Risk & Resilience

As of 17 January 2025, the Digital Operational Resilience Act (DORA) has officially begun to reshape how the financial sector addresses ICT risk management. In response, the European Banking Authority (EBA) has made a series of key adjustments to its Guidelines on ICT and security risk management. These revisions, aimed at cutting down on duplication and creating clearer expectations for the market, help ensure that financial institutions aren’t bogged down by overlapping regulations.

In J.R.R. Tolkien's The Lord of the Rings, the Palantír—a mystical seeing stone—gives its user the power to peer into distant lands and foresee possible futures. While this gift is fraught with danger in the story, it’s a fitting metaphor for today’s organizations facing a world of uncertainty. Just as the Palantír offers a glimpse into potential futures, modern risk management tools provide organizations with the ability to foresee emerging risks and prepare for the unexpected. In this article, we’ll explore how businesses can use a Palantír-like approach—combining foresight with strategic planning—to anticipate challenges and better navigate the evolving landscape of risk.

European insurers might not be in the eye of the storm, but they’re certainly navigating some choppy waters. The European Insurance and Occupational Pensions Authority (EIOPA) just released its latest Insurance Risk Dashboard, offering a snapshot of an industry that’s stable—at least for now—but not without its fair share of concerns. Market volatility and real estate price swings continue to cast shadows over an otherwise steady outlook, with liquidity and funding conditions tightening just enough to keep insurers alert.

The winds of 2025 are carrying more than just a chill for Germany's financial sector—they're bringing storm clouds of risk. Climate change, geopolitical tensions, and a sluggish economy are converging to create what the Federal Financial Supervisory Authority (BaFin) calls a “highly challenging” environment. In its Risks in Focus 2025 report, released today, BaFin lays out the threats with an unflinching eye, urging financial institutions to prepare for the unpredictable.

Every few years, the European Banking Authority (EBA) holds up a mirror to the banking sector, asking a straightforward yet critical question: “What if?” The 2025 EU-wide stress test is no different—but this time, the stakes feel particularly high.

On January 17, 2025, the EU takes a significant step towards fortifying the financial sector’s ability to weather the storm of today’s digital and cyber risks with the official rollout of the Digital Operational Resilience Act (DORA). This isn’t just another regulation—it’s a bold response to the growing recognition that the financial sector’s resilience is now as important as its profitability.

For professionals in the realm of risk, compliance, and IT security, the role of the Chief Information Security Officer (CISO) has long been a cornerstone of organizational defense. But as technology evolves and risks become more interconnected, the role itself is undergoing a significant transformation. In a recent analysis in my piece The Death of the CISO: A Eulogy & Reincarnation, I discussed the impending end of the traditional CISO in favor of a more expansive role — the Digital Risk & Resilience Officer (DRRO).