Welcome back to Continuum Risk Update
Every Friday we pull the top Asia headlines on digital-asset regulation, cyber risk, industry moves and insurance signals, with concise takeaways and practical actions for insurers and corporate risk teams.
1) Regulatory
HKMA urges firms to enhance sanctions screening and adopt AIOn March 23, the Hong Kong Monetary Authority published findings from a thematic review of sanctions screening systems across licensed banks and payment operators. The HKMA found systems generally meet baseline expectations but identified significant gaps in automation and AI adoption, urging firms to upgrade screening infrastructure and governance controls ahead of anticipated enforcement intensification in H2 2026.
MAS releases AI risk management toolkit for financial sectorOn March 25, the Monetary Authority of Singapore published a comprehensive AI Risk Management Toolkit for the financial sector, providing firm-specific guidance and worked examples for managing risks from traditional AI systems through to fully agentic AI deployments. The toolkit covers bias, model governance, accountability frameworks, and the emerging risk of AI-to-AI interactions — signalling that MAS expects firms to operationalise AI governance, not merely document it.
2) Hacking & Physical Risks
Japan Self-Defense Forces officer forcibly enters Chinese embassy in TokyoOn March 24, a 23-year-old Ground Self-Defense Forces officer scaled the wall and broke into the Chinese embassy in Tokyo, carrying a knife and threatening diplomatic staff. No personnel were injured. China lodged formal protests citing violations of the Vienna Convention on Diplomatic Relations, while Japanese public figures criticised the government’s handling of the incident. The event has amplified concerns about far-right ideology within the SDF and heightened Japan-China diplomatic tensions — adding a new friction point to an already strained bilateral relationship.
China-backed hackers target Southeast Asian military networks in ongoing spy campaignOn March 24, security researchers reported an active espionage campaign attributed to China-linked threat actors targeting military and government systems across Southeast Asia. The SmartApeSG campaign deploys high-end malware specifically designed to evade detection within government infrastructure, with researchers noting that the sophistication and targeting of these operations has increased materially in the first quarter of 2026. The campaign reinforces growing concern about state-sponsored cyber threats targeting APAC critical infrastructure.
3) Industry & Markets
P&C underwriting income up $40B in 2025 but structural pressures persistVerisk and the American Property Casualty Insurance Association reported on March 26 that net underwriting income for the US property and casualty industry rose by approximately $40 billion in 2025 — a significant improvement driven by rate hardening across multiple lines. However, analysts warn the headline figures mask ongoing structural pressures including elevated catastrophe losses, social inflation, and tightening reinsurance capacity in exposed markets. The findings carry direct relevance for APAC carriers with US treaty or portfolio exposure.
APAC insurance M&A outpaces all other regions as Japanese buyers remain activeNew data published this week confirms APAC was the standout region for insurance M&A globally in 2025, with completed transactions rising from 39 to 59 — and APAC accounting for four of the seven mega-deals valued above $5 billion. Japanese insurers, flush with capital following domestic portfolio realignments, are expected to remain the most active cross-border acquirers in 2026, with India and Thailand emerging as primary targets alongside established hubs in Hong Kong and Singapore.
4) Insurance Spotlight
Munich Re: AI is making cyberattacks costlier and more effectiveMunich Re released its annual Cyber Insurance: Risks and Trends 2026 report on March 26, flagging AI-enabled attacks as the defining threat shift of the year. Key findings include: fraud and phishing have now overtaken ransomware in CEO risk rankings, with 73% of executives reporting cyber-enabled fraud exposure in 2025; publicly reported ransomware attacks increased nearly 50% year-on-year; and agentic AI — systems capable of acting autonomously and circumventing defensive mechanisms — is expected to increase attack frequency in the near term. Munich Re projects the global cyber insurance market will reach $15.3 billion in 2026 and warns that first-party claims exposure from agentic AI incidents remains materially underestimated.
