Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

IFSLeaseWorks is now part of Abrigo.

Diversify your portfolio and earn additional interest income. End-to-end lease origination and administration automation make it possible.

Read the press announcement

Looking for TPG Software? You are in the right place!

TPG Software is now part of Abrigo. You can continue to count on the world-class Investment Accounting software and services you’ve come to expect, plus all that Abrigo has to offer.

Make yourself at home – we hope you enjoy being part of our community.

Journey Technology Solutions is now part of the Abrigo family.

Turn complex data into actionable insights for faster, more informed decision-making.

Read the press release

360 View is now part of the Abrigo family.

Turn relationship data into cross-sell, onboarding, and retention strategies.

Read the press release

AI AML/CFT Asset/Liability Fraud Prevention Lending & Credit Risk Portfolio Risk & CECL

Reflections on banking risk management: 4 leadership lessons

Kent Kirby
February 18, 2026
0 min read

Changing bank and credit union risk requires leadership 

What former banker and Abrigo Consultant Kent Kirby learned about managing financial institution risk in his 39+ years in all aspects of commercial banking.

Summary: 

Risk: Layered, interconnected, ambiguous

Being retired from banking offers a luxury I seldom had on the job: time to think rather than react. After decades spent moving from one urgent issue to the next, I now find myself reflecting on how differently I understood risk at 25 than I did at 65.

At 25, risk was simple. Would I close the deal? Would I get repaid? Other experienced bankers likely understand that by 65, risk to me had become layered, interconnected, and often ambiguous—less a calculation than a judgment call. I could probably write a book on the subject, but a few lessons stand out for bank or credit union leadership.

Learn why innovation gaps pose a significant risk to credit quality.

Watch webinar

1.  Risk is a team sport.

If anyone claims they fully understand all the risks facing a financial institution today, they’re not being honest. The operating environment has grown exponentially more complex. Products that were standard—and regulator-endorsed—in the early 1980s could invite criminal scrutiny today.

While risks are numerous, they can still be grouped into categories such as credit, operational, fiduciary, legal, compliance, and so on. The key is to rely on subject-matter experts and to make sure they communicate regularly with each other. Early in my career, bankers were poor at understanding risk at the enterprise level. Today, Enterprise Risk Management is an entire industry unto itself.

That said, ERM has too often become a ritual rather than a discipline. Done properly, it is essential, regardless of institution size.

Consider product development. Financial institutions have become highly effective at designing innovative credit products, aided by technology. Too often, however, we fail to ask a basic operational question: Can our systems and people actually support this product? Given the generally antiquated state of bank and credit union infrastructure, the answer is frequently “no.” The result is a patchwork of manual workarounds—prime territory for errors and, therefore, risk in its most basic form.

2.  Risk is not a wall. It’s an amoeba.

As a career credit banker, I once thought of risk as a wall. You could advance only so far before hitting default, and the objective was to avoid that collision.

That’s not how risk works anymore, if it ever did. Risk behaves more like an amoeba, constantly dividing and reshaping itself. New risks don’t replace old ones; they multiply.

Take artificial intelligence. A year ago, it barely registered in most risk conversations. Today, financial institutions feel pressured to deploy something AI-related simply to avoid being left behind. Yet many institutions have not had (or taken) the time to thoughtfully address the ethical, operational, legal, and reputational risks that accompany it.

Compounding this challenge is noise. Early in my career, news arrived twice a day. Today, it updates by the second, amplified by countless “experts” regardless of credibility. We even have a term, deepfake, for the darkest edge of this reality. Managing risk in this environment requires discernment.

Recent tariff debates illustrate this well. Initial reactions forecasted economic catastrophe reminiscent of the 1930s. The reality proved far more nuanced. Risk leaders must constantly balance speed with perspective.

3.  You will never have enough information. Decide anyway.

In all my years across institutions large and small, I never met a banker satisfied with their data. If I had 50–60% of the information I wanted to make a decision, I considered myself fortunate.

Directors and management understand that risk management is about judgment under imperfect conditions rather than about certainty. Waiting for complete information can create its own risk: the risk of delay or paralysis. Effective leaders develop the discipline to act with incomplete data while remaining flexible enough to adjust as new information emerges. The real skill lies in openly acknowledging uncertainty and deliberately managing it, since you can’t eliminate it.

4.  The most dangerous risk is the one you rarely see: culture.

Culture isn’t monolithic. It is a system of shared beliefs, values, and behaviors. Every employee carries multiple cultures—family, community, political, and religious—most of which are voluntarily adopted.

A financial institution’s culture, by contrast, is usually imposed. As a result, it is often poorly internalized and easily ignored. To make matters worse, institutional culture is frequently expressed through dense, elegant documentation. (How many pages is your credit policy?) Complexity plus lack of ownership leads to confusion, inattention, and, whether acknowledged or not, chaos.

Culture is foundational to an institution’s survivability. To manage it effectively, think of the hiss of a snake: sss.

Simple: If your culture is not simple, it will be ignored.
Succinct: If it is not succinct, it will be misunderstood.
Sustainable: If it is not sustainable, it will fail when it matters most.

Most importantly, culture must be reinforced through incentives. Goals, performance evaluations, and compensation decisions matter far more than mission statements. These may not be glamorous tools, but they are effective ones.

So yes, I may have felt smarter at 25. But what experience has taught me is that the discipline of risk is ultimately the discipline of leadership. In a world where risk keeps multiplying, the best financial institutions will be led by those who ask better questions, sooner, and create organizations capable of responding thoughtfully rather than reactively.

FAQs

What are the most important risk management lessons for banks today?

The most important risk management lessons for banks include maintaining strong governance, improving risk visibility across the institution, stress testing for adverse scenarios, and aligning risk appetite with strategy. Effective banking risk management requires proactive oversight rather than reactive response. Institutions that integrate risk data across functions are better positioned to anticipate emerging threats.

Why is enterprise-wide risk visibility critical in banking?

Enterprise-wide risk visibility allows banks to identify concentrations, correlations, and emerging threats across credit, liquidity, interest rate, and operational risk. Without centralized reporting and analytics, risks can remain siloed and escalate unnoticed. Risk management software for banks helps consolidate data and improve decision-making at the executive level.

How does stress testing strengthen banking risk management?

Stress testing strengthens banking risk management by modeling how capital, liquidity, and earnings would perform under adverse economic conditions. Scenario analysis helps leadership assess resilience and adjust strategy before risks materialize. Modern risk management systems automate modeling and reporting, improving accuracy and defensibility.

What role does governance play in managing bank risk?

Governance establishes clear accountability, defined risk appetite, and consistent oversight across the institution. Strong governance ensures that risk limits are monitored, exceptions are escalated appropriately, and board reporting is timely and actionable. Effective governance frameworks are foundational to sustainable risk management practices.

How can banks modernize their risk management approach?

Banks can modernize risk management by replacing manual spreadsheets and siloed tools with integrated risk management software for banks that centralizes data, automates reporting, and supports scenario analysis. Modern platforms improve scalability, audit readiness, and executive insight while reducing operational burden.

See how automating loan origination reduces risks.

Get a demo
Webinar

Managing credit risk with clarity: Practical insights for credit unions

Read More
Webinar

AI help, not hype: Practical use cases in lending workflows

Read More
Webinar

Identifying credit risk: Spot early warning signs and maintain portfolio discipline

Read More
About the Author

Kent Kirby

Senior Consultant, Portfolio Risk
Kent Kirby is a retired banker with over 39 years of experience in all aspects of commercial banking: lending, loan review, back-room operations, credit administration, portfolio management and analytics and credit policy.  As Senior Consultant in the Portfolio Risk practice, Kirby assists institutions in the review and enhancement of commercial

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.