Perspectives on operational risk management, regulatory change, and the future of the risk profession in Australian financial services.
Most operational risk frameworks are built around risk categories and taxonomies. They produce registers, heat maps, and quarterly reports. They satisfy audit requirements and keep regulators comfortable. But they have almost no impact on how the business actually manages risk day to day.
Read more →APRA's CPS 230 has been in force since July 2025. There has been a lot of activity: new forms, new registers, new reporting lines. But did we reorganise around critical operations, or shoehorn extra requirements into existing processes?
Read more →For two decades, the operational risk profession has been built around frameworks. Understanding Basel, maintaining the risk taxonomy, producing the quarterly board report. That foundation matters, but it is no longer enough.
Read more →Scam prevention in Australian financial services has moved from a reputational concern to a regulatory imperative. The mandatory scam prevention obligations mean organisations need adaptive control frameworks: process-based assessments that update rapidly.
Read more →A conversation is the best place to start. An honest discussion about where you are and where you want to be.
Start a conversation →