questions. In boardrooms, silence can be more dangerous than dissent. Questions such as,“ What are we not seeing?” or“ Who is not speaking in this room?” can unlock blind spots that data alone cannot reveal. Boards that only accept easy answers rarely uncover the real risks until it is too late.
The third is to practice risk rather than simply monitor it. I was reminded of this during a Business Continuity Management session I facilitated with the board and executive team of a large state corporation. On paper, their preparedness looked sound, with well-written policies and neat reports. But once we ran a live crisis simulation, weaknesses emerged within minutes. Confusion over roles, delayed communication, and assumptions that“ someone else” was handling critical decisions quickly surfaced. It was a powerful lesson for the leadership: true resilience is not measured by what sits in a report but by how people act when stress is real. That exercise reinforced for me, and for them, that practicing risk is the only way to test readiness.
The fourth is to link risk appetite to opportunity. Too often, risk is seen only as a shield. The strongest organizations use it also as a lens for innovation, whether that means pioneering fintech solutions, embracing green finance, or reimagining healthcare delivery. Understanding risk appetite is not about limiting ambition; it is about pursuing ambition wisely and sustainably.
Finally, the fifth imperative is to humanize the risk lens. Behind every category of risk, whether credit, operational, or reputational, are real people, families, and communities whose lives are affected by the decisions made in boardrooms. Risk oversight is not just about protecting the institution; it is about safeguarding the trust and futures of those who rely on it.
Risk as Conversation, Not Documentation
In many of my board training sessions, I like to begin with a simple exercise. I hand each director a copy of the organization’ s most recent risk register and ask,“ How many of these risks could you explain clearly to someone outside this room?” Almost without fail, the room goes quiet. The hesitation is never about intelligence or experience. It is about the way risks are often documented. Registers tend to be written in compliance language rather than in terms that connect to strategy or people. Phrases like“ operational continuity failure” or“ cyber intrusion exposure” may satisfy regulators, but they leave directors struggling to translate what these risks really mean for the business, its customers, or its future.
That silence is more than awkward. It is dangerous. Risk is not a checklist, it is a conversation that must connect frontline realities with board-level decisions, and technical specialists with strategic leaders. If directors cannot speak confidently about their own risks in plain language, then they cannot truly own them.
The Digital Breach That Never Happened( Yet)
At a recent board retreat with a financial institution, I introduced a scenario that immediately shifted the mood in the room. I said,“ It is 7:30 on a Monday morning. News has just broken that your customer data has been leaked on the dark web. Journalists are already calling. Regulators are demanding explanations. Social media is exploding. Who speaks first here?”
The directors glanced at each other, uncertain. A few suggested it was the CEO’ s responsibility. Others pointed to the Head of IT. Finally, one director broke the silence and admitted,“ We have never discussed this as a board.”
That moment captured a common blind spot. Too many boards still view cyber risk as a narrow technical issue rather than a core governance concern. Yet a major breach can destroy customer trust faster than even a liquidity crisis.
This blind spot is not limited to banks or financial institutions. While working on the development of a risk management framework for a corporate pension scheme in the region, I saw the same issue play out in a different form. The organization was diligently focused on investment risk, compliance obligations, and governance structures. But when it came to digital transformation and the resilience of their systems, the conversation had barely begun. During engagements with the senior teams, it became clear that preparedness for digital disruption and cyber vulnerabilities had been overlooked. It was only through open dialogue in the framework formulation stages that the leadership recognized how exposed they were, not just at the level of IT but right from the board to the process owners.
I use these kinds of simulations and engagements not to create panic but to build preparedness. They are about giving leaders the muscle memory and the awareness to respond with clarity when the real crisis eventually comes. Because in that moment, the one thing an organization will not have is the luxury of silence.
Risk in the Age of ESG and Green Finance
One of the recurring blind spots I encounter in my board and executive engagements is how environmental, social, and governance( ESG) risks are treated. I remember a conversation with directors of an agribusiness firm who proudly outlined their strong market growth. When I asked,“ How climate-resilient is your supply chain? What happens if prolonged drought wipes out 30 percent of your contracted farmers?” the room went quiet. Their assumption had been that climate was a government problem, not a boardroom issue. Yet the reality was already clear: climate risk was reshaping their credit exposures, increasing their insurance costs, and threatening the competitiveness of their exports.
I have seen the same pattern in my consulting work with microfinance institutions exploring green finance. Many start by treating ESG as an investor reporting requirement, something to tick off for compliance. But when we dig deeper, the truth comes out: ESG is really about future-proofing the business model. A loan portfolio that ignores climate risks, gender equity, and governance gaps is not just incomplete, it is unsustainable.
Boards must begin to recognize that green risk is business risk. The organizations that will thrive tomorrow are the ones making deliberate choices today to align credit, operations, and governance with sustainability requirements. Those who fail to make that shift will not just miss out on green finance opportunities, they will find themselves left behind in markets that are moving fast toward resilience and sustainability.
Geopolitical and Policy Risk: The Unspoken Factor
In East Africa, I have seen how government policy changes can be just as disruptive as market forces. During a consulting engagement with a large cooperative, I ran a simulation on the impact of a sudden government tax change on members’ disposable income. The results were striking. Within minutes it became clear how such a policy could reduce members’ ability to repay loans, put pressure on liquidity, and even damage the trust of members who might feel caught off guard. Watching the leadership team realize how quickly things could unravel was a reminder of how unprepared many
54 MAL68 / 24 ISSUE