Risk & Resilience

On October 3, 2024, American Water, the largest regulated water and wastewater utility in the U.S., fell victim to a cybersecurity breach that has since drawn attention to the broader risks facing critical infrastructure sectors. Serving over 14 million individuals across 14 states, American Water’s systems were infiltrated, forcing the company to disconnect key services and pause customer billing as part of their containment strategy.

In response to the devastation caused by Hurricane Milton, the Office of the Comptroller of the Currency (OCC), along with the Federal Deposit Insurance Corporation (FDIC), Federal Reserve Board, Florida Office of Financial Regulation, and the National Credit Union Administration (NCUA), has issued comprehensive guidance aimed at supporting financial institutions. While this is a collaborative interagency effort, the OCC's involvement is particularly critical for national banks and federal savings associations. This article delves into the OCC’s guidance and examines its implications for compliance and risk management in the aftermath of the hurricane.

In a modern era marked by rapid technological advancement and global uncertainty, organizations worldwide are grappling with an increasingly complex risk landscape. The Risk in Focus 2025 report, a comprehensive study based on surveys conducted by the Internal Audit Foundation and the European Confederation of Institutes of Internal Auditing (ECIIA), sheds light on the current and future risk priorities of businesses across the globe.

European financial regulators have issued a formal opinion challenging the European Commission's (EC) recent rejection of proposed technical standards under the Digital Operational Resilience Act (DORA). This dispute highlights the complexities in implementing digital resilience measures across the European Union's financial sector.

The European Supervisory Authorities (ESAs) - comprising the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA) - have announced the appointment of Marc Andries as the Director for DORA joint oversight. This appointment marks a significant step in implementing the Digital Operational Resilience Act (DORA), a key regulation aimed at strengthening the IT security and resilience of the European financial sector.

The Dutch Authority for the Financial Markets (AFM) has released its fifth update on the Digital Operational Resilience Act (DORA), providing critical guidance on the testing of digital operational resilience for financial firms. Since its implementation in January 2023, DORA aims to fortify financial organizations against IT risks, ensuring they are better equipped to withstand cyber threats and maintain operational continuity.

The German Federal Financial Supervisory Authority (BaFin) has issued new guidance notes aimed at helping banks and insurers transition to the requirements set forth by the Digital Operational Resilience Act (DORA). Set to take effect from January 17, 2025, DORA introduces a comprehensive framework for managing ICT risks and third-party risks, marking a significant shift from the existing supervisory frameworks.