The latest System Risk Outlook from the Australian Prudential Regulation Authority is, on paper, a reassuring document. Australia’s financial system remains strong. Banks are well capitalized. Insurers hold solid liquidity positions. Stress testing suggests the system can withstand severe shocks, including a deep global recession combined with funding stress and operational disruption.
A recent post I shared on LinkedIn on the future direction of risk management and internal audit generated a lot of discussion. Not because the ideas were particularly radical, but because many risk and internal audit professionals recognize the profession is reaching an inflection point.
A debate over heat maps was always going to draw attention at SWISS GRC DAY 2026. Not because anyone in governance genuinely loves them anymore, but because they still sit everywhere, from inside board decks, quarterly reports, audit presentations, and risk committee updates long after many organizations quietly stopped trusting them.
In my recent article, GRC Alchemy: Imagination, Knowledge, and the Future of GRC, I argued that many organizations have become trapped in the mechanics of governance, risk, and compliance while losing sight of the larger architectural and strategic purpose behind it all. The challenge is no longer simply collecting more data, automating more workflows, or building more dashboards. Most organizations already have more information than they know what to do with.
Last Thursday, the Financial Conduct Authority, Bank of England, and HM Treasury issued a joint statement warning that frontier AI models are rapidly changing the cyber threat environment facing banks, financial market infrastructures, and regulated firms. The document itself is only a few pages long. No dramatic language. No theatrical predictions about machines overthrowing civilization. Just a steady accumulation of sentences that become more unsettling the longer you sit with them.
The UK’s Competition and Markets Authority formally opened a Strategic Market Status investigation into Microsoft and the sprawling ecosystem surrounding products like Windows, Word, Excel, Teams, and Copilot. The regulator said it will examine whether Microsoft’s position in business software allows it to limit customer choice or weaken competition across adjacent markets.
In this article, Graeme Keith explores the enduring influence of Nassim Nicholas Taleb’s Black Swan theory and the growing tendency to use unpredictable events as a catch-all explanation for failures in risk management and preparedness. Examining the limitations of traditional modeling frameworks, the dangers of retrospective narrative-building, and the cognitive biases that shape how organizations interpret uncertainty, Keith argues that the real lesson of Black Swan events is not that forecasting is futile, but that current approaches to modeling risk remain fundamentally inadequate for the complexity of the modern world.