks modern societies face have become increasingly systemic, complex, potentially irreversible, and in some cases existential. They present governance institutions with crosscutting and diverse challenges that may result in disruptive consequences and require integrated and innovative thinking and solutions. Risk typically refers to uncertain outcomes, the negative consequences of which need to be addressed by governments (Hochrainer, 2006). The financial crisis of 2007/2008 brought home the significance of the systemic nature of risks, that is, the potential for impacts to cascade through economic, social, and ecological systems, to irreversibly breach system boundaries, and to cause instability or even system collapse (Pflug and Kovacevic 2014). A distinguishing feature of systemic risk is that it emerges from complex interactions among individual elements or agents (and their associated individual risks); therefore, systemic risk is sometimes called network risk (Helbing, 2013, see also Box 1 in Florin et al., 2018).

Governments play a central role in managing systemic risks; yet governance is more than government. Public governance covers the formal and informal arrangements, including institutions, tools, and processes that determine how public decisions are made and how public actions are carried out. As witnessed in many risk policy issues (e.g. the transformation needed to break free from the world’s dependency on fossil fuels) civil society and businesses exert their influence across the whole policy cycle. Indeed, forming strategic alliances across governments, businesses, and civil society organisations has become the new operating norm in democratic societies. The blurring of boundaries makes it increasingly necessary to view governance as a system rooted in policy networks or ‘soft’ systems that can encompass complex and ill-defined problems with multiple interacting actors, often with conflicting interests and values, sometimes called “wicked” problems (Checkland and Holwell, 1998).

A key lesson learned from the 2007/2008 financial crisis was that risk governance – the institutions, rules, conventions, processes, and mechanisms by which policy decisions about risks are taken and implemented (Florin et al., 2018) – is critical, yet sorely underdeveloped for existential and systemic risks. While it can be argued that the global financial system was well understood and institutionally mature in comparison with many global governance regimes, the institutions failed to predict or prevent the financial crisis (Goldin and Vogel, 2010). This is not surprising considering the challenges facing institutions that manage financial risks: the complexity of rules and regulations in place with corresponding gaps and loopholes; difficulty in identifying contributing actors; unavailable or highly uncertain information on cascading impacts; undefined responsibility for taking systemic risk management decisions; and little attributable accountability for the consequences.

Wicked issues require more innovative and comprehensive approaches to problem solving through system thinking. This applies by extension for systemic risk problems, for which traditional linear methods of societal problem solving (actors agree on the problem and objectives; experts gather and analyse data and formulate a solution; public or private actors implement the solution) do not seem to work. Indeed, risk assessment and management as conventionally practiced often fail to find social consensus on highly contentious issues (note, for example, recent debates on the risks of genetically modified foods, nuclear power, financial regulation, smoking, cell phone radiation, food safety, migration, and climate change). What’s more, the very fundamentals of society’s risk governance institutions may not be adequate for managing ill-defined and potentially irreversible risks that increasingly require transformational changes in system attributes: social behaviours; regulatory, legislative, or bureaucratic regimes; financial institutions; and technological or biophysical systems (O’Brien et al., 2012).

This chapter reviews the challenges for governing the array of systemic risks facing interconnected economies and societies, and the potential of systems analysis to address these challenges. Following an elaboration of the governance challenges in the next section, briefly discuss the inroads made by the OECD and IIASA in their applications of systems analysis to selected governance issues. These range from the OECD’s ‘whole of society’ approach applied to critical infrastructure management, to IIASA’s methodological innovations that apply network theory and agent-based models to risks in complex financial systems. Following the distinction made by Jentoft et al. (2007) between the system to be governed and the governance system, we emphasise the importance of inclusive and trustworthy governance processes that co-generate policy options for systemic risk governance, and we illustrate OECD’s ‘good governance’ principles and IIASA’s work on the design of stakeholder co-generation processes.

A fundamental challenge to governing systemic risk is understanding the system as a complex network of individual and institutional actors with different and often conflicting interests, values, and worldviews. Superimposed on this governance network are the potential risk events with ill-defined chains or networks of interrelated consequences and impacts. While the agreed objective may be mitigating the risk, the differently perceived and constructed solutions can have far-reaching and often highly uncertain differences in their costs, effectiveness, and distribution across winners and losers. Because in a systems approach there may be many competing solutions with no clear best, the challenge for their governance is to assure transparency, accountability, and inclusiveness of the risk management process, and effectiveness, stationarity, equity, and sustainability of the outcome.

For assuring greater accountability, responsibility and awareness on the part of individual and institutional actors, Helbing (2013) has proposed a principle of collective responsibility as one central cornerstone of systemic risk governance, which echoes the whole of society approach to risk governance underpinning the OECD recommendation on the governance of critical risks.1 However, this shared responsibility approach raises challenges. Responsibility relies on establishing attribution across the often complex geospatial and sectoral distribution of stakeholders, and dealing with the large uncertainties that exist in determining the causal effects, while governments keep fundamental responsibilities. This is complicated by the fact that systemic risk can evolve up to the global, macroscopic scale through disruptions at the microscopic scale or through behaviour that is only indirectly linked to the disruption it causes (Poledna and Thurner, 2016). Even in cases where the attribution question can be tackled, the complexity of the networks may diffuse responsibility. For example, it is difficult to identify the responsible institutions and risk managers in trade networks (Centeno et al., 2015). Consequently, attributing accountability limits the solution space for systemic risk mitigation, as responsibilities and liabilities are unclear; it also hampers the development of a joint vision defining clear common targets for systemic risk management. 

Other governance challenges arise in assuring the stationarity and equity of the risk being managed. As a start, this will require understanding or even assessing systemic risks and their differentiated burdens, that is, identifying the triggering events, and understanding their potential for cascading impacts, exposure to the risks (and distributional aspects), and vulnerability to the impacts. Among many other considerations, risk assessment will require identifying the risk drivers, which can include financial, political, technological, and natural phenomena, and also human agency, behaviour, and even culpability (Hochrainer-Stigler et al., 2018). More subtly, the human risk drivers may be actions of individuals and/or groups existing outside of recognised or established institutions, and outside of effective governance structures, for example, rogue traders, aggressive financial innovators, or terrorists. Frank et al. (2014) refer to these challenges as ‘femtorisks’ and stress their importance in propelling systems down paths of increasing instability, and challenging standard approaches to risk assessment.

As society confronts increasingly complex risks, the governance system itself becomes more complex. According to sociologists, modernity relies on increasing complexity to manage the very risks it creates, which in turn can generate risks embedded in the construction of social organisations and institutions (Centeno et al., 2015). For example, the benefits and efficiencies that resulted from specialisation of labour, economies of scale, collective knowledge, and information sharing have dramatically increased exposure to disastrous outcomes (Beck, 1999).

IIASA and the OECD have pioneered strategies that build on systems analysis to understand, assess, manage, and generally govern systemic risks. Examples are discussed below.

OECD’s ‘whole of society’ approach. The OECD has focused extensively on “critical risks” as identified in its 2011 publication Future Global Shocks (OECD, 2011). Critical risks are threats and hazards that pose the most strategically significant risks as a result of their probability or likelihood and of the national significance of their disruptive consequences. Critical risks are often ‘critical’ because of their cascading effects, impeding the capacity of societies and citizens to live fulfilling lives and undermining the functioning of public institutions. These risks include sudden onset events (e.g. climate extremes like hurricanes, earthquakes, industrial accidents, terrorist attacks); gradual onset events (e.g. pandemics); and so-called “steady-state” or pervasive risks. Risks of disruption to critical infrastructure systems have received special attention, both because of the potential for their effects to cascade through interlinked subsystems of economies, and because governments generally have primary responsibility for the safety of public infrastructure. Governments invest in prevention, preparedness and disaster response to protect wellbeing, competitiveness and sustainable economic growth. The OECD recently assessed country progress in the governance of critical risks (OECD, 2019) starting with a stocktaking of the governance arrangements that underpin risk management, including a mapping of OECD governments’ self-assessments as well as of the risk governance functions of lead institutions.

From this analysis, the OECD has developed a framework for Good Governance for Critical Infrastructure Resilience (2019), which takes into account the systemic and interconnected aspects of critical infrastructure systems. This framework recognises the essential systemic nature of the risks involved in core infrastructure systems that can have rippling effects through the economy and society, and the advantages of a systems-based approach to risk governance in this area combined with close interaction with critical infrastructure actors for enhancing resilience. Most importantly, this analysis underlined the importance of a whole of government and even a whole of society approach, with a systems’ perspective on the governance of critical risks.

To achieve this holistic governance approach, governments need to invest more in understanding complex interdependencies, and adopt methodologies and metrics to identify the critical functions, systems and assets that pose the greatest systemic risks. To achieve this, the OECD recommends that governments establish information-sharing platforms with operators of critical infrastructure for a comprehensive and shared understanding of risks and vulnerabilities. There is a need to consider a mix of policy tools, informed by cost-benefit analysis, to encourage operators to invest in resilience and achieve resilience objectives. Government should monitor implementation and evaluate progress in attaining resilience objectives, with a clear accountability framework for operators.

IIASA’s methodological advances. While many conventional approaches (like cost-benefit analysis) for mitigating and responding to critical risks are well established in policies and practices, the expert-led analyse-prioritise-implement approach will likely confront difficulties in assessing cascading impacts in interlinked, networked systems, characterised by a lack of historical experience and relevant data (Frank et al., 2014). For this reason, methodologies that account for systemic properties, such as complexity theory, network science, and agent-based modelling, are emerging (Florin et al., 2018; OECD, 2018).

In response to the 2007/2008 financial crisis, IIASA developed and applied systems methodologies, including network analysis and agent-based models (ABMs), for understanding, assessing and mitigating systemic risk. As one application, IIASA researchers explored the idea of a ‘systemic risk tax’ that would be levied on financial transactions that contribute to systemic risk (Poledna et al., 2017; 2018). To identify these transactions, IIASA and collaborators developed an ABM model where agents were financial actors in a dense network of financial institutions. Estimating the marginal systemic risk of individual transactions opens the way to a novel approach for managing risk by reshaping the topology of financial networks. Based on this new approach, the authors proposed a tax on individual financial transactions proportional to their marginal systemic risk, and showed that this policy could significantly mitigate the risk of future collapse of the financial system. Another idea introduced and analysed by Leduc et al., (2017) is to use credit default swaps (CDS), which transfer the default risk from one bank to another, to rewire the network of interbank exposures in a way that makes it more resilient to insolvency cascades.

IIASA researchers have also examined the risk of cascading impacts from disasters, or indirect risk, which might emerge from the loss of critical infrastructure or supply chains. The indirect losses from disasters have been especially difficult to estimate. IIASA’s unique approach is based on an ABM of a networked national economy (Austria). The Austrian ABM is the first to couple the macroeconomy with the financial system by representing financial contracts between nearly all firms and banks in Austria as a network of direct exposures, and incorporating a ‘big data’ representation of agents in a national economy that agrees reasonably well with real-world economic observations. The model shows how not only banks, but also firms, make a significant contribution to systemic economic and financial risks. It also shows to what extent to expect cascading indirect losses from major floods (Poledna et al., [in preparation]). Based on the copula approach, a novel statistical method, for estimating the frequency of flood extremes, the model shows that a large-scale natural disaster can have entirely different economic effects than moderate events due partly to the different financial transmission channels. This result is also due to financial limits on the reconstruction effort owning to fiscal constraints facing public officials and liquidity constraints facing private bank lenders. Importantly, the model shows how flood impacts differ substantially across industries and economic sectors. Beyond disaster losses, the model is useful for quantifying systemic risk in various economic networks, predicting responses of the economy to endogenous shocks, e.g. from the financial system, and to exogenous shocks, like transformative technological innovations or unintended consequences of political interventions such as subsidies and tax policies.

The question is how to use complex models and other analytical information in the policy process, or how to cross the barrier between risk science and policy. This question was prevalent in the early 1970s debates surrounding use of nuclear power, and continues today with the emergence of new, controversial technologies, and in scientific debates surrounding climate change. A confounding feature of most controversial risk issues is that ‘science-to-policy’ is far from a straightforward linear process, as illustrated by the need for scientific advice during crises and the need to address ‘unknown unknowns’ as part of strategic crisis management (OECD, 2015, 2018). For one, the uncertainties inherent in any risk estimation – and prolific in systemic risk assessments – mean that experts frequently differ on the very nature and seriousness of the risk. More troubling, in the case of systemic risks the unknown unknowns can dominate ‘known unknowns’, meaning probabilistic estimates may be intractable, and become even more problematic where network dynamics and social processes intertwine. In this context, when policy cannot be justified on ‘objective’ risk estimates, the importance of a credible and trustworthy social decision process becomes apparent.

A policy context steeped in uncertainties and unknowns, and diffuse actors across political boundaries, might call for an adaptive, evolutionary, and participatory learning process. If an iterative process can gain acceptance and trust across stakeholders, it might help bridge the gap between expert analyses and implementation challenges (Schinko and Mechler, 2017). The importance of tackling systemic risks on a continuous and proactive basis (such as envisioned usually in adaptive approaches) is particularly important due to the special nature of systemic risk that may happen due to small disturbances (Hochrainer-Stigler et al., 2019). Another related suggestion is to combine systemic risks with other types of risk so that they can be tackled together (Hochrainer-Stigler et al., 2018). For example, direct risks due to extreme hazard events (e.g. monetary losses due to asset damages) can be combined with systemic risk considerations (e.g. business interruptions that cause large-scale repercussions on larger levels due to affected supply chains, such as the Thailand floods of 2011. However, any collaborative effort requires interaction among heterogeneous individual, group, and national actors - risk imposers and risk bearers. Current approaches are often piecemeal, presenting an ensemble of perspectives on specific aspects of systemic risk. One single perspective may inappropriately bias the view of the whole system. Hence, the OECD has emphasised the ‘whole of society’ approach that might naturally embrace a participatory, adaptive process with continuous monitoring and iterative evaluation on different levels, as many countries also engage in comprehensive National Risk Assessment exercises which reflect and integrate a participatory and iterative process (OECD, 2018b).

Engaging multiple actors with their alternative problem frames for systemic risk is now recognised as essential for effective governance processes, and ultimately for robust policy implementation (Verweij and Thompson, 2006). It is also fundamental to a systems approach. It is for this reason that stakeholder engagement has become common parlance in policy research. Indeed, Churchman (1968) recognised early on that a systems approach to policy processes actively ‘folds in’ as many factors as possible and looks at the issues from different viewpoints or, as he first coined the term, ‘worldviews’. In this latter aspect, in Churchman’s words – “A systems approach begins when first you see the world through the eyes of another” (Churchman, 1968, p. 231).

In critical infrastructure for example, while operators and governments typically agree on the need to protect critical assets and maintain service, their views may differ on the level of resilience required, the means to achieve it, and the regulatory requirements that should apply, given the financial implications. The key aspects involve establishing trust, ensuring secure information sharing, developing cost-sharing mechanisms, and strengthening international co-operation, which require appropriate governance mechanisms. The OECD has identified up to 22 tools that governments and countries are using in this area, from prescriptive regulatory tools and compensation mechanisms to voluntary frameworks based on partnerships (OECD, 2019).

The OECD also recognises that risk governance requires the combined efforts of government, market, and civil-society actors. Recent risk controversies have highlighted the critical role played by non-state actors, for example, non-smokers in putting smoking risk onto political agendas, antinuclear advocates in changing many national energy agendas, and, more recently, public demonstrations around climate-change actions or major infrastructure projects. Still, some are calling the 21st century the post-participation era because of the growing recognition that stakeholders need not be merely participants in expert-generated policy strategies, but experts can be participants in stakeholder-generated strategies – what is termed cogeneration, which is key to public sector innovation. IIASA is at the forefront of developing and implementing stakeholder cogeneration processes that apply system concepts to codesign and co-assess policy options, and at the same time respect the plural perspectives and frames of stakeholder groups. As one example, IIASA carried out a three-year cogeneration process for landslide mitigation in Italy, where experts worked with three stakeholder groups holding very different perspectives on the problem and its solution. Ultimately, a compromise solution was cogenerated, agreed upon, and implemented (Linnerooth-Bayer et al., 2016; Scolobig et al., 2016).

The importance of applying a systems approach to both the system to be governed and the governance system was recognised early on by Elinor Ostrom who saw ‘the great divide’ between market, state and civil society actors, and who warned that ‘contrived walls separating analysis of potentially synergetic phenomena into separate parts miss the potential for synergy’ (Ostrom, 1996, p. 1073). OECD and IIASA are contributing to dismantling the “contrived walls” by developing and applying systems approaches that strengthen risk governance systems as well as improve understanding of the social and economic networks through which the risk impacts proliferate.

OECD and IIASA concepts and applications can serve as a testing ground for the huge effort needed to effectively and fairly govern risks from climate change adaptation, financial transactions, biodiversity loss, and many other complex and systemic risks facing the world. Recognising that systemic risk governance is still in its infancy, there is an opportunity to explore systems thinking in structuring local, national, and global governance regimes. This chapter has provided brief ideas on this exploration, including the OECD’s ‘whole of society’ approach for managing critical infrastructure risk and IIASA’s suggestions for establishing triple learning loops to reframe or even enable transformative changes and focus attention on the critical nodes that are key to ensuring resilience of economies and societies. This chapter (as well as others in this book) has also illustrated the powerful role that methodologies, like network analysis and agent-based models, can play in understanding network behaviours and the critical network nodes that can be targeted for effective reduction of the risks. Importantly, methodologies are also under development for meaningfully involving stakeholders in the governance of systemic risks by co-generating solutions that respect the plural framings of the issues.

As systemic risks increasingly spread across political, institutional and sectoral boundaries, broad partnerships and collaborative efforts are needed between governments, businesses and civil society - between those who gain and lose from the activities generating the risks - to maintain a country's constitutional values under changing environments and evolving problems. Reducing such risks is a major public interest, and we therefore call for further institutional changes, mutual learning mechanisms and robust methodologies to enable the effective handling of systemic risks in the future. Countries can benefit from intergovernmental sharing mechanisms as well as establishing close partnerships with cutting edge academic networks to facilitate take-up of innovative measures and encourage shared investments in economic and social resilience.


Beck, U. (1999), World Risk Society, Polity

Centeno, M. A., et al. (2015), “The emergence of global systemic risk”, Annual Review of Sociology, Vol. 41, pp. 65–85

Checkland, P., and S. Holwell (1998), Information, Systems and Information Systems: Making Sense of the Field”, Wiley, Chichester

Churchman, CW. (1968), “The systems approach”, New York, Delacorte Press

Frank, A. B., et al. (2014), “Dealing with femtorisks in international relations”, Proceedings of the National Academy of Sciences, Vol. 111(49), pp. 17356–17362

Goldin, I., and T. Vogel (2010), “Global governance and systemic risk in the 21st century: Lessons from the financial crisis”, Global Policy, Vol. 1(1), pp. 4-15

Helbing, D. (2013), “Globally networked risks and how to respond”, Nature, Vol. 497, pp. 51-59

Hochrainer, S. (2006), “Macroeconomic Risk Management against Natural Disasters”, German University Press (DUV), Wiesbaden, Germany

Hochrainer-Stigler, S., et al. (2018), “Integrating Systemic Risk and Risk Analysis Using Copulas”, International Journal of Disaster Risk Science, Vol. 9(4), pp. 561-567,

Hochrainer-Stigler, S., et al. (2019), “Modelling, Measuring and Managing Systemic Risk: The Missing Human Agency Aspect”, Journal of Risk Research (Forthcoming)

IRGC (2018), “Guidelines for the Governance of Systemic Risks”, Lausanne: EPFL International Risk Governance Center (IRGC).

Jentoft, S., T.C. van Son, and M. Bjørkan. (2007), “Marine protected areas: a governance system analysis”, Human Ecology, Vol. 35(5), pp. 611-622.

Leduc, M. V., Poledna, S., and Thurner, S. (2017), “Systemic risk management in financial networks with credit default swaps”, Available at SSRN 2713200.

Linnerooth-Bayer, J., Scolobig, A., Ferlisi, S., Cascini, L., and Thompson, M. (2016), “Expert engagement in participatory processes: translating stakeholder discourses into policy options”, Natural Hazards, Vol. 81, pp. 69-88.

Ludwig, D. (2001), “The era of management is over”, Ecosystems, Vol. 4, pp.758-764.

O'Brien, K., et al. (2012), “Toward a sustainable and resilient future”, In C.B. Field, et al. (eds) Managing the Risks of Extreme Events and Disasters to Advance Climate Change Adaptation. A Special Report of Working Groups I and II of the Intergovernmental Panel on Climate Change (IPCC), Cambridge, UK, and New York, NY, USA: Cambridge University Press: 437-486.

OECD (2011) Future Global Shocks, Improving Risk Governance. Available at: https://www.oecd.org/gov/risk/futureglobalshocks.htm

OECD (2015) The Changing Face of Strategic Crisis Management. Available at: https://www.oecd.org/publications/the-changing-face-of-strategic-crisis-management-9789264249127-en.htm

OECD (2018) Assessing Global Progress in the governance of Critical Risks. Available at: http://www.oecd.org/gov/assessing-global-progress-in-the-governance-of-critical-risks-9789264309272-en.htm

OECD (2018b) National Risk Assessment, a Cross Country Perspective. Available at: https://www.oecd.org/governance/national-risk-assessments-9789264287532-en.htm

OECD (2019) Good governance for critical infrastructure resilience. Available at: http://www.oecd.org/governance/good-governance-for-critical-infrastructure-resilience-02f0e5a0-en.htm

Ostrom, E. (1996), “Crossing the great divide: Co-production, synergy, and development”, World Development, 24/6, pp. 1073-1087

Pflug, G. C., and R. Kovacevic. (2014), “Measuring systemic risk: Structural approaches”, in Quantitative Financial Risk Management: Theory and Practice, edited by C. Zopounidis and G. Galariotis, pp. 1-21. John Wiley and Sons.

Poledna, S., and S. Thurner. (2016), “Elimination of systemic risk in financial networks by means of a systemic risk transaction tax”, Quantitative Finance, Vol. 16, pp. 1599-1613.

Poledna, S., Bochmann,O. and Turner, S. (2017), “ Basel III capital surcharges for G-SIBs are far less effective in managing systemic risk in comparison to network-based, systemic risk-dependent financial transaction taxes”, Journal of Economic Dynamics and Control, Vol. 77, pp. 230–246.

Poledna, S., Hinteregger, A. and Thurner. S. (2018), “Identifying systemically important companies by using the credit network of an entire nation”, Entropy, Vol. 20(10).

Schinko, T., and Mechler, R. (2017), “Applying recent insights from climate risk management to operationalize the loss and damage mechanism”, Ecological Economics, Vol. 136, pp. 296-298.

Scolobig A., Thompson, M., and Linnerooth-Bayer, J. (2016), “Compromise not consensus: designing a participatory process for landslide risk mitigation”, Natural Hazards, 81/45. https://doi.org/10.1007/s11069-015-2078

Metadata, Legal and Rights

This document, as well as any data and map included herein, are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. Extracts from publications may be subject to additional disclaimers, which are set out in the complete version of the publication, available at the link provided.


The use of this work, whether digital or print, is governed by the Terms and Conditions to be found at http://www.oecd.org/termsandconditions.