Strategies for Consumer and Digital Banks to Build a Resilient Risk Culture

In an exclusive interview with Thiruamuthan, Correspondent at Asia Business Outlook, Loshani Ravindranath, Managing Director at CIMB Bank Berhad, discusses how banks in Asia are embedding proactive, collaborative, and culturally aligned risk management frameworks into digital lending, governance, vendor oversight, fraud prevention, and AI-driven decisions to strengthen accountability, resilience, and trust across diverse and evolving market environments.

Loshani Ravindranath, accomplished Risk Management Leader with over 18 years’ experience across operational risk, audit, and compliance, shares her views on how financial institutions are transforming risk culture in banking into a strategic enabler for long-term sustainability and digital trust.

With digital lending models facing stricter oversight across key Asian markets, how are banks adapting internal risk culture to address governance, underwriting, and tech-led exposure?  

As regulatory scrutiny intensifies across the Asian markets, including Malaysia, Indonesia, Vietnam, and the Philippines, banks are reconsidering how risk culture is embedded within digital lending operations.

We are integrating real-time risk assessment into product development processes at the beginning. Risk teams actively participate in agile sprints with tech and product teams, challenging decisions on data usage, credit models, as well as customer disclosures, before products go live. A key focus is on solidifying governance around algorithm-led underwriting, where we prioritize model explainability, ensuring transparency for internal and regulatory stakeholders. With the specific demands of the market, the path forward relies on open communication with regulators to jointly define appropriate outcomes for automation-led credit decisions.

The accountability model has evolved as well because ownership of taking risks is now with a digital lending team, not only with centralized risk functions. This proactive and collaborative framework is essential for enabling scalable responsibility and establishing long-term sustainability in light of increased supervision and changing customer expectations.

As consumer banks scale across markets with uneven digital maturity, how are they building a unified risk culture across both traditional and digital-first operations?

Building a unified risk culture is a continuous journey shaped by the challenges of emerging and advanced digital markets. The main challenge is fostering a strong risk mindset without requiring a very strict, one-size-fits-all approach, particularly when operations are across different regions such as Malaysia, Vietnam, the Philippines, and Indonesia. The guiding principles have always been a key set of non-negotiable values over fairness, transparency, and accountability.

To foster this culture across regions, we have executed several risk culture enablers, such as the simplified playbooks that convert our group risk appetite into actionable guides.  This ensures both the tech and branch teams understand and work within clearly defined boundaries. By establishing shared language, we enhance coherence and communication. We also depend heavily on the use of local risk champions to embed group expectations. Rather than pushing uniformity, we promote local ownership within the framework of shared values and flexible delivery. This approach considers the unique dynamics of each market while remaining true to the overarching group identity.  

Fintech collaborations are rising, but third-party dependencies pose increasing risk—how are banks embedding vendor accountability into core cultural and operational frameworks?

While FinTech alliances have been a hotbed for innovation in Asia, they have also introduced a new dimension of risk. We've learned that outsourcing is not the same as offloading accountability. The customer trust remains as an ultimate power, regardless of any vendor involvement. Each new partnership undergoes a comprehensive resilience assessment as part of wider risk assessment, ranging not only from technology risks, but also conduct, reputational, and sustainability considerations.

More importantly, we have trained our teams to view vendors as operational extensions, not third parties. They are part of our value chain, and when there is an outcome or incident, we ask: Did we set the right prospects? Were they effectively monitored? This approach allows for maintaining a balanced model of shared accountability and protects both business reputation and customer trust.

Frontline staff are often the first line of defense. Given this, how are banks reinforcing a culture where early signals of operational or conduct risk are acted on?

Frontline teams are usually the first to detect risks- whether it is a process gap, customer confusion, emergence of fraud, or complaints. However, determining risk is only half of the equation; the other half is ensuring employees feel safe and empowered enough to voice their concerns without fear. To develop this, we introduced a program named "Safeguarding the Bank", created on the concept of psychological safety. It incorporates no-blame escalation channels and periodic risk huddles, an informal meeting, and a free-flow forum where employees are allowed to express their concerns.

We shifted the cultural story; it is no longer reactive, it is proactive. Recognition is no longer limited to revenue generation; we now celebrate and reward individuals who detect potential issues that prevent downstream harm. This positive reinforcement has helped to enhance transparency and involvement to a great extent. We have also made escalation stress-free, less bureaucratic, with the usage of digital tools and simplified checklists. Leaders are trained in providing constructive responses instead of being defensive. Such a dual strategy of cultural openness and operational simplicity has built a healthier, resilient banking ecosystem, enabling employees to play a proactive part in the bank’s integrity.

With real-time digital fraud evolving faster than control systems, what cultural shifts are banks making to move from reactive detection to proactive fraud containment?

Real-time digital fraud is rapidly emerging as one of the critical threats in banks, especially in digital-first growth economies such as Malaysia, Indonesia, Vietnam, and the Philippines. We are not only taking action in the form of enhanced controls, but further by ensuring a companywide culture of vigilance. Fraud is no longer the responsibility of the combating fraud teams. Now the product managers are taught to think like fraudsters.

It is also equally an industry-driven move with active participation of the regulators such as Bank Negara, PDRM (Royal Malaysian Police), and the Association of Banks, which encourages a common front against fraud. We are also training customers by educating them about imminent fraud signs on the ground. We have discovered that responsiveness is equally important as detection accuracy. It implies the shift in the practice of waiting for confirmation to the model of detect, disrupt, and investigate. Internally, it has demanded significant mindset shifts and an increase in trust between departments, tolerating short-term false positives that avoid long-term negative losses.

As AI reshapes credit and risk decisions, how are institutions ensuring cultural alignment between automated systems, ethical governance, and long-term risk accountability?

AI is reshaping risk detection and risk calculation, but it also creates new complex challenges around bias, explainability, and accountability. In risk decision-making, we have leveraged a human-first approach to AI in banking. Although AI can provide important data insights, it cannot substitute human knowledge, particularly in high-stakes conditions.

To be aligned with our values, we have established cross-functional AI review panels, including risk, compliance, business, and tech, each of which has its review panels that evaluate model performance, ethical outcome, and traceability. Questions like “Is this decision explicable? Who is accountable? This secures the system against over-dependency and builds trust.

Also Read: Strategies for Medtech and Biotech Businesses to Win Japan's Healthcare Market

We are also entrenching traceability in AI models so that we can audit and retrace decisions, improving governance as well as confidence. Crucially, we are actively educating teams to ask the correct questions so that the outcome of the AI is in line with the values of the bank. AI is an asset towards accountability, not a replacement, and its incorporation has to be both technically well-performed and ethically grounded.