Information security
Half of banks use scenarios to set third-party Pillar 2 capital
Risk Benchmarking study finds resilience risk less widely covered than cyber and IT disruption, but more formalised where scenarios exist
Top 10 op risks: Playing catch-up on geopolitical risk
Op risk managers downplayed prospect of a major conflict ahead of Iran war
Top 10 operational risks for 2026
Industry shares intel on biggest collective threats, as well as remedies and loss gauges
Top 10 op risks 2026: Cyber stays top, AI risk enters at fifth
Third-party and outsourcing risk climbs to third; fraud and fincrime edge out geopolitical risk
Cyber insurance premiums dropped unexpectedly in 2025
Competition among carriers drives down premiums, despite increasing frequency and severity of attacks
How conflict sharpened Israel’s role in cyber security
Recent growth in offshoring of infosec comes despite regulatory focus on supply-chain resilience
Global banks ‘hassled’ by China’s mystery data rules
Some firms left in the dark as new guidance on exporting data overseas is distributed bilaterally
Op risk data: For Yes Bank, no mercy over insider fraud
Also: Cracking Brazil’s Pix hacks, Macquarie fund fumble, and taxing time for Crédit Agricole. Data by ORX News
Invite us to your cyber war games, Finra urges members
Risk Live North America: Regulators and broker-dealers would benefit if watchdogs had a seat at the table during these exercises, says senior Finra exec
Most banks add ERM heads – but CROs keep control
Hiring tilts towards AI, cyber and model risk as enterprise risk’s remit grows faster than its reach
Banks curb frequency of GRC vendor reviews
Data shows drop in plans to pitch or switch vendors, amid tighter third-party rules – but TPRM bucks the trend
In more than 90% of banks, second line tackles cyber risk
But some regulators would still like to see more 2 LoD risk staffing for infosec and IT disruption
Almost all banks mandate cyber security training
And unlike other risks, information security coaching moves the internal confidence dial
Regional banks favour scenario analysis over op risk modelling
Domestic and smaller regional players favour scenarios to gauge tail exposure; G-Sibs stick to modelling, for now
Regulators zero in on third-party risk, resilience
In latest survey, 35% of banks say watchdogs have “significantly increased” focus on third-party risk, with reports of arduous inspections and growing resource strain
More than one-quarter of banks overhaul third-party KRIs
Op Risk Benchmarking data shows more flux – and less confidence – in indicators tracking vendors versus other risks
Risk appetite breaches test development banks
MDBs also more likely to change services or strategy to reduce risk exposure, survey shows
Glass houses: US agencies urged to shore up cyber defences
Email hack at OCC raises concerns over more widespread frailty at regulators
Algos shrugged: AI uptake still lagging in bank op risk
Risk managers acknowledge transformative potential of artificial intelligence – most, from a safe distance
People: Rustad to head SwapClear, Kimmel exits Citadel, and more
Latest job changes across the industry
SEC faces debate over possible cull of cyber security rules
Lobby groups pushing for regulator to roll back disclosures, but investors take a different view