In connection with risk I have been thinking a fair bit about Canada and the TD Bank money laundering scandal, which I covered for GRIP earlier in the year and, which I found astounding.

This is perhaps granular, but I do think we might see stronger investigation, enforcement and guidance by Canada’s financial regulator FINTRAC, spurred by the massive TD Bank money laundering scandal.

FINTRAC fined TD $9.2m for its role in the scandal – a paltry sum compared to the combined $3 billion+ in fines delivered by US agencies.

As one former FINTRAC official said: “it’s time we took off the kid gloves.”

Might it be too much to hope that this “taking off the gloves” approach could be replicated by other regulators around the world (I note with interest the ongoing bribery case of Trafigura in Switzerland for example).

Most of the risks we see in 2025 will be many of the ones we have grappled with for the last three, six or 10 years, depending on the risk type.

Cybersecurity risk cannot be understated. Just as the criminals are getting better at their craft and using the stolen data, there are higher expectations on the part of regulators, investors, consumers, employees and every stakeholder imaginable that companies are responsible for having the right level of cyber resiliency to confront these threats. That’s a tall order, but it has never been more important for compliance officers to work closely with their colleagues to adapt to emerging trends and ensure the company has a tested, adaptable, and comprehensive cyber resiliency plan in place.

Third-party risk management forms the backbone of a company’s ability to prevent some financial crimes like bribery, institute supply-chain resiliency, and protect data. But getting it wrong (such as having an over-reliance on certain ones) can lead to considerable lapses in operational capabilities.

And then there is this bedrock risk item: Not doing what you say you’re doing. You have a policy to retain business-related emails and text messages. You have a policy to review all incoming export ledgers through specific technology and with certain human reviewers signing off. You have a policy on how often your training on foreign bribery should occur. Use them, review them at least annually, and update them as needed.

“Time and again, we see firms that have good policies, but fall short on implementation,” former Director of Enforcement at the SEC, Gurbir Grewal, said last year.

So I will go out on a limb here and suggest that worrying about risk too much can lead to inertia.

It seems to me that one of the reasons why US businesses generally have an advantage over those in Europe and the UK is not only their ability to scale as a result of a large population and middle class, but also because of their attitude to risk.

Americans are more willing to accept the reality that doing means taking risk. And that it is likely that risk that we could not predict or have any control over will materialize and will lead to failure and bankruptcy. But that this is not the end of the story.

While it is important to mitigate risks, and important to have a good risk management function in place, all too often the claimed avoidance of risk simply becomes an excuse for inaction and dithering.

And this is particularly true because we live in an era that seems full of risks.

So my prediction is that the organizations and countries that do well next year will be those who do not get caught up in the narrative and cacophony centered on risk, but instead focus on their mission – the goals, objectives and things that need to be done instead.

I wanted to tackle this more specifically from a communications monitoring perspective, where the newer risks which social media presents will need to be included within risk assessments.

This will include but not be limited to: use as another (non-approved?) comms channel; finfluencers; rumor spreading including fake news (on market impact); etc.

Presently the market is divided in terms of coverage for recordkeeping and surveillance and while some data privacy issues will hamper progress, capture of all social media for in scope employees feels like the probable direction of travel.

In a world that is becoming increasingly polarized along geopolitical and geoeconomic lines, the global financial industry and the systems that help run it are exposed to a variety of threats.

Political decisions, and reactions to those decisions, could seriously affect global trade, tariffs, crypto, fintech and other sectors.

Geopolitical risk and risk stemming from sudden shifts in policy are therefore the ones to watch most carefully in 2025.

Risk management will start to adapt to new and emerging risks in a way that will make previous traditional approaches obsolete and will mean that some will not cope with the new environment and might end up suffering fatal outcomes.

Also, inflation will remain as a dark shadow on the world economy and its fate will be at the mercy of fiscal policy in the US where debt and borrowing might expand to alarming levels.