When JPMorgan Chase’s CISO took to the stage earlier this year and called on SaaS providers to “do better” on resilience, it wasn’t just another passing soundbite. It was a rare public signal from one of the most security-mature organizations on the planet — and the timing could not have been sharper.
Flaws in traditional enterprise risk management (ERM) and legacy internal audit (IA) practices aren’t exactly a secret. Risk registers, heat maps, and audits focused solely on internal control deficiencies may look tidy in a board report, but they rarely reflect how risk really works or how organizations actually fail.
On August 1, the European Banking Authority (EBA) dropped the results of its 2025 EU-wide stress test, a formidable what-if scenario designed to see how banks would hold up if the global economy went sideways. And not just a little sideways. We’re talking trade wars, inflationary flare-ups, crashing asset prices, and real estate meltdowns, the financial equivalent of a perfect storm.
The European Insurance and Occupational Pensions Authority (EIOPA) has published its July 2025 Risk Dashboards, and on the surface, risks across Europe’s occupational pension funds and insurance sector remain largely stable. But dig a little deeper, and a more nuanced picture emerges, one shaped by geopolitical tensions, market jitters, and persistent uncertainty.
What happens to a bank’s balance sheet when climate policy tightens and the real economy isn’t quite ready for it? That’s the kind of question Japan’s financial authorities are starting to ask more seriously, and they’ve just completed their second round of climate stress testing to try to get a clearer picture.
The UK’s newly released 2025 National Risk Assessment of Money Laundering and Terrorist Financing (NRA) marks a critical turning point in how financial crime risk is expected to be understood, assessed, and managed.
In my last article, we introduced GRC 7.0 – GRC Orchestrate, a transformative shift in how we understand Governance, Risk Management, and Compliance. This new model reimagines GRC not as a collection of isolated tools and tasks, but as an integrated, dynamic capability. One that aligns performance, integrity, and strategy across the enterprise in real time.