Risk & Resilience

In a recent GRC Report piece, Risk Is Our Business: Why the GRC Market of 2030 Will Look Nothing Like Today, I argued that the governance, risk, and compliance market is not heading into another cycle of incremental change, but a structural break. The core claim was that risk has outgrown the architectures, assumptions, and mental models most GRC platforms and programs still rely on, and AI bolted onto legacy thinking will not save them.

Norway’s financial system remains resilient heading into 2026, but beneath the strength sit familiar and growing fault lines. That’s what Finanstilsynet’s latest Risk Outlook is telling us, which shows that high household debt, stretched property values, and global instability are still Norway’s biggest vulnerabilities.

‍The European Commission said it has formally acknowledged Meta’s commitment to introduce a clearer, more meaningful decision point for Facebook and Instagram users across the EU. Beginning in January 2026, people will be offered two distinct paths—continue sharing their full data footprint for highly tailored advertising, or opt for a version of the apps that relies on less personal information and delivers more limited ad personalization.

The Bank of England’s Prudential Regulation Authority has issued a refreshed set of expectations for how banks and insurers manage climate-related risks, a big shift from early awareness-building to full integration in risk processes.

The European Commission has updated its list of high-risk jurisdictions that pose strategic threats to the integrity of the EU financial system due to shortcomings in anti-money laundering and counter-terrorist financing (AML/CFT) regimes. Bolivia and the British Virgin Islands are the latest to join the list, meaning banks and other EU-regulated entities must apply enhanced vigilance to any dealings connected to those jurisdictions.

Southern Phone is facing tough scrutiny after paying US $1,607,600 (AUD 2,500,560) in penalties, the highest fine the Australian Communications and Media Authority has ever issued for this type of failure, for giving scammers an easy path to take over customers’ mobile numbers.

Social media crises sparked by negative content, customer complaints, or high-profile scandals can spread almost instantaneously across platforms such as Twitter, Instagram, TikTok, and Facebook. Unlike traditional public relations challenges, these crises escalate at viral speed, reaching millions within hours and leaving little time for brands to respond.