Riskweise designs Board-level corporate governance frameworks for GCC financial institutions — aligned with CBUAE, SAMA, CBK, QCB, CBB and CBO corporate governance regulations and Basel Committee Corporate Governance Principles — covering Board charters, committee structures, risk appetite, three lines of defence, and Pillar III disclosure support.
Engagements cover everything from greenfield governance design (banks adopting formal frameworks for the first time, often in preparation for IPO or regulatory licensing) to remediation of governance gaps following regulatory thematic review or supervisory feedback.
Board charter design, committee structures (audit, risk, remuneration, nomination), Terms of Reference, meeting governance and effectiveness reviews. Calibrated to the supervisory expectations of the home regulator.
RAF design linking strategic objectives to quantitative risk limits. KRI dashboards, escalation protocols, breach management, and Board reporting integration. Designed so RAF is operationally connected to business decisions, not a once-a-year compliance artefact.
Implementation of the 3LoD model across risk, compliance, and internal audit. Role clarity, accountability mapping, and reporting line design — addressing the common failure mode where lines blur and ownership of issues becomes ambiguous.
Assessment against central bank corporate governance regulations, Basel principles, and local listing authority requirements. Remediation roadmap with explicit prioritisation and ownership.
Tailored training for Board members and senior management on risk governance, IFRS 9 implications, capital adequacy, model risk, and regulatory expectations. Designed to raise governance literacy without overwhelming Boards with technical detail.
Annual governance reports, regulatory disclosures, Pillar III reporting, and governance sections for annual reports. Policy and charter drafting where institutions are starting from a low base.
CBUAE Corporate Governance Regulation; SAMA Principles for Corporate Governance; CBK Instructions on Corporate Governance; QCB Corporate Governance Guidelines; CBB High-Level Controls Module; CBO Banking Law requirements; Basel Committee Corporate Governance Principles for banks; and listing authority requirements at DFM, ADX, Tadawul, BHB, QSE, Boursa Kuwait and MSX. Each has nuances around Board composition, committee independence, risk oversight, and disclosure.
A RAF connects strategic objectives to specific, measurable risk limits. It includes: a Board-approved risk appetite statement; quantitative limits across credit, market, liquidity and operational risk; KRI thresholds with explicit breach and escalation triggers; reporting integration with Board pack and Executive Risk Committee; and an annual recalibration process. The RAF is what makes "risk-aware decision making" operational rather than rhetorical.
First line: business teams own and manage risk in their day-to-day activities. Second line: risk and compliance functions provide oversight, methodology, and challenge. Third line: internal audit provides independent assurance. The model only works if reporting lines and accountability are clear — common failure modes include risk teams operating as first line (compromising oversight) or audit teams operating as second line (compromising independence). Riskweise builds explicit role separation into the policy and reporting structures.
Yes. Pillar III is one of the most under-invested governance areas in many GCC banks — a source of regulator findings and reputation risk. We design the disclosure framework, draft the standard sections (capital adequacy, risk exposures, remuneration), and build the data process so disclosures are produced reliably each cycle without ad-hoc fire drills.
Greenfield framework for a new institution: 12-16 weeks. Refresh and remediation following supervisory review: 8-12 weeks. RAF design and implementation only: 6-10 weeks. Pillar III disclosure framework: 4-6 weeks. Multi-jurisdictional consolidation across cross-border subsidiaries: 16-24 weeks.
Yes. Tailored Board and senior management training on risk governance, IFRS 9, capital adequacy, model risk, and regulatory expectations. Sessions are calibrated to existing Board literacy — a Board with strong financial backgrounds needs different content from a Board where directors come from non-financial backgrounds. Training is one of the most cost-effective governance investments available.
We respond within one business day. No agency-style discovery process — straight to scope, fit, and what you actually need.
Start the conversation