The Pulse of Change: Why Regulatory Complexity is the New Strategic Battleground
Regulatory complexity is intensifying due to rapid technological, environmental, and societal changes. Risk professionals must leverage RegTech—especially AI and blockchain—to streamline compliance, enhance resilience, and create strategic value. Success requires integrating technology, fostering compliance culture, and proactive engagement with evolving regulations and stakeholders to maintain competitive advantage.
Case Study: Transforming Regulatory Compliance Through RegTech Adoption
This case study explores how a multinational financial services firm successfully navigated escalating regulatory complexity by adopting RegTech solutions, specifically AI and blockchain technologies. The organisation transformed compliance from a cost centre into a strategic asset, enhancing resilience, efficiency, and stakeholder trust in a rapidly evolving regulatory landscape.
Invisible Intruders: AI-Generated Scams and the Evolving Role of Risk Professionals
AI-driven fraud—especially through deepfakes and voice cloning—is reshaping the threat landscape for organisations and individuals in 2025. Fraudsters can now create highly realistic audio and video imitations using just seconds of publicly available recordings, enabling scams that bypass traditional security measures and exploit human trust. Voice-based phishing is now outpacing visual deepfakes, affecting everything from executive impersonation in corporate wire fraud to emotionally manipulative family scams. The technology’s accessibility allows even non-experts to launch sophisticated attacks, democratising fraud and scaling risks across sectors.
Detection technologies often lag behind the latest deepfake techniques, necessitating adaptive, multilayered defences and continuous staff training. Common red flags—urgency, unverified contact, and emotionally charged requests—are more challenging to spot amid such realism, making independent verification and a culture of scepticism essential. As financial and reputational risks mount, a robust risk management response combining technical controls, human vigilance, and regulatory awareness is crucial for protecting trust, identity, and organisational integrity.
The NIST Cybersecurity Framework (CSF) 2.0
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved. Rather, it links to online resources that provide additional guidance on practices and controls that could be used to achieve those outcomes. This document describes CSF 2.0, its components, and some of the many ways that it can be used.
Cyber Risk in Central Banking (BIS)
The rising number of cyber attacks in the financial sector poses a threat to financial stability and makes cyber risk a key concern for policy makers. This paper presents the results of a survey among members of the Global Cyber Resilience Group on cyber risk and its challenges for central banks. The survey reveals that central banks have notably increased their cyber security-related investments since 2020, giving technical security control and resiliency priority. Central banks see phishing and social engineering as the most common methods of attack, and the potential losses from a systemically relevant cyber attack are deemed to be large, especially if the target is a big tech providing critical cloud infrastructures. Generally, respondents judge the preparedness of the financial sector for cyber attacks to be inadequate. While central banks in most emerging market economies provide a framework for the collection of information on cyber attacks on financial institutions, less than half of those in advanced economies do. Cooperation among public authorities, especially in the international context, could improve central banks’ ability to respond to cyber attacks.
Standard for Change Management and ACMP® Change Management Code of Ethics
Change is constant, but how we manage it evolves. Since its inception, the ACMP® Standard for Change Management© has been a trusted resource, guiding professionals worldwide in leading successful change. First published in 2014, the Standard was the result of a rigorous, collaborative effort that brought together over 1,100 change professionals from 57 countries, ensuring a methodology-neutral, globally relevant framework.
Directive in respect of Cybersecurity and Cyber-resilience within the National Payment System
In terms of section 10(1)(c) of the South African Reserve Bank Act 90 of 1989, as amended (SARB Act), the South African Reserve Bank (SARB) is required to perform such functions, implement such rules and procedures, and, in general, take such steps as may be necessary to establish, conduct, monitor, regulate and supervise payment, clearing and settlement systems.
Furthermore, the NPS Act provides for the management, administration, operation, regulation and supervision of payment, clearing and settlement systems in the Republic of South Africa, and for connected matters. The power to perform the functions as provided in the SARB Act and the NPS Act is performed by the National Payment System Department (NPSD) within the SARB. The SARB plays an important role in ensuring the safety, efficiency and resiliency of the national payment system (NPS).
IRMSA Risk Report – South Africa Risks 2015
The first annual Institute of Risk Management South Africa’s (IRMSA) South Africa Risks Report 2015 has been compiled within a specific context – that of a country still reeling from political and economic turmoil.
The Association of Mineworkers and Construction Union (AMCU) on 29 July 2014 announced the end of a 5-month platinum sector strike by 80,000 workers which resulted in a fall of nearly 25% in mining production. South Africa’s credit rating was downgraded by Standard & Poor’s (S&P) and Moody’s. The country’s outlook was shifted from stable to negative by Fitch Ratings, meaning that the country is a single notch away from junk status. The South African government continued to experience difficulties to meet the expectations of the population in terms of the fight against unemployment, poverty and corruption, potentially giving rise to increased social instability. The International Monetary Fund (IMF) slashed its economic growth forecast for South Africa by 0,3 percentage points to only 1,4% for 2014 and by 0,4 percentage points to 2,3% for 2015, suggesting that the sustainability of the country’s economy is under severe pressure.
IRMSA Risk Report – South Africa Risks 2016
The second edition of the IRMSA South Africa Risks Report is presented during a volatile period in the country’s development, highlighted by Fitch, Standard & Poor’s and Moody’s all lowering their outlook on South Africa’s credit rating to essentially one notch above junk status in December 2015, the rand trading at its worst-ever levels against the pound and the dollar in nominal terms in the same month, Pravin Gordhan being named the third finance minister in less than a week, and widespread public protests. These and other events are occurring as South Africa grapples with the worst drought to hit the country in decades.
IRMSA Risk Report – South Africa Risks 2017
The third edition of the IRMSA South Africa Risks Report is presented at a time of profound change. The populist anti-globalization wave that produced majority votes for Donald Trump in the United States and for Brexit in the United Kingdom is the consequence of the “anti-establishment” flag that has been raising its head around the world. This flag has been discussed by Clem Sunter and Dr Chantell Ilbury at the IRMSA Risk Report launches over the past two years and represents the growing lack of faith in professional politicians in America, Britain, Europe, Australia and many other countries. Trends and events of this nature remind us that South Africa and organisations operating within its borders are exposed to a myriad of external threats and opportunities, beyond those that are solely internally driven. South Africa’s risk landscape has been equally, or perhaps even more, volatile than the global environment during 2016.