The MECE 6 has been a clear tool for organizing exposures, but I keep wondering whether it fully captures new digital and AI-driven risks. For example, if an algorithmic trading error or data privacy violation causes multiple downstream losses, does it still fit under “Operational Write-offs” or do we need a seventh category? How adaptable should these frameworks be as exposures evolve?
The MECE 6 has been a clear tool for organizing exposures, but I keep wondering whether it fully captures new digital and AI-driven risks. For example, if an algorithmic trading error or data privacy violation causes multiple downstream losses, does it still fit under “Operational Write-offs” or do we need a seventh category? How adaptable should these frameworks be as exposures evolve?