Risk & Resilience

Australia's financial institutions are not sufficiently prepared for the operational and financial consequences of geopolitical disruption, according to a warning issued Wednesday by the country's prudential regulator. The Australian Prudential Regulation Authority has written to banks, insurers and superannuation funds outlining what it calls minimum expectations for readiness against geopolitical shocks, citing concerns that many firms have yet to translate growing awareness of geopolitical risks into practical risk management and crisis preparedness.

The European Banking Authority spent much of last year preparing to oversee companies that are not banks. That may sound like an administrative detail, but it isn't. For most of its existence, the EBA's job was largely to write rules, refine standards and help build the regulatory architecture that emerged after the global financial crisis. The institution became one of the principal architects of Europe's banking framework, translating political agreements into thousands of pages of technical requirements.

The first paper I wrote as an analyst at Forrester back in 2013 was about mitigating risk in the customer journey. That was also my first exposure to marketing’s alternative vocabulary for risk they call it customer pain points or challenges. I call it risk. Same thing, different outfit.

The past year offered no shortage of challenges for Europe's insurance and pensions sectors. Geopolitical tensions remained elevated, cyber threats continued to evolve, extreme weather events became more frequent, and advances in artificial intelligence forced regulators and financial institutions alike to confront new opportunities and new risks. The European insurance watchdog spent 2025 trying to balance two objectives that do not always sit comfortably together: strengthening oversight while reducing regulatory complexity.

Norway's financial regulator warned Thursday that rising geopolitical tensions, elevated cyber threats and continued weakness in parts of the property market are increasing risks to financial stability, even as the country's banks remain profitable and well-capitalized.

The second day of Risk-!n Zurich had a different character from the first. Day one was largely about visibility and how organizations can see risk clearly enough in environments shaped by artificial intelligence, cyber acceleration, operational complexity, climate exposure and emerging technologies. Day two moved the discussion one step further. If organizations can see more, faster and with greater precision, what exactly are they supposed to do with that visibility?

A surprising amount of operational resilience comes down to keeping lists. Not the glamorous kind, or dashboards, AI copilots, or threat intelligence feeds. Just knowing what systems exist, where they are, who owns them, what depends on them, and what happens when they fail. The consultation, launched Tuesday by the Monetary Authority of Singapore (MAS), is proposing a substantial expansion of its Technology Risk Management Notices. The consultation, open through July 31, touches nearly every stage of the technology lifecycle, from asset inventories and risk assessments to system monitoring, backup strategies, incident response, and outage reporting.