A mid-sized bank sets an ambitious target: grow the loan book by 25 percent in one year. The head of corporate banking delivers. By Q4, the loan book has expanded from UGX 800 billion to UGX 1 trillion.
The board applauds. The executive earns a hefty bonus of UGX 500 million for exceeding the target. But hidden in the fine print is the risk:
- 45 percent of the new lending is concentrated in real estate developers.
- Average loan size has ballooned from UGX 3 billion to UGX 7 billion, increasing single-borrower exposure.
- Collateral is mostly land titles, whose value is already under pressure from falling demand.
The risk officer raises a note: “Portfolio concentration is outside appetite.” It is presented as slide 48 of a 50-slide pack, just before lunch. No one debates it.
Eighteen months later, property prices fell by 20 percent. Developers default. Non-performing loans spike from 5 percent to 18 percent of the portfolio.
The bank must provision UGX 120 billion, wiping out two years of profits. The same executive who was rewarded for delivery is long gone, headhunted by another bank. The board is left to explain to regulators and shareholders how “record growth” turned into a balance sheet crisis. This is how polished growth stories
What boards love, and why it can be dangerous
Boards love certainty, clarity, and clean dashboards. When the pack is neat and the numbers shine, directors feel reassured. But that reassurance is often false. The absence of red flags does not mean the absence of risk.
It often means management has chosen not to highlight it. A silent board is not a strong board; it is a blind one.
Practical fixes that work
- Demand “near-miss reports” every quarter. Not just what went wrong, but what almost went wrong and why. These are the best predictors of future crises.
Table 1: Near-Miss Reporting Template (Board Pack Format) – by Mr Strategy.
| # | Dimension | What Happened | Why It Mattered | Potential Impact if Escalated | Action Taken | Board Oversight Question |
| 1 | Event Description | Intermittent outage during a major system upgrade. Online banking and ATMs disrupted for 2 hours. | Digital-first reputation at stake. Customers expect 24/7 uptime. | 50,000+ users affected. A 12-hour outage could trigger a 5% deposit flight. | Logged as near miss; internal review ordered. | What single points of failure exist in our systems today? |
| 2 | Root Cause | Middleware architecture had no redundancy. One technical fault disrupted the entire channel. | Revealed fragile IT architecture. | System collapse is possible with repeated faults. | Full audit of digital infrastructure. | Where else in our business are we one step from collapse? |
| 3 | Operational Resilience | Recovery within regulatory tolerance (under 4 hours). | Avoided fines and public scandal. | If downtime exceeded 12 hours, regulators would impose penalties, and customers could panic. | Significant investment in resilience upgrades (redundancy, cloud, monitoring). | How much are we investing in resilience versus growth? |
| 4 | Reputational Risk | Minor customer complaints recorded. The media did not pick story. | Trust erosion in a digital-first business is cumulative. | Negative headlines, investor concern, market share erosion. | Built a real-time risk dashboard with senior management visibility. | Are we tracking trust erosion early, not after headlines? |
| 5 | Culture & Accountability | Teams initially treated it as a “small issue.” | Culture risk: small failures are normalized until catastrophic. | A future major outage is likely if the mindset remains unchanged. | Rewarded “safe failure” reporting. Embedded quarterly near-miss reporting. | Do we reward staff for surfacing vulnerabilities or punishing them? |
- Tie executive bonuses to resilience metrics. Reward executives not only for growth but for managing risk exposure within appetite. A chief commercial officer should not be richer because he booked unsustainable deals.
- Insist on stress tests in plain English. Boards should hear scenarios like: “If interest rates rise by 3 percent, our profits will fall by 12 percent and we breach capital ratios.” Not vague narratives.
- Make risk appetite a board decision, not a management slogan. Every capital allocation, every strategic project, must show alignment with risk appetite. If it does not, directors must call it out.
The cost of ignoring risk is not just financial; it is reputational damage, regulatory intervention, and leadership turnover. Every board collapse in history started with directors smiling at good numbers and ignoring the quiet voice of risk.
The Risk Ignorance Cost Calculator leadership tool
Every EXCO should prepare this for the board quarterly:
- Financial hit: quantify exposure if the top three risks occur tomorrow.
- Liquidity strain: how many days of cash coverage would remain under stress?
- Reputation damage: measure likely customer churn or market exit costs if the risk is exposed publicly.
- Leadership stability: the rate at which roles would be untenable if the risk materialises.
This shifts the board’s happiness from pretty numbers to resilient numbers. Real governance is not about being impressed by growth but about being assured that growth will endure.
