Every bank talks about managing risk.
Credit risk. Cyber risk. Fraud risk. Conduct risk. Technology risk. Third-party risk.
But what if one of the largest risks facing modern banking is not sitting neatly inside any of those categories?
What if it is the complexity connecting them all?
Complexity rarely arrives through one poor decision. It is usually created through hundreds of sensible decisions that were never considered together.
A new regulation requires another control.
A customer problem leads to another process.
A system limitation creates another workaround.
A merger adds another platform.
A risk event produces another approval.
Each decision can be justified. Each may even be necessary.
Yet, over time, the institution becomes harder to understand, harder to change and, eventually, harder to control.
That is the danger.
Banks have traditionally treated complexity as a cost issue. More systems mean higher expenditure. More processes mean additional people. More organisational layers mean slower execution.
Complexity is no longer only expensive
It is becoming a strategic risk.
For more than three decades, I have watched banking institutions grow, reorganise, integrate, automate and transform. The pattern is remarkably consistent. Every major transformation begins with a promise of simplicity. Fewer processes. Better systems. Faster decisions. Clearer accountability.
Yet many institutions emerge from transformation with the old complexity still in place and a new layer added above it.
The new platform does not always replace the old one.
It sits beside it.
The new process does not disappear when the programme ends.
It becomes another permanent process.
The temporary governance forum becomes a standing committee. The manual workaround becomes part of normal operations. The exception slowly becomes the rule.
Banks do not usually become difficult to run because one person made a disastrous decision.
They become difficult to run because good decisions accumulate without anyone redesigning the whole.
This matters because complexity changes how people behave.
When processes become difficult to understand, employees stop exercising judgement and begin protecting themselves.
They copy more people into emails.
They ask for additional approvals.
They create parallel records.
They escalate decisions that should have been made closer to the customer.
Nobody intends to slow the organisation down. Each person is responding rationally to a system in which responsibility is distributed but accountability remains personal.
The result is institutional hesitation.
Decisions take longer. Ownership becomes unclear. Problems move between departments. Customers are asked to repeat information because systems do not speak to one another. Senior leaders receive increasingly detailed dashboards, yet find it harder to see what is actually happening.
Complexity creates activity
It does not always create control.
This distinction should concern every board.
A bank may have strong governance around each individual risk and still lack a clear view of how the risks interact. It may have resilient systems considered separately, but fragile customer services when those systems depend on one another. It may have detailed policies, yet leave frontline colleagues uncertain about which rule matters most in a real situation.
More control does not automatically produce greater control.
Sometimes it produces distance between the decision and its consequence.
Technology was expected to solve much of this. In many areas, it has. Automation has removed manual work, improved speed and strengthened accuracy.
But technology can also hide complexity rather than remove it.
A smooth customer screen may sit above numerous legacy systems, manual interventions and reconciliation processes. The customer sees a transaction completed in seconds. Inside the institution, several teams may still be managing the consequences.
Artificial intelligence creates the same question on a larger scale.
Will AI simplify banking?
Or will it make complicated institutions operate faster without making them easier to understand?
Automating a confused process does not make it simpler. It simply allows complexity to move faster.
The answer is not careless simplification. Banking is complex for legitimate reasons. It manages money, risk, regulation, security and public confidence. Controls matter. Checks matter. Governance matters.
The real question is whether every layer continues to serve its original purpose.
When was the last time the institution removed a committee rather than created one?
Retired a process rather than amended it?
Closed a system rather than connected another platform to it?
Removed a report rather than added another measure?
These are not operational housekeeping questions. They are questions of institutional health.
Boards regularly ask whether the bank is adequately controlled.
Perhaps they should also ask whether it remains understandable.
Because an institution that cannot explain how decisions move, where accountability sits or how systems depend on one another may be compliant on paper and vulnerable in practice.
Complexity rarely announces itself as a crisis.
It appears first as delay.
Then duplication.
Then confusion.
Eventually, it becomes risk.
The strongest banks of the future may not be those with the most technology, the most controls or the most elaborate operating models.
They may be those with the discipline to remove what no longer needs to exist.
Banking will always be complicated. It should never become incomprehensible.
It does not have to become incomprehensible.
Dr Gulzar Singh, Senior Fellow – Banking & Technology, Chief Executive Officer, Phoenix
