Risk & Resilience

The Malta Financial Services Authority (MFSA) has issued a pointed warning to financial institutions, urging boards and senior management to treat business resilience as a strategic imperative rather than a compliance formality. The directive, delivered in a Dear CEO Letter on October 3, follows a sector-wide Thematic Exercise that uncovered significant weaknesses in resilience planning, financial forecasting, and risk management.

Bank of England Governor Andrew Bailey has sounded a warning shot over efforts to roll back financial regulation in the name of boosting growth, cautioning that the risks of deregulation could lead to history repeating itself, according to a recent report.

Germany’s financial watchdog BaFin has released its second supervisory statement on the EU’s Digital Operational Resilience Act (DORA), offering guidance to financial entities eligible for simplified requirements on ICT risk and third-party risk management.

The Federal Energy Regulatory Commission (FERC) has been busy. In just two weeks, the agency authorized natural gas expansions in Pennsylvania, issued hydropower licenses across New Hampshire and Minnesota, advanced LNG projects along the Gulf Coast, and sharpened cybersecurity rules for the bulk power system — all while defending its decisions in court and auditing some of the nation’s largest utilities.

In an era defined by disruption, resilience is no longer a side conversation in boardrooms, it is the conversation. Cyber incidents, technology outages, geopolitical instability, and supply chain fragility are not “if” events; they are “when” events. Regulators, investors, and customers all demand that you show us not only that you can take the hit, but that you can recover, adapt, and continue to deliver.

The Malta Financial Services Authority (MFSA) has flagged weaknesses in how management companies overseeing Alternative Investment Funds (AIFs) and UCITS handle their investment management responsibilities and liquidity risk controls. The findings, published September 24 following a thematic review, were communicated in a “Dear CEO Letter” that set out the regulator’s expectations for improvements across governance, oversight, and integration of liquidity considerations.

In a recent social media post, I laid out what I see as the joint purpose of risk groups and internal audit. The response reinforced what I’ve long believed—that governance works best when accountability is simple, logical, and aligned with fiduciary duty.