Banks rarely fail because risks are unknown. They fail because risks sit between owners.
In most large banking institutions, governance is carefully designed. Committees are defined, mandates are agreed, reporting lines are clear. Risk frameworks are reviewed annually. Board packs arrive on time, colour-coded and structured.

On paper, accountability appears complete.

Go deeper with GlobalData

Data Insights

The gold standard of business intelligence.

Find out more

Access deeper industry intelligence

Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.

Find out more

Yet some of the most consequential risks in modern banking do not sit comfortably within those structures. They do not belong cleanly to a single function, committee, or executive owner. They live in the spaces between them.

These risks are discussed, acknowledged, and often managed in fragments. But they are rarely owned end to end. Over time, they become embedded in normal operations – visible, tolerated, and unresolved.

This is not a governance failure in the traditional sense. It is a structural blind spot that has grown as banks have become larger, more complex, and more interconnected.

Where modern banking risk actually accumulates

The prevailing model of banking governance assumes that risk can be categorised and contained.

GlobalData Strategic Intelligence

US Tariffs are shifting - will you react or anticipate?

Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.

By GlobalData

Credit risk is owned by credit.

Operational risk by operations.

Technology risk by technology.

Conduct risk by compliance.

This functional clarity is necessary. It allows responsibilities to be assigned, expertise to be concentrated, and oversight to be exercised. It also makes reporting manageable.

But the most persistent risks in banks today rarely stay within those boundaries.

They emerge at handoffs – between technology and operations, between policy and execution, between central functions and front-line teams. They appear when work crosses domains, when systems interact, and when decisions must balance competing priorities.

A reconciliation break is not immediately a payments issue if it is resolved manually.

A system dependency is not a technology issue if performance remains within tolerance.

A policy ambiguity is not a governance issue until it leads to inconsistent decisions.

Individually, these situations feel manageable. Collectively, they form a pattern of exposure that is difficult to see through functional reporting.

By the time a single owner is clearly identified, the institution is often already dealing with consequences rather than causes.

The committee problem no one names

As banks grow, they respond to complexity by adding structure.

New committees are formed to oversee cross-cutting risks. Sub-committees and working groups are created to coordinate activity across functions. Steering forums are established to “join the dots.”

Each of these responses is rational. Each is well-intentioned.

Over time, however, a subtle problem emerges. When an issue touches multiple committees, it often belongs fully to none of them.

The risk is reviewed from different angles, each within a defined remit. Updates are requested. Actions are logged. Ownership remains partial. Decision-making slows, not because people are disengaged, but because no single forum feels authorised to act decisively.

What looks like collaboration can become diffusion

This dynamic is particularly visible in areas such as third-party risk, complex technology dependencies, data integrity, and operational resilience. These risks span functions by nature, yet governance structures often treat them as shared concerns rather than owned responsibilities.

In banking, shared responsibility without clear ownership is rarely benign. It creates space for delay, ambiguity, and incremental risk build-up.

How risk changes shape between committees

One reason these risks persist is that they rarely present themselves as discrete events.

Between committees, risk changes form. It becomes a pattern rather than an incident. A recurring exception rather than a breach. A workaround rather than a failure.

These signals are easy to normalise.

A manual intervention becomes part of the process.

A backlog becomes “managed.”

A dependency becomes “under review.”

None of these trigger immediate escalation. They sit below thresholds, within tolerance, and outside formal definitions of failure.

Yet they consume operational capacity, increase complexity, and reduce resilience. They also mask the true cost of the risk, because its impact is spread across teams and time.

Boards often encounter these risks only when they crystallise – when a regulatory issue arises, when customers are affected, or when multiple controls fail simultaneously.

At that point, the question is no longer where did this come from? But why did we not see it earlier?

The uncomfortable answer is often that the risk was visible everywhere, but owned nowhere.

The behavioural dimension of governance risk

There is also a human dimension to this problem.

Senior leaders are incentivised to manage what they formally own. When an issue sits partially outside their remit, engagement becomes cautious. Language softens. Accountability becomes collective rather than personal.

No one wants to overstep their mandate.

No one wants to escalate prematurely.

No one wants to be seen as alarmist.

This creates a culture of polite governance. Risks are acknowledged, but urgency dissipates as issues move through layers of review.

Front-line teams adapt quickly. They learn which issues attract attention and which do not. They develop local solutions to keep work moving, often without escalating underlying causes.

From an institutional perspective, this adaptation is efficient in the short term. In the long term, it embeds fragility.

Risk does not disappear. It becomes harder to unwind.

Why boards struggle to intervene early

Boards are not unaware of these dynamics. Many non-executive directors recognise them from experience, even if they are difficult to articulate formally.

The challenge lies in how boards receive information.

Board packs are structured around existing governance models. Metrics align to functional ownership. Issues are presented within the boundaries of committees that already exist.

This creates a subtle constraint. Questions are framed within the same structures that allow the risk to persist.

To surface risk that lives between committees, boards often need to ask different questions.

Nor is this within appetite?

But who would act if this deteriorates?

Not has this been reviewed?

But where does responsibility ultimately sit?

Not is this being managed?

But what would force a decision?

These questions do not challenge competence. They challenge design.

They expose gaps in accountability that are uncomfortable precisely because they are systemic rather than individual.

Signals boards should pay attention to

Without turning governance into a checklist exercise, there are signals that often indicate risk is drifting between owners.

Persistent manual controls that were intended to be temporary.

Issues that reappear under different labels across reporting cycles.

Actions that move from committee to committee without resolution.

Escalations that occur only after stabilisation, not at onset.

Risks described as “cross-functional” without a named owner.

None of these are failures in isolation. Together, they suggest an institution is compensating for structural gaps rather than addressing them.

Boards that pay attention to these patterns tend to intervene earlier, not by adding oversight, but by clarifying ownership.

Designing governance for seams, not silos

The answer to this problem is not more committees or more reporting.

It is explicit ownership at the seams.

This means recognising that some risks are systemic by nature and assigning responsibility accordingly, even when that responsibility cuts across traditional structures.

It also means being clear about who decides when trade-offs arise. When stability conflicts with speed. When customer impact conflicts with operational efficiency. When regulatory expectations conflict with delivery constraints.

Clear ownership does not eliminate complexity. It makes it manageable.

Institutions that do this well tend to resolve issues earlier, not because they avoid risk, but because they confront it before it becomes embedded.

A quieter measure of institutional strength

The strength of a banking institution is not only visible in its frameworks, policies, or committees.

It is visible in how it handles the risks that do not fit neatly anywhere.

When those risks are owned early, they rarely become crises. When they are allowed to drift, they almost always do.

In modern banking, the most important governance question is often the simplest one.

Not what is being managed?

But who, exactly, would act when it matters.

That clarity – quiet, unglamorous, and rarely celebrated – is one of the strongest indicators of a resilient institution.

Dr. Gulzar Singh, Chartered Fellow – Banking and Technology; Director, Phoenix Empire Ltd