The benefits of agile risk management in IT projects delivered through agile methodology
Digital transformation and external digital disruption require South African financial services to deliver large IT software projects. Banks adopted new ways of working such as using an agile methodology to ensure IT Projects are delivered faster-to-market and early client involvement. The challenge is that risk management functions are not mandatorily involved before and during the execution of IT projects by the Scrum teams who deliver these IT projects, which means that other sources of risk and opportunity risks may not be identified early.
Resilience is Not Optional: Why Talent Retention Risk is the New Battleground for Strategic Leaders
The article explores talent retention risk within VUCA and BANI environments, highlighting how volatility, anxiety, and non-linearity amplify employee attrition threats. It provides risk professionals with advanced frameworks, analytics, and strategies to integrate retention risk into enterprise risk management, ensuring organisational resilience and sustainable human capital in turbulent times.
The Pulse of Change: Why Regulatory Complexity is the New Strategic Battleground
Regulatory complexity is intensifying due to rapid technological, environmental, and societal changes. Risk professionals must leverage RegTech—especially AI and blockchain—to streamline compliance, enhance resilience, and create strategic value. Success requires integrating technology, fostering compliance culture, and proactive engagement with evolving regulations and stakeholders to maintain competitive advantage.
Case Study: Transforming Regulatory Compliance Through RegTech Adoption
This case study explores how a multinational financial services firm successfully navigated escalating regulatory complexity by adopting RegTech solutions, specifically AI and blockchain technologies. The organisation transformed compliance from a cost centre into a strategic asset, enhancing resilience, efficiency, and stakeholder trust in a rapidly evolving regulatory landscape.
Invisible Intruders: AI-Generated Scams and the Evolving Role of Risk Professionals
AI-driven fraud—especially through deepfakes and voice cloning—is reshaping the threat landscape for organisations and individuals in 2025. Fraudsters can now create highly realistic audio and video imitations using just seconds of publicly available recordings, enabling scams that bypass traditional security measures and exploit human trust. Voice-based phishing is now outpacing visual deepfakes, affecting everything from executive impersonation in corporate wire fraud to emotionally manipulative family scams. The technology’s accessibility allows even non-experts to launch sophisticated attacks, democratising fraud and scaling risks across sectors.
Detection technologies often lag behind the latest deepfake techniques, necessitating adaptive, multilayered defences and continuous staff training. Common red flags—urgency, unverified contact, and emotionally charged requests—are more challenging to spot amid such realism, making independent verification and a culture of scepticism essential. As financial and reputational risks mount, a robust risk management response combining technical controls, human vigilance, and regulatory awareness is crucial for protecting trust, identity, and organisational integrity.
The NIST Cybersecurity Framework (CSF) 2.0
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved. Rather, it links to online resources that provide additional guidance on practices and controls that could be used to achieve those outcomes. This document describes CSF 2.0, its components, and some of the many ways that it can be used.
Cyber Risk in Central Banking (BIS)
The rising number of cyber attacks in the financial sector poses a threat to financial stability and makes cyber risk a key concern for policy makers. This paper presents the results of a survey among members of the Global Cyber Resilience Group on cyber risk and its challenges for central banks. The survey reveals that central banks have notably increased their cyber security-related investments since 2020, giving technical security control and resiliency priority. Central banks see phishing and social engineering as the most common methods of attack, and the potential losses from a systemically relevant cyber attack are deemed to be large, especially if the target is a big tech providing critical cloud infrastructures. Generally, respondents judge the preparedness of the financial sector for cyber attacks to be inadequate. While central banks in most emerging market economies provide a framework for the collection of information on cyber attacks on financial institutions, less than half of those in advanced economies do. Cooperation among public authorities, especially in the international context, could improve central banks’ ability to respond to cyber attacks.
Standard for Change Management and ACMP® Change Management Code of Ethics
Change is constant, but how we manage it evolves. Since its inception, the ACMP® Standard for Change Management© has been a trusted resource, guiding professionals worldwide in leading successful change. First published in 2014, the Standard was the result of a rigorous, collaborative effort that brought together over 1,100 change professionals from 57 countries, ensuring a methodology-neutral, globally relevant framework.
Directive in respect of Cybersecurity and Cyber-resilience within the National Payment System
In terms of section 10(1)(c) of the South African Reserve Bank Act 90 of 1989, as amended (SARB Act), the South African Reserve Bank (SARB) is required to perform such functions, implement such rules and procedures, and, in general, take such steps as may be necessary to establish, conduct, monitor, regulate and supervise payment, clearing and settlement systems.
Furthermore, the NPS Act provides for the management, administration, operation, regulation and supervision of payment, clearing and settlement systems in the Republic of South Africa, and for connected matters. The power to perform the functions as provided in the SARB Act and the NPS Act is performed by the National Payment System Department (NPSD) within the SARB. The SARB plays an important role in ensuring the safety, efficiency and resiliency of the national payment system (NPS).
IRMSA Risk Report – South Africa Risks 2015
The first annual Institute of Risk Management South Africa’s (IRMSA) South Africa Risks Report 2015 has been compiled within a specific context – that of a country still reeling from political and economic turmoil.
The Association of Mineworkers and Construction Union (AMCU) on 29 July 2014 announced the end of a 5-month platinum sector strike by 80,000 workers which resulted in a fall of nearly 25% in mining production. South Africa’s credit rating was downgraded by Standard & Poor’s (S&P) and Moody’s. The country’s outlook was shifted from stable to negative by Fitch Ratings, meaning that the country is a single notch away from junk status. The South African government continued to experience difficulties to meet the expectations of the population in terms of the fight against unemployment, poverty and corruption, potentially giving rise to increased social instability. The International Monetary Fund (IMF) slashed its economic growth forecast for South Africa by 0,3 percentage points to only 1,4% for 2014 and by 0,4 percentage points to 2,3% for 2015, suggesting that the sustainability of the country’s economy is under severe pressure.