Risk & Resilience

The ECB’s May 2026 review lands during a time of war in the Middle East, an energy supply shock, and a financial system that had spent the better part of the last few years congratulating itself for surviving everything else, from inflation spikes to rate hikes, banking scares, political fragmentation, and trade disputes. Somehow the machinery kept moving. Markets absorbed the shocks, volatility faded, and investors returned to doing what investors often do after a few quiet weeks: convincing themselves the danger had passed. The ECB does not appear convinced.

In this article, Norman Marks examines the findings from Gartner’s latest emerging risk survey, arguing that the growing prominence of AI-related concerns signals a meaningful shift in how enterprise leaders are thinking about operational risk, decision-making, and organizational preparedness.

The latest Financial Stability Report, published Tuesday by De Nederlandsche Bank, is nominally about financial stability in the Netherlands. It is also, whether intentionally or not, a document about systems becoming harder to fully see. The concern running through it is not merely that risks exist. Central bankers have always had risks. It is that too many risks are now colliding at once, feeding each other, accelerating each other, and moving faster than the institutions built to contain them.

A ship arrives at port during the plague years. The crew does not disembark. Nobody unloads cargo. Nobody asks for a heat map. They wait forty days. That, as Swiss GRC Day moderator Nikolai Tsenov reminded attendees in Zurich, was one of humanity’s earliest systematic attempts at risk management—quarantine.

The latest System Risk Outlook from the Australian Prudential Regulation Authority is, on paper, a reassuring document. Australia’s financial system remains strong. Banks are well capitalized. Insurers hold solid liquidity positions. Stress testing suggests the system can withstand severe shocks, including a deep global recession combined with funding stress and operational disruption.

A recent post I shared on LinkedIn on the future direction of risk management and internal audit generated a lot of discussion. Not because the ideas were particularly radical, but because many risk and internal audit professionals recognize the profession is reaching an inflection point.

A debate over heat maps was always going to draw attention at SWISS GRC DAY 2026. Not because anyone in governance genuinely loves them anymore, but because they still sit everywhere, from inside board decks, quarterly reports, audit presentations, and risk committee updates long after many organizations quietly stopped trusting them.