For CEOs and boards, volatility is no longer an occasional interruption to “business as usual”. It is the baseline. Trade measures, shifting alliances, regulatory divergence, cyber risk and regional conflict now shape markets, costs and investor expectations on a continuous basis. That reality exposes a weakness in many traditional governance approaches: treating external risk as a periodic review item rather than a standing strategic input. The boards that perform best are moving from reactive crisis response to disciplined, repeatable resilience governance.
Business Adaptation
Looking into 2026, many organisations are planning amid fragile growth, uneven inflation dynamics, constrained financing conditions and a general lack of visibility. The most material threat is often not a single metric, interest rates, inflation or demand, but the compounding effect of uncertainty on decision-making: delayed investments, higher risk premiums and pressure on margins. In governance terms, the question becomes: how quickly can the business adapt while protecting value?
This is a different operating environment from cycles where boards could debate one dominant factor at a time. Today, leadership teams are balancing slower demand with supply-chain redesign, evolving trade rules, policy unpredictability and tighter capital. Tariffs and trade frictions add another layer, influencing sourcing choices, pricing power, customer demand and longer-term capital allocation. Consequently, boards are sharpening their focus on cash and covenant headroom, stress-tested funding plans, operational flexibility and management’s ability to execute through extended ambiguity, not just a short downturn.
Geopolitics and security are no longer “externalities” that sit outside performance discussions. Energy price swings, sanctions, export controls, cyber incidents and regional instability are increasingly structural features of the landscape. Importantly, CEOs rarely experience these risks in neat categories. A trade restriction can raise input costs and accelerate regulatory fragmentation. A cyberattack can become a legal, operational and reputational event within hours. For boards, this convergence reduces the usefulness of siloed risk dashboards and demands more integrated oversight.
Governing for Resilience
In response, high-performing boards are elevating resilience and agility from “nice-to-have” traits to core leadership tests. They are probing how quickly management can absorb new information, challenge assumptions and reallocate resources when conditions change. Resilience is broader than continuity planning: it includes leadership stamina, credibility with stakeholders, decision discipline under pressure and a culture that sustains performance and collaboration across repeated shocks.
What this means for governance starts with bringing geopolitical and macroeconomic realities into strategy, not parking them in an annual enterprise risk cycle. Many boards are moving to living scenario work: shorter, more frequent exercises that test how combinations of stressors could play out (for example, trade disruption alongside regulatory change, a cyber event, or a sudden shift in energy pricing). The objective is not prediction; it is preparedness, clear triggers, pre-agreed options and faster execution when signals move.
- Define the volatility you are governing for: the top 3–5 external forces most likely to reshape your revenue, cost base and operating model.
- Agree on decision triggers in advance: what signals will prompt pricing action, sourcing changes, capex pauses, or a shift in market focus.
- Stress-test liquidity and execution capacity: not only the balance sheet, but also the organisation’s ability to deliver change at speed.
A second implication is board capability. In a small, highly connected economy like Malta, operating within EU rules while competing globally, oversight benefits from directors who understand regulated environments, cross-border operations, technology risk and public-policy dynamics. The point is not to “forecast politics”; it is to ensure the board can rigorously test management’s assumptions on market access, compliance burden, third‑party dependency and customer concentration.
Third, boards are tightening expectations on ownership and escalation. Resilience improves when accountability is explicit: who owns trade and regulatory monitoring, who is responsible for cyber readiness, and who has authority to activate contingency plans. Effective governance also depends on thresholds that force timely discussion, such as liquidity buffers, supplier concentration limits, incident-response timelines and decision rights for rapid sourcing or market shifts. Without these, organisations drift into slow-motion risk until options narrow.
To Sum Up
Ultimately, resilience is becoming a practical measure of governance quality. Boards that embed it into strategy reviews, leadership evaluation and risk oversight are better positioned to protect enterprise value, maintain stakeholder confidence and preserve strategic choice, even when the next disruption is not a matter of “if” but “when”. Papilio Services Limited supports boards and executive teams in strengthening governance, risk and compliance frameworks that match today’s operating realities. If you would like a confidential discussion on board resilience, scenario planning or governance capability, we are ready to help.
About the Author
This article was authored by Louise Vella, Director, AML Compliance Department.
 Louise Vella |  Szabolcs Toth |
Contact us for more information
