[This article is based on a presentation given by William Fink, former Executive VP, Head of Middle Market Banking at TD, at our CFO Summit, Boston in 2024. Catch up on this presentation, and others, using our OnDemand service. And for more exclusive content, check out your membership dashboard.]

When we talk about planning for the unexpected, it’s tempting to jump straight into models, metrics, and tools. But before we go there, I want to start with something more fundamental - perspective.

In my role at TD Bank, leading U.S. Strategic Partnerships, I’ve had the opportunity to work with a wide range of businesses from small enterprises with $500,000 in revenue to major corporations north of $5 billion. I’ve seen strategy from the inside: through the lens of credit management, risk oversight, and the front lines of mergers, acquisitions, and growth. What I’ve learned is this - no two businesses face the same risks, but all of them must deal with uncertainty.

That’s why flexibility isn’t just a nice-to-have in financial strategy. It’s a necessity. Whether you're navigating market volatility, supply chain shocks, or the next big thing you didn't see coming, the ability to adapt is what separates resilience from reaction.

This isn’t about having all the answers. It’s about asking the right questions and building the frameworks, teams, and tools that allow you to respond when the unpredictable becomes reality. Let’s dive into how you can do that.

Topics covered:

Scenario planning and risk management

When it comes to managing uncertainty, there are two levers every CFO should have a firm grasp on: scenario planning and risk identification. And if I’m being honest, I could talk about this all day because it’s at the heart of the work I’ve done throughout my career.

Let’s start with scenario planning. Too often, it’s treated as a bolt-on or an isolated exercise, when in reality, it’s a core part of strategic planning. The best-run companies I’ve worked with (and I’ve seen thousands) have one thing in common: strong internal controls supported by dynamic, forward-looking strategic planning processes. And scenario planning sits right in the middle of that.

Over the past five years, contingency planning has become more prominent, and understandably so. Natural disasters, pandemics, supply chain breakdowns, geopolitical tensions... they’ve all made it clear: being reactive isn’t enough. Historically, contingency planning was focused mainly on recovery and how we bounce back. But today, it has to start with anticipation. That’s where scenario planning comes in.

And not just for the negative. Think back to the surges in demand for things like Pokémon cards, Cabbage Patch Kids, or even the Pet Rock. Entire supply chains got caught flat-footed. That’s positive disruption, and it's still a missed opportunity if you’re not ready for it.

So how do you build good scenario planning?

It doesn’t mean creating a hundred “what if” models. That’s not efficient. Instead, focus on three to five well-defined, realistic scenarios. Start by clarifying your objectives, understanding your key needs, and identifying where the biggest risks lie. Challenge your assumptions continuously. That’s what gives the process its power.

Depending on your business, you might use advanced modeling tools like Monte Carlo simulations or Oracle Crystal Ball. For high-risk industries like aerospace, nuclear, or defense, etc., you may run out six, even eight standard deviations. But not every business needs that level of rigor. The sophistication of your scenario planning should match the risk you’re managing.

That leads us directly into risk. The classic categories still hold true - strategic, operational, financial, legal, compliance, people, macroeconomic, and reputational. What’s changed is how frequently and how deeply they intersect.

Once you identify the types of risk, assess both the likelihood and the impact. Some risks are high-frequency but low-impact, you plan for those differently than a “black swan” event. In fact, I’d even add a fourth tier of risk above high: catastrophic. These are the ones that could end the business. Rare? Yes. But if you're not at least planning around them, you're leaving the door wide open.

Now, I’ll share something a bit controversial. Years ago, at Stanford’s risk management program, I heard Dr. Ron Howard (who coined the term “decision analysis”) say something I’ve never forgotten. He said, "There’s no such thing as a black swan event."

His argument? It’s not that the event is unprecedented, it’s that we failed to anticipate it. COVID-19 wasn’t the first pandemic. The financial crisis wasn’t the first market collapse. We just didn’t frame our planning well enough.

You may agree or disagree with that view, and that’s okay. But it brings us back to the same conclusion: scenario planning is about preparing for what’s plausible, even if it’s uncomfortable. It’s about building financial strategies that hold up not just in expected environments, but in the ones we’d rather not think about.

How FP&A Teams Build Budgets?
Asif Masani breaks down budgets step-by-step, not just so you understand it, but so you can confidently explain it in your next FP&A interview.
Finance AllianceAsif Masani

The role of AI in scenario planning

Let’s talk about tools, specifically AI and machine learning, and how they fit into scenario planning and risk management. Because there’s no question: the tools we have today are more powerful, more sophisticated, and more accessible than ever before. But we’re still just scratching the surface of what they can do.

Even before the explosion of AI, we had machine learning and it’s been around for a couple of decades. Yet, many organizations haven’t fully leveraged its capabilities. So as much as the buzz around AI is valid, the bigger question is: what are we doing with the tools we already have?

It starts with understanding what you’re solving for. You can’t let technology drive the strategy. The strategy has to guide the tech. That means clearly defining your objectives, understanding what risks you’re trying to monitor or anticipate, and then identifying the right data to support those goals.

Because here’s the truth: data for data’s sake is useless. You can be overwhelmed with so much raw information that you lose sight of what really matters. The old phrase comes to mind - you can’t see the forest for the trees.

What you want is not just data, but information - refined, structured, and relevant. Information that supports decision-making. Whether that’s a go/no-go on an investment, a shift in working capital strategy, or a tactical move to scale up inventory in response to demand. Data should be a driver, not a distraction.

And yes, AI can significantly enhance your ability to identify, quantify, and respond to risk. Whether it's flagging changes in customer payment behavior, monitoring macroeconomic shifts, or detecting patterns in operational performance, AI tools are quickly becoming essential. But they are only as effective as the data you feed them and the clarity of the decisions you want them to support.

Data management, then, becomes just as critical as the analytical models themselves. If you're not investing in clean, accessible, well-governed data structures, even the best tools won't help you move faster or smarter.

Bottom line: AI and machine learning are transforming how we plan for uncertainty. But the goal hasn’t changed - better decisions, made faster and with more confidence. The tools are there to serve that purpose. Not the other way around.

Building collaborative teams for financial flexibility

One of the most common questions I get (and it’s as old as business itself) is how do you actually get teams to work together across the organization? Especially when you’re trying to build financial flexibility in the face of real risk.

Let me tell you, it’s not magic. It’s structure. And most of all, it’s culture.

At TD, I worked across both the commercial and investment banking sides of the business. That intersection only functions when people collaborate. And true collaboration doesn’t happen without alignment - alignment of purpose, incentives, and leadership.

It starts at the top. Always. If the senior leadership team isn’t explicitly setting the tone that working cross-functionally is expected, valued, and measured, it won’t happen consistently. A middle manager deciding that collaboration is important won’t carry enough weight across silos. There will be skepticism. People won’t fully buy in. Culture has to be modeled and reinforced from the top down.

At our bank, we’ve taken deliberate steps to operationalize this. Every year, I have specific goals tied to cross-organizational engagement. And those goals don’t just live in my performance review, they cascade all the way down. Whether you're in an executive suite or an entry-level position in the commercial bank, you know what we’re collectively aiming to accomplish. You’re part of the effort.

When I led credit management, I made this even more explicit. For all 600 of my team members and 14 direct reports, I published clear, prioritized goals for the year. Cross-functional coordination was one of them, and we tracked it. That level of clarity eliminates guesswork.

Without that kind of intentional structure, what you get is inconsistency. You’ll see pockets of collaboration and pockets of dysfunction. People will interpret the company’s values and priorities differently and often in ways that align with their personal incentives.

And that’s the final piece. Incentives matter. If you don’t align your incentive structures with collaborative behavior, you’ll always have friction. People are smart. They figure out what benefits them.

So, if you’re serious about financial flexibility, don’t just focus on tools and strategy. Focus on the teams who have to carry it out and build the systems that make it not just possible, but expected.

CFO interview questions and answers
In this guide, we’ll help you prepare so that when you walk into that interview room (virtual or in-person), you’ll be ready to show them exactly why you’re the best person for the job.
Finance AllianceSabrinthia Donnelly

Preparing for unpredictable events

If you’re a CFO today, the real question isn’t whether unpredictable events will impact your business, it’s when, and how deeply. So, the first step in preparing for the unexpected is accepting that uncertainty isn’t an exception. It’s part of the structure of any organization.

Take the American Red Cross as an example. Unpredictability is their entire operating environment. Disasters aren't hypothetical, they’re constant, and global. While your business may not live at that level of volatility, the principle is the same: disruption is baked into the system.

Of course, not every unexpected event is catastrophic. Some are small and harmless. For example, your regular mail carrier takes a vacation that you didn’t see it coming, but the impact is negligible. The key is to understand where any given disruption sits on the risk scale.

As you move up that scale toward events with real operational or financial impact, your planning process becomes critical. You need to ask yourself: Is our strategy robust enough to handle sudden shifts? Do we revisit it regularly? Are we thinking beyond the next quarter?

It’s not about predicting every single event. That’s impossible. But your job, especially in a finance leadership role, is to make sure the structure of your planning process allows your organization to react effectively, safeguard assets, and keep serving your customers, even when the rules of the game change overnight.

This is where flexibility becomes a form of discipline. You don’t get there by accident. It’s built, maintained, and constantly tested.

The importance of contingency planning

Here’s the reality: most companies have something they call a contingency plan. The question is, is it real, and is it current?

I’ll never forget where I was on Friday, March 19, 2020. The pandemic was rapidly unfolding, and by noon that day, I was responsible for shifting 600 employees to remote work, immediately. We had contingency plans in place. But let’s be honest: most of them were built around weather events and things like power outages, storms, and maybe a building issue, etc. Nothing that resembled a global health crisis requiring total remote capacity overnight.

And here’s where our contingency planning was truly tested: did we have enough VPN access for 600 people? No, we didn’t. But because we had at least thought through elements of the scenario, we had multiple vendors identified and on standby. None of them could scale up alone. But together, they bridged the gap until we built the internal infrastructure ourselves over the following weeks.

That’s what real contingency planning looks like. It’s not just having a document, it’s having a dynamic, evolving plan that you test, refine, and stress regularly. And, just as importantly, it must be built into your broader strategic planning process. If it’s not part of how you run the business, it will fail when you need it most.

Crisis Management Plan vs Business Continuity Plan
Believe it or not, a crisis management plan is not the same as a business continuity plan. The two are similar in many ways, sure, but they have key differences that set them apart.
Finance AllianceSabrinthia Donnelly

Stress testing and risk management: Pressure-testing your assumptions

In banking, we don’t have the luxury of hoping our plans work. We go through rigorous, mandatory stress tests - the Dodd-Frank Act Stress Test (DFAST), and the Comprehensive Capital Analysis and Review (CCAR) led by the OCC. These aren’t paper exercises. They simulate real-world scenarios: economic downturns, spikes in loan defaults, the sudden loss of key personnel, cyber events, and more. Then they ask one critical question: How will your organization respond?

These stress tests are updated and evaluated every year. And not every bank passes. We’ve been fortunate to perform well, but that’s because we treat it seriously and not just for compliance reasons. The process forces us to think deeply about risk, contingency, and recovery.

If you’re a CFO, this mindset matters. Whether you’re in banking, healthcare, manufacturing, or tech, the principles hold. The question isn’t if the stress will come. It’s how ready are you when it does?

Your contingency planning needs to go beyond recovery. It should be baked into the very DNA of your strategic planning. Because when the moment comes, whether it’s a pandemic, a cyberattack, or a sudden market shift, you won’t have time to build a plan. You’ll need to execute one.

Adapting to future unpredictability: Turning lessons into habits

One of the most important questions I’ve been asked since the early days of the pandemic is: What are you doing differently now that you’ve been through something so disruptive?

The truth is, we’ve made some significant shifts in not just our tools, but in our habits. Because unpredictable events, by definition, won’t show up in your planning calendar. What can change is how ready you are to respond.

At TD, we’ve built a deeply layered risk identification process that starts at the grassroots level and moves upward through the organization. We call it RCSA (Risk and Control Self-Assessment) and it’s something we’ve refined over the last ten years. It catalogs all types of risk: customer, competition, operational, compliance, and more. But in the wake of COVID-19, one area we’ve doubled down on is process risk, particularly around technology.

Before March 2020, many of us, myself included, took the reliability of our systems for granted. You log into your laptop, your apps connect, and everything just works. But what if it doesn’t? What if there’s a data breach or a widespread system outage? What happens if your technology (the lifeblood of how we work) simply stops?

We’ve expanded our planning to answer those questions. And it’s not just limited to technology. We've started to look more closely at geographic concentration risk. As a bank with major hubs in Boston, New York, Philadelphia, Washington D.C., and now Charlotte and parts of Florida, we’ve had to think about what happens if one or more of those cities becomes inoperable.

We run those scenarios. We stress test our response plans. We ask hard questions: How do we serve customers if a major utility goes down? What happens if a hub city is offline for 48 hours?

The goal isn’t to predict every detail of the next crisis. It’s to build the muscle to respond when the unexpected inevitably shows up. The pandemic, as devastating as it was, served as a wake-up call not just for what did happen, but for all the things we weren’t yet asking ourselves.

Now, we’re asking more and planning smarter.

Scenario planning and business continuity

At this stage, scenario planning isn’t just about how many scenarios you’ve modeled, but the depth and breadth of those scenarios. We’ve taken our approach far beyond what we did a decade ago. Now we ask: What does this mean for our customers? What impact could it have on employee operations, credit delinquencies, supply chains, or liquidity?

Business continuity can no longer be an afterthought or a checkbox exercise. It has to be tightly woven into your scenario planning. The plans need to evolve as your business does, as your technology stack changes, as new risks emerge.

We’re constantly reworking our approach, and frankly, we’ll never be done. And that’s the point, scenario planning isn’t static. It’s an evolving discipline that keeps pace with your environment.

How CFOs are powering business strategy
This blog explores how today’s CFOs are stepping beyond traditional finance roles to become strategic partners - driving growth, shaping business decisions, and turning financial insight into organizational impact.
Finance AllianceNick Rumball

Identifying growth opportunities amidst risks

One comment that really stuck with me in this discussion was the idea that risk planning often focuses so heavily on loss prevention that we forget about the cost of missed opportunity.

It’s a great point, and one that’s especially relevant for CFOs. Risk management shouldn’t just be about downside protection. It should also help surface upside potential.

In my time leading risk management at TD, I spent a lot of time thinking through this. Any good board will ask, “How are we protected against loss?” But the proactive boards and the truly forward-looking leadership teams will also ask: What have we missed? And what did it cost us?

That’s where decision analysis comes into play. Let’s take lending as a simple example: We know the loans we made. But what about the loans we didn’t make? If we loosened or adjusted our underwriting criteria in a certain direction, what’s the tradeoff? How much additional credit risk might we be taking on, and what additional revenue might that generate?

You can model that. You can quantify it. You can track where the opportunity zones are, and where the risk thresholds start to get uncomfortable. That’s real, actionable insight. And it’s where finance can step out of the role of “guardrail” and into the role of strategic growth enabler.

Differentiation without excess risk

Most companies can serve a mainstream need - that’s table stakes. But the best companies, the ones that lead in their industries, go a step further. They figure out how to identify opportunities their competitors haven’t seen, and they do it without taking on excessive risk.

That’s the difference-maker. Can you find that edge in the market where your business can move faster, respond smarter, or deliver more value, without compromising your risk profile?

This kind of strategic differentiation starts with analysis, yes. But it also starts with experience. You need to challenge assumptions, run probability models, and ask what if - not just to avoid downside, but to uncover potential. It’s about framing the problem, not solving it on instinct alone.

Conclusion: Building resilience through foresight

Planning for the unexpected isn’t about having all the answers, it’s about building the processes, teams, and mindset to respond when the questions change.

Whether you're facing a global crisis or a once-in-a-generation opportunity, the principles stay the same: plan thoroughly, manage risk intentionally, collaborate across your organization, and always leave room for adaptation.

Flexibility isn’t a soft skill. In today’s world, it’s a financial imperative, and it’s the edge that will define tomorrow’s market leaders.