Risk & Resilience

Amid signs of a fragile recovery, Finland’s financial watchdog is warning that stability could be at risk if aggressive global power politics, mounting geopolitical tensions, and a slower-than-expected economic rebound persist. While the financial system remains stable for now, the Financial Supervisory Authority (FIN-FSA) and the Bank of Finland urge increased resilience measures and macro-prudential reforms to brace for what may come.

In a previous article I wrote, The “R” in GRC: What Risk Management Software Should Really Deliver, I discussed the challenges many organizations face with risk management technology—how too often, what’s marketed as “risk management” software falls short, becoming little more than digital filing cabinets that serve bureaucratic needs instead of strategic decision-making. While many risk modules excel at routing forms, assigning tasks, and storing data, they fail to provide the kind of insight necessary for meaningful risk management.

In an address to industry leaders at the 2025 AFIA Risk Summit, Chris Gower, Executive Director of Cross-industry Risk at the Australian Prudential Regulation Authority (APRA), outlined the increasing need for financial institutions to bolster their operational resilience in response to an evolving geopolitical landscape. Drawing a compelling parallel to the "1991 Perfect Storm," Gower described how three converging risks (technology dependence, third-party vulnerabilities, and geopolitical volatility) are creating challenges that could shake the financial system’s stability.

The European Banking Authority (EBA) has just published three new technical standards that will reshape how banks calculate and report operational risk capital. These updates are part of the ongoing EU Banking Package, and they aim to streamline processes, reduce costs, and improve overall transparency for both institutions and regulators alike.

In this article, Graeme Keith dives into the limitations of traditional risk matrices and presents an alternative approach to risk management. By exploring the need for a model that better aligns with real-world decision-making, Keith highlights the shortcomings of compliance-driven exercises and offers a framework that allows businesses to better assess and prioritize risks across the enterprise.

In a year shaped by war, elections, cyber threats, and the steady march of artificial intelligence, the European Insurance and Occupational Pensions Authority (EIOPA) didn’t just keep pace but it stayed focused. Its newly released 2024 Annual Report tells the story of a regulator under pressure, facing a storm of digital, political, and economic disruption, yet managing to deliver across a wide policy front.

In Graeme Keith's latest article, he explores the limitations of heat maps in risk assessment and why quantitative risk analysis is essential for effective Enterprise Risk Management (ERM). By using two hypothetical risk scenarios, Keith highlights the significant gaps in traditional risk matrices and advocates for a more rational, analytical approach to risk prioritization and aggregation. Through his analysis, he emphasizes the need for a deeper understanding of risk impacts, beyond surface-level assessments.