The RTJ Bridge is the new premium version of The RiskTech Journal, delivering fast-moving, strategically relevant insights for risk leaders navigating today’s digital business landscape.
Designed as the link between editorial commentary and in-depth research, The RTJ Bridge offers exclusive access to:
High-frequency insight notes on market shifts, regulatory signals, and emerging technologies
Executive briefings and editorial series including “The Risk Ignored”
Strategic previews of IRM Navigator™ research, including upcoming Risk Landscape Reports
Whether you're monitoring vendor moves, tracking governance shifts, or preparing for regulatory disruption, The RTJ Bridge equips you with actionable foresight.
The RTJ Bridge - The Premium Version of The RiskTech Journal
Subscribe to get access now
The RTJ Bridge Subscription is a premier resource for executives and professionals focused on the intersection of risk management and technology. It provides subscribers with access to a curated collection of articles and expert insights designed to enhance risk management strategies through technological innovation. With its online format, The RTJ Bridge offers flexible access to critical information, helping leaders make informed decisions and stay competitive.
AuditBoard’s Connected Risk Strategy: Strategic Evolution or History Repeating Itself?
On Day Two of RSA Conference 2025, AuditBoard presented a series of announcements intended to reposition the company well beyond its audit origins. Among them, a brand refresh with a new design language, the debut of an AI governance module, and the launch of a regulatory compliance platform called RegComply. These moves suggest an ambition to reframe AuditBoard as a broader platform for managing risk—beyond audit and into what it describes as “connected risk.”
But as competitors at RSA unveil agent-powered and AI-native capabilities, AuditBoard’s expansion strategy raises an important question:
Is this a strategic evolution—or is history repeating itself?
Safe Security’s Autonomous TPRM Heralds the Start of the Autonomous IRM Era
At the RSA Conference 2025, Safe Security unveiled its new Autonomous TPRM platform, positioning it as the industry’s first fully autonomous third-party risk management solution powered by specialized AI agents.
The solution automates third-party risk assessments, continuous monitoring, and vendor lifecycle management with minimal human intervention. It promises greater scalability, speed, and consistency in managing third-party ecosystems, which have historically been plagued by fragmentation, high administrative overhead, and compliance exposure.
While Safe Security’s announcement is significant, it also signals something larger:
The risk management industry is beginning to operationalize the first phase of Autonomous Integrated Risk Management (Autonomous IRM).
When Culture Becomes a Control — How Supervisors Are Shaping the Future of Operational Risk
In regulatory circles, culture is no longer an abstract concept. It’s a measurable, reportable, and enforceable risk factor—viewed not as a soft HR issue, but as a core element of operational control. Across Australia, Europe, the UK, and the United States, financial and non-financial regulators are making it clear: the management of culture and conduct is now fundamental to operational risk oversight.
This shift is transforming the way Operational Risk Management (ORM) functions are being evaluated. Regulators are demanding not only documentation of controls but evidence that organizations understand how risk culture shapes operational performance, compliance behavior, and escalation pathways. In response, forward-looking ORM programs are moving beyond control testing and loss event tracking. They are building integrated risk intelligence systems that can monitor, measure, and adapt to the human dynamics of risk.
The Risk Ignored – Part 1, Chapter 1: The Software That Lost Its Market
It’s a metaphor older than the software industry and time itself: the emperor with no clothes. But before the emperor stood exposed, his clothes began to fray—tattered garments passed off as innovation, stitched together by marketing promises and untested assumptions. That’s the story we’re telling here, not just of the naked moment but of the unraveling that came before it.
In the early 2000s, that unraveling began with knowledge management. Later, it would continue under a new name: GRC.
The Risk of Unheard Warnings — How Suppressed Signals Trigger Operational Failures
Today, the loudest failures often follow the quietest warnings. Not because no one saw them coming—but because someone did, and the system failed to listen.
Operational risk is no longer defined solely by failures in processes, systems, or external disruptions. Increasingly, it stems from something far harder to quantify: the failure to recognize, interpret, and elevate early signals of internal misconduct, breakdowns in oversight, or cultural deterioration. These signals are often present long before a public scandal, a regulatory penalty, or a financial collapse. But too often, they go unheard.
This article examines the phenomenon of risk signal suppression—why organizations ignore the earliest warnings of operational failure, how this risk materializes inside complex institutions, and what forward-looking ORM programs must do to identify and act on weak signals before they become systemic threats.
Culture as Capital Risk — Lessons from the ANZ Breakdown
Now that intangible risks are becoming materially consequential, few cases better illustrate the price of cultural failure than the one unfolding at ANZ. In March 2025, the Australian Prudential Regulation Authority (APRA) imposed a $1 billion capital charge on the bank, citing persistent governance failures and an organizational culture that allowed misconduct to fester unchecked.
This was not a case of financial fraud or a high-profile cyber breach. It was the slow erosion of internal accountability—fueled by poor leadership, ineffective escalation channels, and a widespread underestimation of non-financial risks. As APRA Chair John Lonsdale put it, ANZ’s problems were “persistent and prevalent,” with echoes of similar issues already observed at its peer institutions.
The implications extend far beyond Australia’s banking sector. The ANZ case is a clear signal to global risk leaders: organizational culture is now a capital issue.
Culture, Conduct, and Consequences: The Operational Risk Lens on Today’s Most Dangerous Failures
Organizations are waking up to a hard truth: operational risk isn’t just about systems and controls—it’s about people, behavior, and culture. From misconduct in trading rooms to mismanaged whistleblowing programs, the failures dominating headlines today stem less from compliance gaps and more from breakdowns in cultural awareness, risk signal interpretation, and operational accountability.
As regulatory scrutiny intensifies and stakeholder expectations evolve, organizations must move beyond the traditional confines of Governance, Risk, and Compliance (GRC). They must build Operational Risk Management (ORM) programs that are equipped to detect, interpret, and act on cultural and conduct risks as core components of enterprise risk. This editorial series, Culture, Conduct, and Consequences, explores how non-financial risks—when left unmanaged—become operational failures. It sets the stage for the 2025 IRM Navigator™ ORM Report, to be published this June, and offers risk leaders a new lens for navigating the next era of operational resilience. all begins with an idea.