Skip to content
Horizon Scanner
Book a demo

For whom

Head of Risk / CRO

Keep the prudential framework current without a change slipping through: Solvency II, ICAAP/SREP, model risk, AI-Act pricing and climate risk monitored in parallel — every new RTS, guideline and review stage classified and routed to the right risk function on the day it is published.

As of:

Your reality

You own the risk framework of a financial institution — for insurers ORSA, SCR and the Solvency II review; for banks ICAAP, SREP and the P2R/P2G calibration; plus model risk, the new AI-Act overlay on pricing and underwriting models, the ICT risk from DORA, and climate risk from CSRD/SFDR. Each of these pillars hangs on regulatory inputs that change continuously. Calibrate the framework against an outdated RTS and it is exposed in the next supervisory review — and you hear it first from the supervisor, not from your team.

01Your week as Head of Risk

Monday. Risk committee. The agenda blends the running ORSA or ICAAP year, an open model validation, and the question of which of the last three EIOPA or EBA publications touches the capital assumptions. Your judgement is only as good as the supervisory signals your team actually captured.

Tuesday through Thursday. In parallel: preparing the Solvency II review transition (application from 30 Jan 2027), building the AI-Act model inventory for pricing and underwriting systems (binding from 2 Aug 2026), and integrating climate risk into the ORSA/ICAAP scenarios. Three different knowledge bases, three different levels of awareness of the deadlines.

Friday. Risk report to the board and the audit committee. The uncomfortable question: is the risk assessment based on the current state of supervisory expectation — or on whatever happened to find its way into your inbox?

02What changes for your role in 2026/2027

Solvency II review. Directive (EU) 2025/2 amends the Solvency II framework directive; application of the revised rules begins on 30 Jan 2027 — proportionality, sustainability risk, adjustments to the risk margin and the long-term guarantee package. The calibration of the ORSA assumptions must anticipate this transition [1].

High-risk AI in pricing. From 2 Aug 2026 the Annex III duties of the EU AI Act for high-risk systems become binding — including risk assessment and pricing in life and health insurance. This creates a new model-risk category with its own governance, FRIA and data requirements [2].

Banks: CRR III / CRD VI. On the banking side, CRR III and CRD VI (Directive (EU) 2024/1619, application from 11 Jan 2026) shift the output floor, the treatment of ESG risk, and the SREP powers — feeding directly into the ICAAP calibration and the P2R/P2G expectation [3].

03What your board actually wants to see from you

The board wants a forward-looking risk framework that anticipates the next rule change rather than chasing it — and a capital story that can be defended in the supervisory review. Both presuppose that the regulatory detection layer is complete: you cannot stress a scenario whose triggering rule change you never saw.

That is exactly where the gap sits: model validation, capital planning and scenario analysis are mature — but the layer before them, capturing the supervisory signals that feed those models, still runs on inbox and spreadsheet in many institutions.

What changes

Six tasks Horizon Scanner takes off your desk

Concrete mechanics against the five friction points of your week. Each item is live in the tool — not on a roadmap.

  • 01

    Track the prudential rulebook stack in parallel

    Solvency II (incl. the 2024 review) for insurers, CRR/CRD for banks, plus the associated RTS/ITS and the EIOPA/EBA guidelines all run through the same capture. Every change touching capital assumptions, risk margin or SREP expectation is detected and assigned to the capital/actuarial function.

  • 02

    Keep the AI-Act model inventory current

    Pricing and underwriting models under Annex III of the EU AI Act get their own risk category. Changes to the high-risk duties, FRIA expectations and harmonised standards are captured and routed to model risk and the actuarial function — no outdated model governance.

  • 03

    Feed the ORSA / ICAAP with current assumptions

    The ORSA (insurers) and the ICAAP (banks) are only as robust as their inputs. Regulatory changes to stress scenarios, climate-risk expectations and capital buffers are detected, so the next iteration rests on the current state and not last year's.

  • 04

    Connect climate and sustainability risk

    CSRD and SFDR changes feeding into financial materiality and risk assessment are captured and routed to the ESG-risk function — including the moving Omnibus situation (postponement and scope-narrowing) that changes the reporting universe.

  • 05

    Route to capital, actuarial, model risk and ESG

    Pre-configured routing rules per risk domain. Solvency II capital topics to the actuarial function, ICT risk from DORA to operational risk, AI-Act topics to model risk, climate risk to ESG. Defaults are in place from day one; every rule is editable.

  • 06

    Auditable trail for the supervisory review

    Every capture, classification and routing decision is logged immutably, 5 years, CSV/JSON export. When the supervisor asks since when a changed capital assumption was known, the answer is objectively evidenced — not reconstructed.

The numbers your board sees

Translated from compliance language into board language.

  • < 4 hours

    Median time from supervisory publication to a confirmed entry at the responsible risk function.

  • ≥ 90 %

    Day-one default routing accuracy — the share of findings reaching the right risk domain without manual correction.

  • 5 years

    Immutable audit-trail retention — matches the documentation expectation of ORSA, ICAAP and model governance.

  • 0 FTE

    Additional headcount per new rulebook in your scope. The detection layer scales through technology, not headcount.

Questions you will ask

  • Do you replace our model validation or the ORSA?

    No. Horizon Scanner is the detection and routing layer in front of them: it ensures the regulatory inputs to your models, ORSA and ICAAP are current. The validation, calibration and expert judgement stay with your team — we make sure it works against the current supervisory state.

  • Do you cover both the banking and insurance side?

    Yes. For insurers the Solvency II/EIOPA universe (incl. the 2024 review and ORSA); for banks the CRR/CRD/EBA/ECB universe (incl. SREP and ICAAP). Findings are tagged by sector and risk domain, so a mixed financial group can steer both sides separately.

  • How does this engage with the AI-Act model-risk duties?

    We monitor the Annex III high-risk duties, the FRIA expectations (Art. 27) and the deployer duties (Art. 26), plus the harmonised standards as they appear. Changes are routed to model risk so your model inventory and governance follow the binding state from 2 Aug 2026.

  • Do you provide risk data or model parameters?

    No — we deliver regulatory change signals, not market data or model parameters. Via webhook/API (from Professional and Enterprise respectively) those signals flow into your GRC or risk register, where your own data and models live.

Sources

  1. [1]Solvency II — Directive 2009/138/EC, amended by Directive (EU) 2025/2 (review) — EUR-Lex
  2. [2]EU AI Act — Regulation (EU) 2024/1689 (Annex III, Arts. 26, 27) — EUR-Lex
  3. [3]CRD VI — Directive (EU) 2024/1619 (SREP, ESG risk) — EUR-Lex

Let's walk through the reality of your week.

Twenty minutes. Concrete use cases from your group.

Book a conversation