Risk · Governance · MFS · MFI · Retail Banking · Product & Campaign Risk · Emerging-Market Finance

Asif Ahmed Noor.

The governance framework for what the financial institutions are building, with frontier technology, does not exist yet.   As the technology moves faster than the rules that were built to contain it — frameworks are being written from the inside, in real time.   This is where my work lives.

Vice President · Head of Product & Campaign Risk, bKash Limited
Ten years of multinational banking experience prior to bKash Limited
More than fifteen years of risk management experience in the Financial Industry
Risk · Governance · Frontier Technology · asifahmednoor.com
Scroll
The observation
Risk frameworks are written in conditions of clarity — with time to think, variables that are known, and outcomes that can be anticipated. They are rarely used in those conditions.

Under pressure — in disruption, in transition, in the moments the institution did not plan for — the framework that seemed sufficient begins to show its limits. Not because it was poorly designed. Because it was designed for a different set of circumstances entirely.

The presenting problem is almost never the actual problem. It is a symptom of a gap that opened earlier, quietly, and was never named.

Institutions do not fail because they had no framework. They fail because the framework and the behaviour gradually diverged — and no one thought to measure the distance.
A four-phase methodology

The LITUp Framework

Most interventions address the symptom.

The LITUp Framework was built from more than fifteen years of working at the intersection of these pressures — not observing them, but governing through them, inside institutions that were building and adapting simultaneously. The methodology is grounded in that experience.

It works in four phases, each one beginning where the previous phase ended — following the sequence in which the problem reveals itself, not the sequence most convenient to address.

The test is simple. If the institution cannot operate what was built without the person who built it, the work is not finished.
Phase 01
L
Locate
The accountability gap — where decisions are genuinely made versus where the documentation claims they are.
Phase 02
I
Illuminate
The real failure mode — the structural, behavioural, and systemic factors that intersect to produce it.
Phase 03
T
Transfer
A governance structure the institution can operate independently — role-dependent, not person-dependent.
Phase 04
Up
Uplift
The people who carry it forward — capability, confidence, and the judgment the framework required.

The test is unambiguous. If the advisor disappeared tomorrow, could the institution continue to operate the structure that was built? If not, the transfer is incomplete.

Read the framework
Recent writing

Notes on the governance gap

All writing
29 April 2026
The governance gap: what institutions document and what they live.
Governance Gap
06 May 2026
Decisions without owners — accountability distributed until it disappears.
Governance Gap
13 May 2026
Knowledge-authority misalignment — invisible in documentation.
Mental Models
Working paper · April 2026
The LITUp Framework — a methodology for closing the governance gap.
Read paper →

If my work, my writing and my LITUp Framework strikes a note with you or the work you are doing, feel free to reach out.

Let's exchange ideas and maybe we will end up learning from each other.

About

I am drawn to the edge — where the technology has outrun the governance, where the institution is building and governing simultaneously, where the frameworks do not exist yet because nobody has been here before. That is the work worth doing. That is the work I do.

More than fifteen years ago, mobile financial services did not exist in Bangladesh. There was no governance model for it, no regulatory precedent at the scale that would follow, and no playbook for managing risk inside an institution that was simultaneously building the infrastructure and serving the population that needed it most. bKash was built into that gap — and I joined the risk function as that institution was still finding its form.

Today bKash serves over seventy million accounts. The unbanked population that had no access to formal financial services has a wallet, a payment rail, a savings mechanism, and increasingly, a credit profile. That is not a product metric. It is a structural shift in how a country participates in its own economy. I believe in that work at a level that goes beyond the institution. Financial inclusion is not a mission statement here — it is what the last decade and more has actually been.

My current role is Vice President and Head of Product & Campaign Risk within the Enterprise Risk Management Division at bKash — which means I sit at the intersection of every new product, every campaign, every AI-adjacent initiative, and the governance architecture that determines whether those things scale responsibly. Before bKash, more than a decade at Standard Chartered Bangladesh across retail banking risk, business risk management, and corporate client coverage — with a period at NRB Bank Limited between the two. Different institutions, different scales, the same structural question: how does governance hold when the conditions change faster than the frameworks can track?

The failure is rarely a missing framework. It is a framework written for conditions that no longer exist.

AI is the current version of that question — and the most consequential one. I am not a technologist. But I read the field seriously: the capabilities, the failure modes, the governance debates happening at the frontier. Because the institutions I work with are already operating in AI-adjacent territory, and a risk function that cannot think clearly about AI is already behind. The Gulf market understands this more acutely than most — the appetite for AI infusion in financial services is real, and so is the growing awareness that the governance architecture for it does not yet exist at the scale required.

The LITUp Framework emerged from this same instinct — that when no playbook exists, you build the structure that should. It grew from a live pro-bono engagement with a $1B+ microfinance institution navigating a governance transition with no established model. Four phases, each addressing what the previous phase uncovered. The measure of success is whether the institution can govern itself when the engagement ends — not whether the engagement continues.

I publish on LinkedIn and write longer-form here. Based in Dhaka, working across South Asian and Gulf markets — two regions where institutional growth has consistently outpaced governance architecture, and where the next decade of AI-driven disruption will make that gap more consequential, not less.

Experience

More than fifteen years · Retail Banking, Risk & Governance
2021 — Present
Vice President · Head of Product & Campaign Risk, ERM Division · bKash Limited
Risk governance for Bangladesh's largest digital financial service provider. Responsible for product risk and campaign risk across seventy million accounts — mobile financial services, payments, lending, savings. Voting member on key strategic risk committees. Reporting to the Chief Risk Officer.
2011 — 2015
2016 — 2021
Risk & Business Risk Management · Standard Chartered Bangladesh
Progressive responsibility across retail banking risk, business risk management, distribution channel governance, and relationship management for corporate and commercial clients. Credit appetite, control frameworks, regulatory engagement, and portfolio governance across a decade in a global banking institution.
2015 — 2016
Operational Risk & Governance · NRB Bank Limited
Operational risk, service quality, and sales governance in a local banking environment — a different institutional context and a different lens on the same structural questions.
Ongoing
Pro-bono Governance Advisor · MRA-licensed microfinance institution
Governance restructure and executive-committee transition for a $1B+ apex-funded MFI — the live field engagement from which the LITUp Framework was developed and validated.
Certification
ISO 31000 Senior Lead Risk Manager · PECB
The international risk management standard, held at the senior practitioner tier. The technical discipline behind the LITUp diagnostic.

The writing is here. The framework is here. The conversation starts whenever you are ready.

Start a Conversation Follow on LinkedIn
A four-phase methodology

LITUp

Most governance interventions fix the symptom. LITUp addresses the structure that produced it — built from more than fifteen years of pattern recognition across retail banking, mobile financial services, and microfinance, and validated in one live institutional engagement where no established model existed.

Read the working paper
L
Phase One

Locate the accountability gap.

The first phase is diagnostic. Before any intervention, the actual map of accountability needs to be established — not the one in the documentation, but the one that operates when a decision genuinely needs to be made. The two maps are rarely the same.

This is not a review of governance documentation. It is a structured examination of actual decision behaviour — who decides what, who defers to whom, where information flows, and where it stops. Documentation is the starting point, not the evidence.

In the live MFI engagement, Phase One identified a decision-making pattern in which three committees formally held authority over credit approvals above a defined threshold — and none of them had exercised it independently in four years. The real authority resided in a single executive relationship that no governance document named.

Phase outputs
  • Accountability map
  • Control universe assessment
  • Person-dependency register
  • Knowledge-authority misalignment map
I
Phase Two

Illuminate the real failure mode.

Once the gap is located, the second phase names what is actually producing it. Not the presenting problem — the underlying failure mode. This is where cross-domain pattern recognition matters most. Governance failures are almost never the product of a single cause. They are the intersection of a structural factor, a behavioural factor, and a systemic factor. Addressing one without the others does not close the gap.

In the live MFI engagement, Phase Two identified that the presenting problem — inconsistent credit decisions — was not a competence failure. It was a knowledge-authority misalignment: the individuals with the most accurate information about credit risk held no formal decision authority, and the committee that held authority received relevant data last.

Phase outputs
  • Root cause analysis
  • Failure pattern description
  • Intervention design brief
  • Cross-domain synthesis
T
Phase Three

Transfer a structure the institution can operate.

The third phase builds and hands over the governance structure itself. Accountability frameworks. Decision authorities. Control architectures. The difference from a conventional consulting deliverable is the test applied at every stage: not does this document the right answer, but can the institution operate this without assistance.

The test is unambiguous. If the advisor disappeared tomorrow, could the institution continue to operate the structure that was built? The deliverable is not a document. It is an institutional capability.

The MFI engagement produced a decision authority matrix covering seven functional areas, a restructured executive committee with defined quorum and escalation rules, and a board-level reporting protocol that did not previously exist. Twelve months after delivery, no element had been modified to re-centre authority on an individual.

Phase outputs
  • Governance framework
  • Decision authority matrix
  • Role definitions
  • Leadership continuity plan
Up
Phase Four

Uplift the people who carry it forward.

A governance structure is only as durable as the judgment of the people running it. The fourth phase assesses where the gaps are — in knowledge, in confidence, in the reasoning behind design decisions — and fills them with targeted capability work, not generic training.

Uplift is not generic training. It is targeted capability development mapped to the specific structure that was transferred. The people who operate the framework need to understand not just what it says, but why it was designed that way — so they can exercise judgment in scenarios the documentation did not anticipate.

In practice, this meant four structured sessions with the incoming executive committee covering the logic behind each decision boundary — and one session run entirely by committee members without the advisor present, to confirm that the judgment transferred, not just the procedure.

Phase outputs
  • Capability gap assessment
  • Targeted knowledge transfer
  • Operational confidence building
  • Continuity of judgment

The measure of success is institutional independence — whether the institution can govern itself when the engagement ends.

Read the full working paper
Writing

Writing on risk, governance, and the frontier where technology outpaces the frameworks built to govern it.

The same structural questions surface across retail banking, mobile financial services, and AI-driven products — in different contexts, at different scales, with different stakes. These essays name the patterns and examine what governance looks like when no precedent exists.

Working paper · available now
April 2026
The LITUp Framework — a four-phase methodology for closing the governance gap.
Read paper →
Working Paper
Forthcoming · weekly · tuesdays 8:00 Dhaka
29 April 2026
The governance gap — what institutions document and what they live.
Publishes 29 April
Governance Gap · No.01
06 May 2026
Decisions without owners — accountability distributed until it disappears.
Scheduled
Governance Gap · No.02
13 May 2026
Knowledge-authority misalignment — invisible in documentation, surfaced only by observation.
Scheduled
Mental Models · No.01
In draft · spine locked
Coming later Q2
Testing frameworks by designing the scenario they were not built for.
Mental Models
Coming later Q2
Documentation is the starting point — not the evidence.
Governance Gap
Coming later Q2
The transfer test — could the institution operate without the advisor?
Governance Gap
Contact

The right conversation starts with a question, not a pitch.

The writing is the work. If something here named a problem you have been inside — in your institution, in your thinking, in a room you are about to walk into — that is reason enough to be in touch. A question by email or LinkedIn is where it starts.

Email
aan@asifahmednoor.com
The most reliable channel. I reply within two working days.
LinkedIn
linkedin.com/in/aanoor
Public writing and professional network. Open to connection requests with a note.
Based in
Dhaka, Bangladesh
GMT +6. Comfortable with early-morning and late-evening calls for counterparts in the Gulf, Europe, and North America.
What works well
A specific question before the call.
The more concrete the framing, the more useful the conversation. A sentence or two about the problem you are working on is enough.