Risk & Resilience

Norway Warns Financial Institutions Face More Complex Risks Despite Stable Operations

Norway's financial sector entered 2026 from a position most regulators would envy. Payment services remained stable throughout the previous year, operational disruptions stayed broadly in line with recent experience, and none of the ICT incidents reported in 2025 threatened financial stability. That stability, however, is not what concerns the Norwegian Financial Supervisory Authority.

Is Risk Management a 2nd Line Function in the Updated Three Lines Model?

The Institute of Internal Auditors' updated Three Lines Model has reignited a longstanding debate over where risk management belongs within an organization's governance structure. In this commentary, governance and risk expert Norman Marks examines whether the revised definition of the second line finally reflects the reality of modern risk management, or simply broadens the concept so far that it loses much of its practical value. He argues that while the new language is an improvement over earlier versions, it raises fundamental questions about the purpose of the model and whether it still meaningfully distinguishes assurance providers from decision-support functions.

AMF Says Market Resilience Has Not Dispelled Geopolitical, Cyber & Private-Market Risks

In its 2026 Markets and Risk Outlook, the Autorité des marchés financiers said geopolitical and cyber risks remain central concerns. Financial markets, it said, have stayed broadly orderly and resilient despite a correction and heightened volatility following the outbreak of the conflict with Iran. That resilience is not presented as a clean bill of health. It is the backdrop against which the regulator now sees familiar vulnerabilities becoming more exposed.

APRA's First System-Wide Stress Test Shows Both Resilience & Emerging Financial Vulnerabilities

For decades, prudential stress testing has largely asked a straightforward question: can an individual institution survive a severe economic shock? The Australian Prudential Regulation Authority decided to ask a more complicated one. What happens when the connections between institutions become part of the crisis itself?

When Brands Go Quiet: The Fragility of Consumer Loyalty

For the past decade, many major brands experimented with political voice as a growth strategy. They spoke on social justice, democracy, climate, privacy, labor, and civil rights not as side commentary, but as identity. Consumers were encouraged to see purchases as moral alignment. Then something shifted. Some of those same brands have become quieter, more cautious, or selectively neutral. To consumers, that silence is not invisible. When a brand that once framed itself as values-driven retreats from political expression, the market interprets it as a renegotiation of trust. 

EU Authorities Warn MiCAR Deadline Could Create New Money Laundering Risks During Crypto Market Reshuffle

The European Union's crypto market changes shape on July 1. After that date, firms that have continued operating under MiCAR's transitional arrangements must either hold authorization as Crypto-Asset Service Providers (CASPs) or stop providing crypto-asset services in the bloc. That regulatory milestone has been discussed for months as a licensing event. European anti-money laundering authorities are treating it as something else entirely: a financial crime event.

EIOPA Makes Digital Resilience Part of Everyday Insurance Supervision

The European Insurance and Occupational Pensions Authority spent much of 2025 doing the kind of work that rarely attracts headlines but quietly determines whether supervision across Europe's insurance market moves in the same direction. A report published Friday traces that effort through country visits, technical reviews and cross-border coordination, while marking one notable expansion in scope: digital operational resilience has formally become part of the authority's oversight agenda.