Insights
Long-form thinking on the risks that matter most.
Three pillars, three bodies of work. Updated regularly as the landscape develops — and as my laboratory produces new findings.
Choose a topic
Pillar 01
Operational & Cyber Resilience
What PS7/26 means now. Why impact tolerances are still set wrong at most firms. What 150+ supervisory reviews reveal about the gap between governance and reality.
Read on resilience →Pillar 02
The Post-Quantum Transition
Don't ignore, don't panic. The harvest-now-decrypt-later threat is already underway. Cryptoagility is achievable. The realistic timeline is 2028, not 2035.
Read on quantum →Pillar 03
Trustworthy AI in Financial Services
Gartner predicts 40%+ of agentic AI projects will be cancelled. The Five Pillars framework explains why — and what the survivors do differently.
Read on AI →About these insights
The three pillars represent the areas where I spend the most time — as a regulator reviewing firms, as a practitioner building and testing systems in my own laboratory, and as an adviser helping boards navigate decisions that carry real consequences.
Each pillar page contains an evergreen primer: a substantive grounding in the topic written for a senior audience. New pieces are added as the landscape develops. Short-form reflections and reading notes live in Notes.
Everything here is my own view. It may not be shared by the Prudential Regulation Authority, the Bank of England, or any current or past employer.