Risk & Resilience

Last Thursday, the Financial Conduct Authority, Bank of England, and HM Treasury issued a joint statement warning that frontier AI models are rapidly changing the cyber threat environment facing banks, financial market infrastructures, and regulated firms. The document itself is only a few pages long. No dramatic language. No theatrical predictions about machines overthrowing civilization. Just a steady accumulation of sentences that become more unsettling the longer you sit with them.

The UK’s Competition and Markets Authority formally opened a Strategic Market Status investigation into Microsoft and the sprawling ecosystem surrounding products like Windows, Word, Excel, Teams, and Copilot. The regulator said it will examine whether Microsoft’s position in business software allows it to limit customer choice or weaken competition across adjacent markets.

In this article, Graeme Keith explores the enduring influence of Nassim Nicholas Taleb’s Black Swan theory and the growing tendency to use unpredictable events as a catch-all explanation for failures in risk management and preparedness. Examining the limitations of traditional modeling frameworks, the dangers of retrospective narrative-building, and the cognitive biases that shape how organizations interpret uncertainty, Keith argues that the real lesson of Black Swan events is not that forecasting is futile, but that current approaches to modeling risk remain fundamentally inadequate for the complexity of the modern world.

The U.S. banking system entered 2026 on solid footing, with stronger earnings, healthy liquidity, and manageable credit exposure helping stabilize the industry after years of economic uncertainty. But beneath those reassuring numbers, federal regulators are increasingly focused on a more complicated reality taking shape across commercial real estate markets, cyber defense systems, fraud networks, and the rapidly evolving world of artificial intelligence.

For years, model risk management inside financial institutions followed a fairly predictable rhythm. Models were reviewed periodically. Validators examined assumptions, tested outcomes, checked documentation, and challenged methodologies that were generally understandable to humans. The systems themselves, while complex at times, were still built on structures that could usually be traced, interpreted, and explained.

The Monetary Authority of Singapore is stepping deeper into the use of artificial intelligence to counter financial crime, announcing a new collaboration with the banking sector and key public agencies aimed at strengthening scam detection capabilities.

Europe’s insurance sector remains broadly stable, but rising geopolitical tensions and market volatility are beginning to shape a more uncertain outlook, according to the latest risk dashboards from the European Insurance and Occupational Pensions Authority.