GRC Report Staff

The latest Financial Stability Report, published Tuesday by De Nederlandsche Bank, is nominally about financial stability in the Netherlands. It is also, whether intentionally or not, a document about systems becoming harder to fully see. The concern running through it is not merely that risks exist. Central bankers have always had risks. It is that too many risks are now colliding at once, feeding each other, accelerating each other, and moving faster than the institutions built to contain them.

Buried inside the New Zealand Financial Markets Authority's latest review of New Zealand’s climate disclosure regime is a fairly direct message to companies that have gotten comfortable speaking in broad climate abstractions. The easy part was learning the vocabulary. The harder part is explaining, in plain terms, what actually gets damaged, where, and how badly.

New York State Department of Financial Services Acting Superintendent Kaitlin Asrow issued new guidance advising regulated entities on the kinds of cybersecurity measures they should consider when threat conditions materially worsen. The department pointed specifically to geopolitical instability and the release of frontier AI models as examples of developments that can rapidly change the threat landscape and justify stronger defensive measures.

A ship arrives at port during the plague years. The crew does not disembark. Nobody unloads cargo. Nobody asks for a heat map. They wait forty days. That, as Swiss GRC Day moderator Nikolai Tsenov reminded attendees in Zurich, was one of humanity’s earliest systematic attempts at risk management—quarantine.

Hong Kong’s market regulator laid out a blunt assessment of what it found while reviewing the account opening practices of 12 securities brokers. Some firms accepted questionable or forged documents during onboarding. Some performed inadequate due diligence on account opening materials. Others showed weaknesses in the way they handled cross-border correspondent relationships with overseas intermediaries. The regulator’s language became noticeably sharper when discussing the misuse of investment accounts for suspicious or illicit transactions and the corresponding rise in money laundering and terrorist financing risks.

The European Commission has published its third annual report on the implementation of the Digital Markets Act (DMA), outlining a year marked by enforcement actions, expanding investigations, and continued efforts to shape competition rules for some of the world’s largest digital platforms.

The latest System Risk Outlook from the Australian Prudential Regulation Authority is, on paper, a reassuring document. Australia’s financial system remains strong. Banks are well capitalized. Insurers hold solid liquidity positions. Stress testing suggests the system can withstand severe shocks, including a deep global recession combined with funding stress and operational disruption.