Insights

Cybersecurity & the NIS2 Directive: The EU’s Evolving Cybersecurity Landscape

Picture this, it’s 2024, and the EU has just dropped a new bombshell in the world of cybersecurity. It’s called the NIS2 Directive, and while its name might not scream "party," it’s definitely something organizations need to pay attention to. For all the tech nerds and cybersecurity folks out there, this is more than just a new set of rules—it's a whole new way of doing business when it comes to securing networks, reporting incidents, and managing risk. But don’t worry, this article isn’t going to sound like it was written by a robot (unless, of course, that robot had an excellent sense of humor and personality). We’re diving into what NIS2 means, how it impacts AI, and what exactly you should be doing to stay ahead of the game. And spoilers, AI is going to be your best friend in this one.

Risk Appetite & Common Sense

In this article, Norman Marks inspects the concept of "risk appetite," challenging its validity and questioning its role in decision-making. Drawing from personal experiences and real-world examples, Marks argues that the traditional approach to defining and managing risk is overly simplistic and fails to capture the complexity of real-world risk. He critiques the common practice of quantifying risk as a single number and suggests that a more dynamic, objective-driven approach is needed. Rather than focusing on a static "risk appetite," Marks proposes that organizations should consider the likelihood of achieving their objectives, using risk as a factor in the decision-making process.

Strengthening Third-Party Risk Management and Governance Across the Extended Enterprise

In the increasingly interconnected world of modern business, organizations rely more than ever on third-party relationships. While these partnerships offer significant opportunities for growth and innovation, they also expose businesses to a range of risks that can threaten resilience and success. As geopolitical tensions and economic uncertainties continue to rise, it is essential for companies to reassess and strengthen their third-party governance, risk management, and compliance strategies. This article expands on the insights from my previous piece, Navigating the Storm: Strengthening Third-Party Governance and Risk Management in Your Extended Enterprise, offering a deeper look into how businesses can build robust, proactive frameworks to navigate these challenges and ensure sustained success across their extended enterprise.

Rethinking Risk & Internal Audit as Strategic Decision Support

In this article by Tim Leech, he delves into the evolving roles of risk and internal audit functions, exploring how they can transition from their traditional, compliance-focused image to become key decision-support partners for management and the board. Drawing on his extensive experience, Tim outlines the need for change in how internal audit and risk functions operate, emphasizing the importance of aligning with mission-critical objectives to drive better decision-making and organizational success.

Return on Investment (ROI) is an Essential Element in Risk Management

In this article by Norman Marks, he explores the critical intersection of Return on Investment (ROI) and risk management. The evolving landscape of risk management requires organizations to make informed decisions about how they treat and mitigate risk, ensuring that each investment aligns with strategic goals. In this piece, we’ll dive deeper into the concept of ROI as it relates to risk management and explore why every risk treatment should be evaluated not just for its effectiveness but also for the return on that investment.

Finding Your Way in the RegTech Landscape: Navigating a Complex Compliance World

In today’s fast-moving world, staying on top of regulatory requirements isn’t just a challenge, it’s a constant juggling act. As businesses face mounting compliance demands, they’re looking for ways to stay ahead of the curve, with speed, agility, and resilience. Enter RegTech. Positioned right at the intersection of technology and regulation, RegTech is becoming a game-changer in the Governance, Risk Management, and Compliance (GRC) space. It’s providing the tools that organizations need to not only keep up with—but get ahead of—an increasingly complex regulatory environment. As I dive into the intricacies of RegTech, I’ve shared some key insights in my original article on navigating this ever-evolving landscape.

AMF 2025 International Seminar Explores Global Regulatory Challenges

The AMF's 2025 International Seminar wrapped up on March 20, leaving behind not just a digital trail but an invaluable conversation on the future of global financial regulation. Held in a 100% online format from March 10 to 20, the event brought together over 950 participants from 85 financial market authorities worldwide. It was a gathering of minds—regulators, experts, and thought leaders—all grappling with the growing complexities of financial markets in today’s fast-paced, tech-driven world.