Risk management shouldn’t be a bolt-on, or something you bring in at the end of a project to tick the right compliance boxes. But too often that’s exactly how it’s treated.
In this article, Associate Consultant Faysal Jhetam outlines why risk should never be seen as an afterthought.
In some banks, Risk is seen as the team that says “no” or slows things down, when in fact, its role should be to help businesses move in the right direction, faster, with more confidence and clarity.
I’ve spent over two decades in global risk functions and risk consulting, including more than ten years at Accenture and now with BeyondFS. I’ve seen what happens when risk is left on the sidelines: programmes stumble, costly mistakes go unnoticed, and leadership loses confidence.
But I’ve also seen how, when embedded properly, risk becomes a source of speed, innovation and resilience.
I once worked with a large European bank on a major remediation programme. In the first year, there was no proper governance. Risk and compliance weren’t in the room, and the programme leads were essentially marking their own homework. No one was looking at the broader implications of the decisions being made.
Eventually, we had to backtrack and retrofit risk reviews across every initiative. It was inefficient, expensive, and worst of all, it undermined senior leadership trust. People started questioning the competence of the programme as a whole.
In another example, a UK challenger bank was developing a new credit card. Product and marketing teams were heavily involved from the start - but risk wasn’t. Late in the day, issues emerged that a basic early-stage risk review would have spotted. Key questions around risk appetite had never been addressed. The launch was pulled, and the whole escapade cost hundreds of thousands.
Later, that same bank was fined millions for financial crime failings. I couldn’t help but see a common thread: risk wasn’t properly embedded in the bank’s decision-making.
Banks are operating in a more complex risk environment than ever, and many still don’t have the fundamentals right. Enterprise Risk Management (ERM) frameworks, governance, and business continuity planning aren’t ‘nice-to-haves’. They’re the bare minimum.
Despite the talk of AI, automation and big data, a surprising number of risk teams are still reliant on spreadsheets and disconnected, manual reviews. In many cases, the rest of the business assumes “the risk team will flag it”, without realising that managing risk is everyone’s job.
If your core risk structures are weak, it’s impossible for the risk function to add value. But with the right foundations in place, risk becomes a lens through which better, faster decisions are made.
Every major initiative, from launching a new product, to entering a market or selecting a new supplier, should involve a risk lens from day one. You want to be asking early:
- Does this align with our risk appetite?
- What are the downstream implications of this move?
- Have we got the right people in the room - risk, legal, compliance, operational experts - to spot the issues we’re not thinking about?
This is what we mean by dynamic risk management. You’re building frameworks that evolve with your business and give you the ability to respond to new and emerging threats.
Take operational resilience. It’s not a new concept by any means, but recent geopolitical tensions, cyber threats, and supply chain pressures have brought it sharply into focus. The FCA, for instance, is looking more closely at non-regulated activity and third-party dependencies - recognising that risks can now originate outside traditional banking channels but still have major systemic consequences.
Risk today has to be managed across entire commercial ecosystems, not just within the walls of individual firms. That means regulators, lawmakers and firms themselves all have a role to play, but it’s down to each institution to ensure they’re not the weak link in the chain.
To properly embed risk into your commercial and operational decision-making, you need to start with a clear-eyed view of where you are now.
How mature is your current risk set-up? Are the basics in place? Are risk conversations happening at the right time - or only at the end, when the work’s nearly done?
As always, change starts with leadership. Senior leaders need to see risk as a source of value, not as an obstacle. And people working in risk functions need to see themselves the same way. That mindset has to be visible in their behaviours, how they engage, and how they influence decisions.
But it can’t stop with the risk team. Every part of the business needs to understand their role in managing risk and be trained to spot, escalate and address issues early.
Make risk a standard part of everyday business conversations. Bring risk thinking into vendor decisions, product design, market entry plans. And finally, use the insight you gain from asking risk questions to shape performance, not just tick regulatory boxes. Ask:
- How did our risk function help drive a better outcome?
- What lessons are we feeding into future strategy?
The firms that really get this right don’t treat risk as a blocker. They see it as a competitive edge. That change in mindset makes all the difference, and it’s where real progress is made.
