Skip to content

Shifting Gears: From Risk Management to Risk Intelligence for Growth

author
Kin&Co
25th Nov 2025
Article

We are navigating a moment where the pace and breadth of transformation is an incredibly challenging operational context for organisations. The range, variety and complexity of emerging risks and opportunities is both acute, and now a normal feature of work.

Given the reality of today’s environment, and the shift towards supporting responsible, managed risk to drive growth and innovation, Kin&Co’s conversation at the recent Armstrong Wolfe SMF24 Community event couldn’t have been more timely.

For years, many regulated businesses have been optimised to minimise risk, over-rotating their risk management towards a “don’t-get-fined” practice. 

As a result, the opportunity cost of inaction – the growth they’ve forfeited – has become one of the greatest barriers to strategic advantage and creating value for customers.

The game has changed. Traditional approaches are not sufficient to drive opportunity. 

Sarah Pritchard, deputy chief executive of the FCA, recently signaled a powerful shift in her speech at the launch of the Chief Risk Officer Network: responsible, well-governed risk-taking is now a growth expectation, not a side note.

While the FCA highlighted that 97% of Chief Risk Officers think the sector needs to be more comfortable taking managed risks to support growth, a recent EY report found only 14% of organisations they researched have completely changed their approach.

At Kin&Co, we define this as moving beyond risk management to building genuine risk intelligence and a much more active, confident and strategic approach to risk optimisation within firms and the sector.

The incentive for change is clear: organisations focused on strategic risk outperform their peers in key metrics:

* Improved risk accountability and culture
* Reduced proportion of unexpected risks
* Better incident identification and response time
* More appropriate risk escalation and decision making

The firms that master this transition – the ones who figure out how to be truly Risk Intelligent – will own the next decade of growth.

At its core, this is a conversation about behaviour change. Success will require a deep and intentional shift in approach, a much sharper focus on human behaviours and psychological factors that influence decision making, speaking up, collaborating and innovating in ambiguous, fast-paced and complex environments, and structured investment in building new capabilities, mindsets and cultural conditions

Our discussion with Armstrong Wolfe and their SMF24 Community of COOs and Risk professionals was to explore this critical cultural shift. This article shares some themes, reflections, insights and ideas from our discussion!

What is Risk Intelligence?

At Kin&Co, we define Risk Intelligence as the capacity of leaders and teams to consistently turn complex, fast changing risks into timely, balanced decisions and opportunities – protecting today’s obligations while unlocking tomorrow’s opportunities for growth. 

Risk intelligent leaders and teams excel at making sound and dynamic decisions, innovating, adapting their approaches, and fostering open dialogue within fast-changing, ambiguous, and complex environments. 

This is a fundamental shift from traditional risk management (focused on prediction, process, and control) towards a strategic capability that unlocks tomorrow’s growth, enabled by a thriving culture. 

How Risk Intelligent is your Organisation?

To bring the shift from risk management to risk intelligence to life for the SMF24 Community, we explored four organisational personas inspired by BSI and Cranfield School of Management’s Organisational Resilience ‘Tension Quadrant’, which maps organisational resilience approaches against two axes: consistency vs. flexibility and stopping bad things vs. making good things happen.

* The Custodian: (Stop Bad Things / Consistency) Focuses on perfect plans and building walls (controls) to stop threats entirely. Provides safety but struggles to adapt to new and emerging situations.

* The Scout Leader: (Stop Bad Things / Flexibility) Knows perfection is impossible, focusing on training people to be vigilant and highly adaptable to downside risks.

* The Engineer: (Make Good Things Happen / Consistency) Aims to make things better, faster, and more efficient within the current system, incrementally improving what they do well. May not optimise upside potential to its fullest.

* The Explorer: (Make Good Things Happen / Flexibility) Is bored with the status quo, constantly experimenting, inventing, and exploring unknown markets. They are bold in their hunt for upside risks but must lay the right defences to manage potential downside risks.

While a playful simplification of the contrasting perspectives presented by their research, the four organisational personas enabled the SMF24 Community to explore which perspective predominantly drives their organisation as a whole. 

Even though almost half (45%) of CEOs surveyed in PWC’s 2024 report do not believe their business will be viable in a decade without reinvention, we still see firms defaulting to the Custodian approach. Despite the FCA’s recent push for responsible risk-taking, many have found themselves partly stuck in the Custodian approach from a traditional tick-box “compliance” relationship with the regulator. 

The group understood that while the Custodian approach has got them to where they are today, it may not get them to where they want to go. Experimenting with what being more Scout Leader, Engineer or Explorer could achieve them, we heard opportunities, such as:

* Enabling Boldness: Equipping leaders to aggressively lean into massive new opportunities, like AI adoption and market expansion, by making timely, balanced decisions that competitors – still optimised for caution – simply cannot.

* Creating Value: Maximise commercial, market, customer, and brand value by providing the cultural and systemic muscle for smart experimentation and strategic agility.

* Speed & Agility: Ensuring immediate, agile behavioural responses to rapid downside risks (from cyber to regulatory breaches), protecting your firm where slow governance fails.

* Safeguarding Trust: Protecting your reputation, brand trust, and compliance posture by building the capability to manage weak signals and foster the open dialogue necessary to avoid delayed learning and costly failures.

If we take AI optimisation as just one example, BCG predicts Retail Banks could unlock more than $370 billion annually in additional profits by 2030 through large-scale deployment of artificial intelligence.

But the reality is, resilient, risk-intelligent organisations do not pick one quadrant. Weakness comes from over-investing in one mode, especially the Custodian, and neglecting the others. The strategic move is to be explicit and invite a conversation around: where must we remain Custodian, where do we need more Scout Leader vigilance, where should we Engineer for consistent upside, and where is it essential to act as Explorers, with clear boundaries?

In our conversation with the SMF24 Community, we discussed the systemic and human barriers to becoming a more resilient, risk-intelligent organisation. 

The Systemic Barriers to Risk Intelligence

The discussion with the SMF24 Community uncovered several key obstacles preventing regulated businesses from becoming more resilient, risk-intelligent organisations:

* Missing Strategic Link: A lack of clear alignment between the choice of risk culture and the organisation’s commercial and strategic goals. There is often a lack of energy and appetite to articulate the commitment to optimising upside risk.

* Entrenched Outdated Beliefs: Outdated beliefs on the mandate and scope of Chief Risk Officers (CROs), leading to a lack of clarity, confidence and dexterity in adopting other risk-optimising mindsets.

* Regulatory Focus: Historic pressure to tick boxes and a lack of clarity about how risk approach fits with strategic vision. When a risk approach is only nailed to regulation, it feels transactional and tick-box rather than aligned to strategic advantage. As Sarah Pritchard stated: “The FCA’s shift to outcomes-focused and less prescriptive rules may feel uncomfortable for some… but an outcomes-focused approach is essential if we are to be forward looking and supportive of innovation.”

* Organisational Legacy: The lived experience of big fines and the full consequences of when things go wrong create a culture that is focused on risk mitigation and control rather than risk innovation.

* Data Silos: Data being used only for regulatory perspective rather than as a driver of live strategic questions.

* Human & Psychological Factors: Failure to understand and invest in the human, dynamic, and psychological side of risk. When threatened, our brains enter survival mode, seeking control and making us less risk-intelligent.

The Human, Behavioural & Psychological Factors

“This shift to outcomes-focused and less prescriptive rules may feel uncomfortable for some of you in this room. It requires a culture change – both in the industry and, yes, for us as a regulator.” – Sarah Pritchard 

As recognised by the SMF24 Community, the shift to Risk Intelligence necessitates conversation about behaviour change. Success requires a deep and intentional focus on the human and cultural factors that influence decision-making, speaking up, collaborating, and innovating in complex environments.

Despite the clear commercial value and regulatory push, building genuine risk intelligence is inherently difficult because it cuts against how humans are wired to respond to uncertainty.

The Predictable Constraints

Building risk intelligence is not easy. As Nobel Prize-winning psychologist Daniel Kahneman showed, in conditions of risk, people reliably depart from rational models. Most poor risk decisions happen in apparently calm conditions due to predictable psychological biases:

* Loss aversion: We fear losses far more than we value equivalent gains, causing leaders to become overly cautious (protecting today at the expense of tomorrow’s opportunities).

* Incentive misalignment: Individuals are motivated by short-term rewards, leading to excessive risk-seeking behaviours if incentives are short-term focused.

* Confirmation bias: Teams cling to familiar positions and search for confirming data, narrowing the field of view when complexity demands wider sense-making.
These patterns have been observed across financial governance failures and act as a predictable constraint on decision quality.

The High-Stakes Amplification

In volatile, high-stakes environments, our biological threat system amplifies these psychological biases:

* Adrenaline narrows perceptions, forcing a focus on immediate risks and suppressing the pre-frontal functions needed for long-term planning and perspective.

* The mind shifts to survival mode, manifesting as micro-managing, seeking control, and falling back on familiar, safe ways of working, even if they are inefficient.

* We can experience cognitive overload draining energy and stifling problem solving.

In conditions of fear or uncertainty, teams fall back on familiar patterns: doing what has always kept them “safe” – even if that means missing new growth opportunities for them and their organisation.

A Designable Challenge: 10 Questions to Shift Perspective

Risk-intelligent organisations know these human tendencies and systemic barriers will show up and build governance, incentives, and culture that both protect value and create it.


For COOs and CROs, these are not soft issues. They are predictable constraints that demand strategic effort and design. Addressing these critical human and systemic dimensions requires strategic energy, which is where intentional investment in capability and culture pays off. 

These ten questions can help pinpoint where you might need to focus your efforts…

1. Define the ambition

– a. Have we clearly defined where, when, and how we expect people to take intelligent risks for growth, as well as where we expect strict guardrails? If people only know what to avoid, they will default to caution. 
– b. Are Risk leaders routinely involved upfront to shape new products, AI use cases, and market moves, or do business teams experience Risk mainly as a blocker? How you cast Risk shapes how early they are invited in. 
c. Can leaders navigate daily dilemmas to enable growth and protection, innovation and control, as tensions to balance, not sides to choose? Language from the top either locks in win/lose thinking or opens up balanced choices. 

2. Empower sound judgment 

– a. Do leaders help colleagues distinguish “I need to feel safe to raise this” from “I need a guaranteed answer before I act”? People need to feel safe to act in grey space, not only when everything is known. 
– b. Can people safely share doubts, concerns, or promising hunches without a fully proven case? Do leaders respond in ways that encourage more insight, or shut it down? Risk intelligence depends on early information about both harm and opportunity.
– c. Do senior teams use common habits such as testing assumptions, surfacing bias, and running pre-mortems on key decisions? Judgement is a discipline, not a personality trait.

3. Align systems and practice

– a. Do promotion and pay criteria reward balanced judgement and long-term value, or mainly quietness and short-term results? Signals about careers and rewards will always trump posters.
– b. Can a busy leader use our risk appetite and policies in a live decision without translation? Have we turned them into a small number of simple checks that support a confident ‘yes’ where value is there? If frameworks are unusable at speed, people revert to habit or hierarchy. 
– c. Are we transparent about how data from audit, speak-up, and surveys is used, so people trust it as a learning tool? If structures reward box-ticking, culture will follow.
– d. Where are we deliberately using these behaviours in live decisions on AI, transformation, or new propositions? Capability grows through repetition in real work.

The Future is Risk Intelligent

The conversation at the Armstrong Wolfe SMF24 Community event reinforced a critical truth: the goal is no longer to be the firm with the fewest incidents, but the firm with the most intelligent risk posture. The focus is shifting from a narrow, defensive accountability under SM&CR to a broader, proactive mandate for growth and value creation as signaled by the FCA.

Building Risk Intelligence requires both skeleton and muscle: the robust governance processes and the deliberate cultural behaviours driven by strong, coherent leadership. This is the Kin&Co approach: equipping leaders of today and tomorrow to drive risk-intelligent culture change.

The question for every COO and CRO is not if you will embrace this shift, but how fast and how intentionally you will redesign your culture and systems to get there. Kin&Co helps companies build thriving cultures that enable risk-intelligent growth. Our approach combines cultural assessment with practical behaviour change tools & interventions to make intelligent risk-taking visible, safe, and scalable—surfacing the beliefs that shape behaviour, resetting the signals that drive decisions, and creating the conditions for risk intelligence at scale. Contact Kin&Co to find out more. 

Thanks again to Armstrong Wolfe and the SMF24 Community for their discussion and insights on this critical topic. We look forward to continuing the conversation.