Risk & Resilience

In a previous article I wrote, The “R” in GRC: What Risk Management Software Should Really Deliver, I discussed the challenges many organizations face with risk management technology—how too often, what’s marketed as “risk management” software falls short, becoming little more than digital filing cabinets that serve bureaucratic needs instead of strategic decision-making. While many risk modules excel at routing forms, assigning tasks, and storing data, they fail to provide the kind of insight necessary for meaningful risk management.

In an address to industry leaders at the 2025 AFIA Risk Summit, Chris Gower, Executive Director of Cross-industry Risk at the Australian Prudential Regulation Authority (APRA), outlined the increasing need for financial institutions to bolster their operational resilience in response to an evolving geopolitical landscape. Drawing a compelling parallel to the "1991 Perfect Storm," Gower described how three converging risks (technology dependence, third-party vulnerabilities, and geopolitical volatility) are creating challenges that could shake the financial system’s stability.

The European Banking Authority (EBA) has just published three new technical standards that will reshape how banks calculate and report operational risk capital. These updates are part of the ongoing EU Banking Package, and they aim to streamline processes, reduce costs, and improve overall transparency for both institutions and regulators alike.

In this article, Graeme Keith dives into the limitations of traditional risk matrices and presents an alternative approach to risk management. By exploring the need for a model that better aligns with real-world decision-making, Keith highlights the shortcomings of compliance-driven exercises and offers a framework that allows businesses to better assess and prioritize risks across the enterprise.

In a year shaped by war, elections, cyber threats, and the steady march of artificial intelligence, the European Insurance and Occupational Pensions Authority (EIOPA) didn’t just keep pace but it stayed focused. Its newly released 2024 Annual Report tells the story of a regulator under pressure, facing a storm of digital, political, and economic disruption, yet managing to deliver across a wide policy front.

In Graeme Keith's latest article, he explores the limitations of heat maps in risk assessment and why quantitative risk analysis is essential for effective Enterprise Risk Management (ERM). By using two hypothetical risk scenarios, Keith highlights the significant gaps in traditional risk matrices and advocates for a more rational, analytical approach to risk prioritization and aggregation. Through his analysis, he emphasizes the need for a deeper understanding of risk impacts, beyond surface-level assessments.

As the global economy continues to navigate the aftershocks of Russia's invasion of Ukraine and the global trade war, Norway's financial system remains relatively stable but not without challenges. Despite moderate growth over the past two years, the Norwegian economy is confronting mounting uncertainties. Inflation and interest rate hikes have presented significant challenges, while high household debt and property price imbalances continue to pose risks to the financial sector.