Risk & Resilience

The past year offered no shortage of challenges for Europe's insurance and pensions sectors. Geopolitical tensions remained elevated, cyber threats continued to evolve, extreme weather events became more frequent, and advances in artificial intelligence forced regulators and financial institutions alike to confront new opportunities and new risks. The European insurance watchdog spent 2025 trying to balance two objectives that do not always sit comfortably together: strengthening oversight while reducing regulatory complexity.

Norway's financial regulator warned Thursday that rising geopolitical tensions, elevated cyber threats and continued weakness in parts of the property market are increasing risks to financial stability, even as the country's banks remain profitable and well-capitalized.

The second day of Risk-!n Zurich had a different character from the first. Day one was largely about visibility and how organizations can see risk clearly enough in environments shaped by artificial intelligence, cyber acceleration, operational complexity, climate exposure and emerging technologies. Day two moved the discussion one step further. If organizations can see more, faster and with greater precision, what exactly are they supposed to do with that visibility?

A surprising amount of operational resilience comes down to keeping lists. Not the glamorous kind, or dashboards, AI copilots, or threat intelligence feeds. Just knowing what systems exist, where they are, who owns them, what depends on them, and what happens when they fail. The consultation, launched Tuesday by the Monetary Authority of Singapore (MAS), is proposing a substantial expansion of its Technology Risk Management Notices. The consultation, open through July 31, touches nearly every stage of the technology lifecycle, from asset inventories and risk assessments to system monitoring, backup strategies, incident response, and outage reporting.

The first day of Risk-!n Zurich featured discussions on business continuity, enterprise risk management, internal controls, cybersecurity, climate resilience, artificial intelligence and quantum computing. On paper, it looked like a conference agenda built around a broad collection of risk disciplines. In practice, many of the presentations were wrestling with the same question. How do organizations maintain visibility into risks that are moving faster than the governance structures designed to oversee them?

The Basel Committee latest report examines how banks and regulators are managing the technology failures that happen without malicious intent yet can still disrupt critical services, lock customers out of accounts, interrupt payments, or leave institutions scrambling to restore operations.

The European Supervisory Authorities recently released their first annual DORA incident report provides the first comprehensive look at major ICT-related incidents reported under DORA's new reporting framework.