Risk & Resilience

In this article, Graeme Keith explores how enterprise leaders can move beyond traditional risk matrices and adopt a simple, quantitative approach to modeling operational risk across complex organizations. By breaking down how to structure uncertainties, estimate losses, align assessments with decision-making, and aggregate risks into meaningful enterprise-wide insights, he illustrates how even basic quantitative inputs can transform the usefulness and credibility of enterprise risk management programs.

The European Supervisory Authorities have taken a step in bringing the Digital Operational Resilience Act to life, unveiling the first set of technology firms that will fall under direct EU oversight for the stability of the financial system. The designations set the formal launch of DORA’s supervision regime for critical ICT third-party providers.

SAI360’s latest white paper uses the January 31, 2025 Barclays outage as a clear reminder that digital service failures can rapidly escalate into financial disruption and lasting reputational harm

Political events beyond a company’s control—such as sudden regime changes, civil unrest, or expropriation—can pose serious financial threats, impacting revenues, assets, operations, and contractual obligations. Political risk insurance exists to shield businesses from exactly these uncertainties. By transferring the potential economic fallout to an insurer, companies safeguard themselves against the full brunt of a crisis, preserving financial stability even when unforeseeable disruptions occur.

The Netherlands Authority for the Financial Markets is sounding the alarm on what it calls a “treacherous” sense of calm across global markets. In its Trend Monitor 2026 report and a separate deep dive on scenario thinking, the regulator warns that the stability seen in recent years is resting on an uneasy balance that could tip with little warning.

In my last piece, The Inevitability of Failure, I wrote about something most leaders quietly know but rarely say out loud—failure isn’t an interruption of the journey, it is the terrain. That article opened the door to a conversation I’ve been having with myself for decades, long before GRC became my lens for understanding how organizations move through uncertainty.

Portugal’s Insurance and Pension Funds Supervisory Authority (ASF) has approved its updated Corruption and Related Offenses Risk Prevention Plan for 2025, the latest step in the agency’s effort to strengthen internal governance and reinforce public confidence in the supervision of Portugal’s insurance and pension fund sectors.