In 1914, the “lords of finance” were, as described in a masterful book of the same name, sure that nothing much would go amiss because King and Kaiser would both know better. They should have, but they didn’t. Now, in 2014, global finance is again nervous, but not really alarmed. Crimea is remote, just as Sarajevo was nowheresville. The comparison is of course cataclysmic and, so far, unnecessarily alarmist. But, it’s not wrong. Perhaps because I started my career as a geopolitical risk analyst for Bank of America back in the day, this issue is one I think not only of historical interest, but also of immediate systemic importance. We thus issued a paper on this topic earlier in the week designed to highlight the critical differences between traditional currency or credit assessments of sovereign risk and the new, interconnected geopolitical analytics that sophisticated financial institutions should deploy and regulators must recognize. I called the traditional approach “old-school” perhaps because that’s where I learned it. It was most recently epitomized by comments from a senior FRB official who discounted any financial fall-out from the Ukrainian crisis because – right to a point – the country’s so small.

In the old school, one would look at Ukraine, recognize that its currency isn’t meaningful in global finance, note that its outstanding debt is tiny, write down a little, reserve a lot, and move on. The usual approach to geopolitical-risk mitigation is to aggregate your exposure to a sovereign counterparty and, if you’re good at this, related exposures like borrowers domiciled in the regime, and then be sure you’ve enough capital and reserves to handle any losses. Banks learned this the hard way in the early 1980s in what was then called the LDC-debt crisis, with entities like the Institute of International Finance set up in its costly aftermath to help banks count their counterparties. But, as a damning survey last month from the Senior Supervisors Group showed, banks can’t do that now because exposures aren’t anywhere near as easy to aggregate anymore.

Where once banks just made loans and fixed-income investors held sovereign bonds, now banks are fixed-income investors and everyone makes loans. What’s more, a lot of exposure isn’t in loans or bonds, but rather derives from credit default swaps and all the complex structures built atop them, as well as in margin requirements tied to ratings and in all sorts of non-credit exposures resulting from liquidity, operational, market, and noncredit risks that barely drew notice on the old-school’s risk blackboard. Think for example of the blast power of a cyber-attack on major financial infrastructure – in sharp contrast to prior geopolitical risk exercises, big players are not only at profound operational risk, but they have also become direct-hit targets in their own right. And, years ago, non-banks knew their place; now, they dominate key business lines, especially cross-border capital markets channels where geopolitical risk quickly metastasizes. High-frequency trading and cross-default clauses also put financial stability on the head of a far tinier pin, and the fast-growing role of central counterparties under still-sketchy regulation adds a whole new dimension to concentrated exposures and potential contagion risk.

Big banks are more resilient than back in the day because the post-crisis reforms have demanded lots more capital and, of late, liquidity. But, none of these rules directly ensures geopolitical-risk resilience because all of them fight the last war, in which big financial institutions sparked a crisis for which regulators were singularly ill-prepared. Only the operational-risk rules – finalized in 2005 – deal with exogenous risks and, in my view, they are weak, over-focused on capital, and ill-designed for geopolitical risk. Even if all these rules were good enough for geopolitical risk at big banks – which they aren’t – the huge role of “shadow” institutions means that risk transmission channels and fire-sales can quickly develop outside the scope of capital standards, central-bank access, and orderly-resolution protocols.

This means we’re back where we were in 2007 and early 2008: staring down the barrel of a gun loaded with formidable systemic bullets that may or may not go off. If it does, big banks will absorb the shock as long as it’s limited to credit markets and doesn’t translate into cross-border liquidity or operational crises. As for big non-banks, who knows? Not the FSB, FSOC, or all the other systemic standard-setters toiling away since the crisis – geopolitical risk has barely rated a mention in all the reports they write, let alone any risk-mitigation measures built out over the past six years so crises caused by someone other than a big bank can be quickly resolved.

We’ll see on Sunday after the annexation vote what happens in Crimea and, thus, to East-West relations and all the sanctions and cross-border barriers that could go up in tandem with barrage balloons. Hopefully, a compromise or even solution can be found and this geopolitical bogeyman will go back into the closet. Other scary global players, though, are in there with him – think for example of the simmering dispute between China and Japan for a geopolitical risk with far-reaching and fast-moving market impact.

Even as diplomats seek a solution in Crimea, financial institutions and regulators need urgently to ensure robust resilience in the face of a systemic risk that, while dormant for decades, packs an awful punch.