Risk & Resilience

The second day of Risk-!n Zurich had a different character from the first. Day one was largely about visibility and how organizations can see risk clearly enough in environments shaped by artificial intelligence, cyber acceleration, operational complexity, climate exposure and emerging technologies. Day two moved the discussion one step further. If organizations can see more, faster and with greater precision, what exactly are they supposed to do with that visibility?

A surprising amount of operational resilience comes down to keeping lists. Not the glamorous kind, or dashboards, AI copilots, or threat intelligence feeds. Just knowing what systems exist, where they are, who owns them, what depends on them, and what happens when they fail. The consultation, launched Tuesday by the Monetary Authority of Singapore (MAS), is proposing a substantial expansion of its Technology Risk Management Notices. The consultation, open through July 31, touches nearly every stage of the technology lifecycle, from asset inventories and risk assessments to system monitoring, backup strategies, incident response, and outage reporting.

The first day of Risk-!n Zurich featured discussions on business continuity, enterprise risk management, internal controls, cybersecurity, climate resilience, artificial intelligence and quantum computing. On paper, it looked like a conference agenda built around a broad collection of risk disciplines. In practice, many of the presentations were wrestling with the same question. How do organizations maintain visibility into risks that are moving faster than the governance structures designed to oversee them?

The Basel Committee latest report examines how banks and regulators are managing the technology failures that happen without malicious intent yet can still disrupt critical services, lock customers out of accounts, interrupt payments, or leave institutions scrambling to restore operations.

The European Supervisory Authorities recently released their first annual DORA incident report provides the first comprehensive look at major ICT-related incidents reported under DORA's new reporting framework.

Drawing on thematic inspections of selected fund management companies and reviews conducted by external auditors it appointed, The monetary Authority of Singapore (MAS) released an information paper outlining what it considers effective governance, risk management, and oversight across the investment process. The paper spans firms operating a range of investment strategies, including equity, fixed income, hedge fund, private credit, and fund-of-funds mandates.

Australian banks, remitters, and foreign exchange providers are being urged to sharpen their scrutiny of transactions involving charities and non-profit organizations after AUSTRAC warned the sector remains vulnerable to terrorism financing and money laundering abuse.