In my recent LinkedIn post, I argued that risk appetite is the most profound and important principle in risk management, and yet, in practice, it often results in the most shallow and trivial application. The more I reflect on it, the more this paradox seems to explain many of the shortcomings we see in modern risk frameworks.
There are periods when geopolitics hums in the background of corporate life, unsettling, tragic, but still distant enough to be categorized as “external.” And then there are moments when the map seems to press directly against the operating model of the enterprise. Escalation involving Iran sits firmly in that latter category, not because conflict in the region is new, but because it concentrates so many interlocking systems (energy corridors, cyber capability, sanctions regimes, proxy networks, global shipping routes) into a single geography where instability reverberates quickly and unevenly.
Speaking at The Economist’s Antitrust Summit 2026, Sarah Cardell did not pretend the ground beneath competition policy is steady. A year ago, the global economic order still felt strained but familiar. Today, she suggested, it feels fundamentally unsettled.
Risk is an ever-present feature of enterprise operations. Whether it manifests as operational disruption, regulatory change, strategic misalignment, or the volatility of emerging threats, risk is embedded in the daily conduct of business. Yet it is not the presence of risk that should concern us most, but the way in which it is understood, managed, and integrated into the lifeblood of planning and decision-making.
The European Banking Authority on Monday released its follow-up to a 2022 peer review examining how national supervisors assess ICT risk under the Supervisory Review and Evaluation Process, or SREP.
Spain’s securities regulator, the Comisión Nacional del Mercado de Valores, has recently published a detailed set of 74 frequently asked questions aimed at helping financial firms interpret and apply the EU’s Digital Operational Resilience Act.
In a recent supervision release, Sweden's Financial Supervisory Authority (FIN-FSA) published a summary of its updated sanctions risk assessment covering sectors supervised under the Anti-Money Laundering Act. The previous summary was issued in autumn 2024.