Germany’s financial watchdog BaFin has released its second supervisory statement on the EU’s Digital Operational Resilience Act (DORA), offering guidance to financial entities eligible for simplified requirements on ICT risk and third-party risk management.
The Federal Energy Regulatory Commission (FERC) has been busy. In just two weeks, the agency authorized natural gas expansions in Pennsylvania, issued hydropower licenses across New Hampshire and Minnesota, advanced LNG projects along the Gulf Coast, and sharpened cybersecurity rules for the bulk power system — all while defending its decisions in court and auditing some of the nation’s largest utilities.
In an era defined by disruption, resilience is no longer a side conversation in boardrooms, it is the conversation. Cyber incidents, technology outages, geopolitical instability, and supply chain fragility are not “if” events; they are “when” events. Regulators, investors, and customers all demand that you show us not only that you can take the hit, but that you can recover, adapt, and continue to deliver.
The Malta Financial Services Authority (MFSA) has flagged weaknesses in how management companies overseeing Alternative Investment Funds (AIFs) and UCITS handle their investment management responsibilities and liquidity risk controls. The findings, published September 24 following a thematic review, were communicated in a “Dear CEO Letter” that set out the regulator’s expectations for improvements across governance, oversight, and integration of liquidity considerations.
In a recent social media post, I laid out what I see as the joint purpose of risk groups and internal audit. The response reinforced what I’ve long believed—that governance works best when accountability is simple, logical, and aligned with fiduciary duty.
South Korea’s financial regulator is tightening the screws on cyber risk, warning banks and other financial institutions that security can no longer be an afterthought. On September 23, Vice Chairman Kwon Dae-young of the Financial Services Commission (FSC) met with chief information security officers from across the sector to address the recent wave of cyber breaches and to press for stronger resilience.
In their Autumn 2025 Joint Committee Report, the European Supervisory Authorities (the EBA, EIOPA and ESMA) describe a financial sector that remains resilient on paper, yet increasingly exposed to forces beyond its control. The warning is not about a brewing crisis so much as a reminder that shocks are arriving faster and hitting harder, from trade wars to cyber strikes.