Why ERM is no longer optional for African boards

Kefa Nyakundi

2 min read
Share

When the Central Bank of Kenya introduced climate risk disclosure requirements in 2024, many commercial banks discovered a troubling reality: their Enterprise Risk Management frameworks, despite appearing comprehensive on paper, could not answer basic questions about portfolio exposure to drought risk or temperature impacts on agricultural lending. That was not a risk management failure. It was a governance failure.

A convergence boards can no longer manage in silos

Across African markets in 2026, boards face an unprecedented convergence of risks: currency volatility, regulatory acceleration, climate exposure, cyber risk and geopolitical uncertainty. These are not discrete challenges to be managed in isolation; they are interconnected, dynamic exposures that require board-level strategic oversight.

The exposures converging on the African bank boardroom
The interconnected exposures converging on the boardroom.

Yet most ERM frameworks remain trapped in a compliance paradigm.

Risk registers and heat maps that provide comfort without insight: documentation without decision-making value.

Five failure points in traditional ERM

In our work with Tier 1 and Tier 2 African banks, the same five problems appear in almost every traditional framework.

  1. ERM sits outside strategy. Strategy and risk happen in separate meetings; decisions get made before risk is evaluated.
  2. Control-function ownership. ERM is seen as the CRO's job, not the board's. Risk managers document; business leaders take risk, and the two never meet.
  3. Static assessment. Heat maps with quarterly updates that barely move give false comfort while real exposures shift weekly.
  4. Backward-looking metrics. Reporting emphasises what already happened, not what could.
  5. Risk-appetite irrelevance. An annual appetite statement is approved, then never referenced in an actual decision.

What progressive boards do differently

Compliance ERM versus strategic ERM
The shift from a compliance paradigm to a strategic one.

Progressive boards integrate risk into strategy from the start; demand forward-looking intelligence such as scenario analysis, emerging-risk surveillance and leading indicators; use risk appetite as an active decision filter, testing major transactions against it before approval; and invest in board-level risk competence, including climate and digital-resilience expertise that traditional director profiles often lack.

We have walked into DFI due-diligence rooms where a 60-page board pack was rejected because the skills matrix did not match the strategy, and the risk-appetite framework was a single-page checklist.

The transformation is sequenced, multi-quarter work: it starts with a board-level ERM diagnostic and ends with risk-informed strategy development as standard practice. None of it is technically impossible. All of it requires board commitment to governance transformation.

Where ARMA comes in

ARMA's Board ERM Transformation engagement is a 12 to 16 week diagnostic and capability build that delivers a board ERM effectiveness assessment, a redesigned risk-appetite framework, a forward-looking risk-intelligence architecture, and a board capability programme. It is built for Tier 1 and Tier 2 African banks where the next DFI funding round or regulator examination will test the framework.

Read more