St Georges Strategy
Abstract navy horizon-scan graphic with signal markers, representing regulatory and market monitoring

Weekly risk intelligence for financial-services leaders

The Virtual Officer, from St Georges Strategy

What changed, why it matters, what to ask for next

Public signals, regulatory movement, and technology developments turned into executive judgement, board questions, and evidence to ask for. Built for senior risk, compliance, resilience, technology, and AI governance leaders in regulated financial services — for committee prep, horizon scanning, and control challenge.

1thing to care about
5top weekly signals
8signal streams tracked
2dated editions archived
AI Operational resilience Third-party risk Market structure Financial crime Cyber Technology failure Data

Who this is for

Built for the people who own the risk

Senior risk, compliance, resilience, technology, and AI governance leaders in regulated financial services who need a weekly view of what matters, what is coming, and what evidence to ask for.

Chief Risk Officer Chief Operating Officer Chief Compliance Officer Head of Operational Risk CISO AI governance lead Resilience lead

This week in three lines

The judgement, the question, and the ask

Regulators landed on both sides of the AI risk story in the same week. This is the shortest possible version of what that means for a committee pack.

The judgement
Firms need one evidence base that shows AI is authorised, bounded, observable, reversible, and accountable for customer outcomes — and resilient against AI-accelerated attack.
The board question
Can we stop an agent quickly, prove why it acted, and show who owned the decision?
What to ask for
Inventory, permissions, kill switch, fallback, and rehearsed escalation — not just a policy document.

Use it for

Built to be used, not just read

Every part of The Virtual Officer is meant to travel somewhere specific: a committee pack, a governance forum, or a challenge session with a service owner.

Committee prep

Use this before your weekly risk committee

One judgement, five ranked signals, and a board question built to travel straight into the pack.

Horizon scanning

Give the three questions to service owners

Consultation and deadline dates, each with an owner prompt attached before the window closes.

Control challenge

Ask for the permission map, not just the policy

Every signal resolves into a testable question a firm can put to an accountable owner.

Evidence planning

Turn each deadline into an owner and a decision

Reg Horizon connects dates to the evidence trail that should exist before they close.

Latest brief / Week of 6 Jul 2026

Regulators land on both sides of the AI risk story

The FCA's first review of AI in retail financial services and the ESAs' warning on systemic cyber risk from frontier AI models arrived days apart. Firms need one evidence base that covers both conduct outcomes and cyber resilience.

  1. 01

    FCA's first AI review puts retail outcomes and agentic control on the same page

    AI governance / FCA, 6 Jul
  2. 02

    Frontier AI models are now a declared systemic cyber risk, say the ESAs and ESRB

    Cyber / EBA-ESMA-EIOPA, 7 Jul
  3. 03

    OFSI's largest-ever circumvention penalty resets sanctions control expectations

    Financial crime / OFSI, 17 Jun
  4. 04

    Bank of England's July Financial Stability Report resets the resilience and market baseline

    Resilience / Market structure / BoE, 7 Jul
  5. 05

    A new UK legal duty on data protection complaints takes effect

    Data / ICO, 23 Jun

Signals library

Eight streams, ranked and source-backed

Each stream carries a Top 5 shortlist and five more source-backed rows, with control prompts for the questions worth testing internally.

Reg Horizon

What is coming, and who needs to own it

A weekly public-source scan of deadlines and consultations, turned into an owner prompt before the date arrives.

Why trust it

Source discipline, archived judgement, two decades of practice

The credibility comes from explicit judgement, not automation: primary sources are preferred, secondary reporting is labelled, and every issue is archived so the reasoning stays checkable.

Source discipline

Official sources first, secondary reporting labelled

Regulators, central banks, and standard setters are preferred; press and specialist reporting are marked as monitoring signal, not settled fact.

Archived judgement

Every issue is dated and kept

The weekly brief, the eight signal streams, and Reg Horizon are all preserved so a reader can trace how the judgement changed over time.

Ben's experience

Two decades in risk, compliance, and governance

Written by Ben St Georges, drawing on operational risk, audit, and governance leadership across financial institutions in Paris, Hong Kong, Tokyo, Montreal, and London.

Explore

The intelligence library

Move from the current weekly issue into forward-looking regulatory dates, ready-made committee questions, and the dated archive.