Cyber risk
Top 10 op risks: Playing catch-up on geopolitical risk
Op risk managers downplayed prospect of a major conflict ahead of Iran war
Deutsche Bank CRO’s year of living dangerously
Marcus Chromik explains his approach to geopolitical risk, operational resilience and AI adoption
Iosco chief talks cyber, AI and clearing
Buenaventura discusses Iosco’s role in aiding market resilience and cross-border co-operation
EU clearing houses pressured to diversify cloud vendors
CROs and regulators see tech concentration risk as a barrier to operational resilience
Esma won’t soften regulatory expectations for cloud and AI
CCP supervisory chair signals heightened scrutiny of third-party risk and operational resilience
Repo market exposed to $100 billion-plus cyber tail risk, OFR warns
Concentration and time-of-day vulnerabilities amplify impact of extreme outcomes
Cyber insurance premiums dropped unexpectedly in 2025
Competition among carriers drives down premiums, despite increasing frequency and severity of attacks
Artificial intelligence in password-less authentication: bridging the gap between security and transparency
This paper investigates the role played by artificial intelligence in the adoption of password-less authentication in India, providing insights for policy makers, information technology developers and digital service providers.
EBA supports global op risk taxonomy, but it won’t happen soon
New EU framework designed to ease adoption by banks; other jurisdictions have different priorities
New EBA taxonomy could help integrate emerging op risks
Extra loss flags will allow banks to track transversal risks like geopolitics and AI, say experts
Improving data for managing cyber risk and building resilience
The authors investigate current and proposed cyber risk reporting requirement and describe the data gaps that remain before discussing how a better and harmonized cyber incident data collection rule could improve cybersecurity.
Risk managers question US reach of Dora third-party list
Some EU subsidiaries included, but regulator control over cloud providers could still be limited
EU single portal faces battle to unify cyber incident reporting
Digital omnibus package accused of lacking ambition to truly streamline notification requirements
Treasury market urged to beef up operational resilience plans
NY Fed panel warns about impact of AI and reliance on critical third parties
How conflict sharpened Israel’s role in cyber security
Recent growth in offshoring of infosec comes despite regulatory focus on supply-chain resilience
Op risk data: For Yes Bank, no mercy over insider fraud
Also: Cracking Brazil’s Pix hacks, Macquarie fund fumble, and taxing time for Crédit Agricole. Data by ORX News
Quantum-readiness for the financial system: a road map
This paper provides a framework to support the financial system in the transition to quantum-safe cryptographic infrastructures, emphasising the need to start the transition today.
Cyber risk triggers alarm bells for credit portfolio managers
Attack on Jaguar Land Rover highlights difficulties modelling unpredictable impact of outages
First line of defence dominates third-party risk management
1LoD survey finds 86% of control functions think they have sole responsibility for vendors
Op risk data: 1MDB scandal still haunts Wall Street
Also: Woodford in hot water, Salesforce voice phishing hooks multiple firms. Data by ORX News
Dora delay leaves EU banks fighting for their audit rights
Regulation requires firms to expand scrutiny of critical vendors that haven’t yet been identified