Use this guide to sharpen your credit and risk write-ups.
Replace cognitive shortcuts with structured thinking using 1st- and 2nd-order risk logic.
This post builds on the Generic Risk Map, providing 3 or more “Before-and-After” examples per risk to help bankers shift from rationalizing risks (often with biases) to articulating clear, monitorable conditions. Each reframe replaces vague “mitigation” language with a structured, forward-looking view.
⚡ Porter’s Five Forces as a Forward-Looking Risk Framework
Porter’s Five Forces is one of the most powerful first-principles tools to understand how industry structure influences the sustainability of cash flow. It breaks down the competitive dynamics that determine whether a company can defend its margin, grow profitably, and resist threats.
The Five Forces and How They Influence Risk:
- Bargaining Power of Buyers
- Reveals vulnerability to price discounts, contract renegotiation, or switching.
- ⚡ Watch for: Large buyer concentration, commoditized offerings, short contracts.
- Bargaining Power of Suppliers
- Drives cost structure risk. Concentrated suppliers or rare materials = margin squeeze.
- ⚡ Watch for: Single-source reliance, index-linked price escalation clauses.
- Competitors / Competitive Rivalry
- Signals the intensity of price wars, innovation races, and customer churn.
- High rivalry erodes margins and raises capex/R&D pressure.
- ⚡ Watch for: Falling gross margin, high marketing spend, aggressive promotions.
- Barriers of Entry / Threat of New Entrants
- Indicates how easy it is for newcomers to capture share.
- Low barriers (tech, capex, regulation) = fragile incumbents.
- ⚡ Watch for: DTC startups, digital-first challengers, or VC-backed disruptors.
- Disruptions / Threat of Substitutes
- Tests how easily a customer can solve their problem another way.
- Disruption usually enters via substitutes, not direct rivals.
- ⚡ Watch for: Non-industry alternatives, new technology or process replacements.
Why It’s Forward-Looking:
- The forces are dynamic, not static — regulatory changes, technological shifts, and consumer trends alter them over time.
- Paired with tools like PESTEL or Scenario Planning, it helps predict industry transformation risk.
Pro tip: Map how each of the Five Forces is changing. Is one strengthening (e.g., supplier power due to geopolitical tensions)? Is one weakening (e.g., threat of entry falling due to consolidation)?
Use this to inform 1st-order cash flow risks and link them to 2nd-order catalysts.
⚡ Customer Concentration (1st-order)
| ❌ Before: Passive, “Close Monitoring” (Cognitive Bias) | ✅ After: Proactive, Structured Monitoring (Focus on Actions) |
|---|---|
| “Customer risk is mitigated by long-term relationships.” (halo effect) | “If any of the top 3 customers reduce orders by >15% within 6 months, this triggers a revenue reforecast and AR exposure review.” |
| “Their customers are industry leaders and won’t switch.” (status quo bias) | “If customer X launches a competing supplier trial, we flag potential churn and trigger margin protection actions.” |
| “They have never had a major customer leave before.” (recency bias) | “We monitor sales concentration quarterly. A fall in top-5 customer share signals shifting loyalty and triggers diversification plans.” |
⚡ Supplier Dependency / Input Cost (1st-order)
| ❌ Before | ✅ After |
|---|---|
| “They have multiple suppliers, so the risk is mitigated.” (overgeneralization) | “The top 2 suppliers still make up 80% of input costs. A >10% cost increase or late delivery triggers switch-readiness assessment.” |
| “They’ve worked with suppliers for years without issue.” (anchoring bias) | “We monitor delivery reliability monthly. 2 delays in a quarter activate alternate sourcing tests.” |
| “The supplier is reputable and global.” (authority bias) | “We track raw input price index vs gross margin monthly. If spread narrows >300bps, action is triggered to renegotiate terms.” |
⚡ Pricing Power & Revenue Quality (1st-order)
| ❌ Before | ✅ After |
|---|---|
| “Margins are stable, so pricing power is strong.” (confirmation bias) | “If ASP drops 5% in 2 quarters while input costs rise, we flag potential margin squeeze and loss of pricing power.” |
| “They serve premium customers who pay on time.” (selection bias) | “Churn rate and discount trends are monitored monthly. A spike >8% prompts a commercial strategy review.” |
| “Customers renew contracts annually without issue.” (availability bias) | “We model customer lifetime value vs CAC. A decline of >20% in renewal profitability triggers pricing policy review.” |
⚡ Operating Efficiency / Cost Structure (1st-order)
| ❌ Before | ✅ After |
|---|---|
| “The plant is fully depreciated, so cost is low.” (sunk cost fallacy) | “Labor cost per unit is rising. If unit cost exceeds budgeted COGS by 10%, we trigger plant automation feasibility review.” |
| “They operate at 80% utilization, so they’re efficient.” (efficiency illusion) | “If fixed cost coverage ratio drops below 1.3x, we trigger breakeven stress test.” |
| “They benchmark well against peers.” (herd mentality) | “We benchmark EBIT margin quarterly. 2 quarters of lag vs peer median triggers ops improvement planning.” |
⚡ Working Capital Stress (1st-order)
| ❌ Before | ✅ After |
|---|---|
| “They manage working capital tightly every year.” (past performance bias) | “If DSO increases >10 days or inventory days >20% over 3 months, covenant alert is triggered.” |
| “The CFO has visibility on all cash flows.” (overconfidence bias) | “Daily cash buffer monitored. <10 days of liquidity triggers review of undrawn lines and AR collection push.” |
| “They have enough overdraft lines to cover swings.” (illusion of safety) | “AR overdue >15% of total receivables for 2 months triggers limit reduction discussion.” |
⚡ Regulatory/Compliance Risk (2nd-order)
| ❌ Before | ✅ After |
|---|---|
| “They are fully compliant with current rules.” (present bias) | “We track regulatory pipeline. New draft legislation impacting 20%+ of revenue triggers legal review and provision stress test.” |
| “They are certified and audited.” (checkbox bias) | “We monitor changes in industry standards. Any change requiring system/process upgrade triggers capex planning.” |
| “They’ve never had a compliance breach.” (normalcy bias) | “If audit findings require >60 days to resolve, we escalate to risk committee.” |
⚡ Technology / Disruption Risk (2nd-order)
| ❌ Before | ✅ After |
|---|---|
| “The company is investing in digital transformation.” (buzzword bias) | “If <20% of customer acquisition is digital in 1 year, we trigger tech investment review.” |
| “They have strong IT vendors.” (delegation bias) | “Key systems age >7 years triggers tech refresh capex planning.” |
| “They upgraded their ERP recently.” (recency bias) | “System performance tracked monthly. If outages exceed SLA by 2x, bank requests continuity plan update.” |
Final Tip: Use a 3-Part Risk Statement Structure
- Risk: Clearly define the source of uncertainty
- Trigger Benchmark: Define the observable early warning
- Response Plan: What will the business or bank do?
Example:
“The top 2 customers contribute 65% of sales. If either reduces orders >10%, management will shift marketing spend and bank will re-assess working capital limits.”
