Risk · Governance · MFS · MFI · Retail Banking · Product & Campaign Risk · Emerging-Market Finance

Asif Ahmed Noor.

Governance fails when frameworks and actual behaviors gradually diverge.   I build the structures that allow institutions to scale safely and operate independently at the frontier of digital finance.

Vice President · Head of Product & Campaign Risk, bKash Limited
A decade in multinational banking prior to bKash
Sustained risk governance experience across retail banking and digital payments
Ongoing pro-bono governance advisory in microfinance
ISO 31000 Senior Lead Risk Manager
Risk · Governance · Banking · Mobile Financial Systems · Micro Finance Institutions · Frontier Technology · asifahmednoor.com
Scroll
The observation
Risk frameworks are written in conditions of clarity, with time to think, variables that are known, and outcomes that can be anticipated. They are rarely used in those conditions.

Under pressure, in disruption, in transition, in the moments the institution did not plan for, the framework that seemed sufficient begins to show its limits. Not because it was poorly designed. Because it was designed for a different set of circumstances entirely.

The presenting problem is almost never the actual problem.
It is a symptom of a gap that opened earlier and was never named.

Institutions do not fail because they had no framework. They fail because the framework and the behaviour gradually diverged and no one thought to measure the distance.
A four-phase methodology

The LITUp Framework

The LITUp Framework was developed from risk governance experience inside institutions undergoing rapid scale and technological change. Grounded in practice rather than theory, the methodology maps how decisions are actually made, identifies structural vulnerabilities, and builds internal capability.

It operates in four phases, sequenced by how problems actually reveal themselves rather than how they are most convenient to address.

The final test is simple: if the institution cannot operate the structure independently, the work is not complete.
Phase 01
L
Locate
The accountability gap: where decisions are genuinely made versus where the documentation claims they are.
Phase 02
I
Illuminate
The real failure mode: the structural, behavioural, and systemic factors that intersect to produce it.
Phase 03
T
Transfer
A governance structure the institution can operate independently; role-dependent, not person-dependent.
Phase 04
Up
Uplift
The people who carry it forward: capability, confidence, and the judgment the framework required.

The framework is the method.
Once understood, used and imbibed, the transfer of knowledge is permanent.

Read the framework
Recent writing

Notes on the governance gap

All writing
29 April 2026
The Governance Gap: Why institutions have frameworks nobody lives.
Governance Gap · No.01
06 May 2026
AI Is a Governance Problem: Wearing a technology costume.
AI Frontier · No.01
13 May 2026
Product Velocity: The governance architecture that cannot keep up.
Digital Risk · No.01
20 May 2026
Adversarial Empiricism: Why the most useful tool in risk comes from trying to destroy your own conclusions.
Mental Models · No.01
Working paper · April 2026
The LITUp Framework: A methodology for closing the governance gap.
Read paper →

If something here named a problem or situation you have been inside or are facing, drop me a line over email to start the discussion.

About

I am drawn to the edge, where the technology has outrun the governance.

Where the institutions are building and governing simultaneously. Where the frameworks do not exist yet, because nobody has been here before. That is the work, I feel is worth doing. That is the work I do.

My career began at Standard Chartered Bangladesh, starting in credit collections before moving into branch network risk management and relationship management for small and medium enterprises. These early roles established a practical foundation: how credit behaves under stress, how operations function as a risk environment, and how clients experience the institution from the outside. After five years, I joined NRB Bank.

NRB Bank, a new commercial bank in formation, offered a different register of experience. Supporting the Head of Retail as Head of Risk and Business Performance Manager, the mandate was broad. I worked across treasury budgeting, retail product design, credit card setups, and branch licensing. This offered a rare view of institutional construction, showing how governance is built rather than just operated.

Returning to Standard Chartered, I took over the risk governance of the retail banking product portfolio, eventually leading the team as Senior Business Risk Manager. A decade at the bank across both stints established a deep familiarity with global compliance standards and the metrics of institutional resilience.

Joining bKash during a period of rapid growth required adapting risk governance to a platform operating at national scale. With over seventy million accounts, the platform represents a structural shift in how the population participates in the economy, providing wallets, payment rails, savings, and credit profiles. Governing product and campaign risks in this environment requires managing decisions at a volume and velocity which has no industry precedent or playbook to refer.

As Vice President and Head of Product and Campaign Risk at bKash, I work at the crossroads of product design, campaign execution, and automated decision systems. The mandate is to construct the governance architecture that allows the business to scale safely, translating risk controls into active business enablement.

The failure is rarely a missing framework. It is a framework written for conditions that no longer exist.

The frontier of risk is now defined by artificial intelligence. While not a technologist, I study the governance debates, capabilities, and failure modes at the edge of this transition. Because modern platforms operate in AI-adjacent territory, a risk function that cannot assess automated decisioning is already behind. Globally, the appetite for AI infusion in financial services is outpacing the governance structures required to contain it.

The LITUp Framework developed from observing how governance behaves under pressure across banking, digital payments, and microfinance. The central question was clear: why do standard frameworks fail at the precise moments they are most needed? The methodology was refined through sustained, pro-bono advisory work inside a major microfinance institution, running parallel to my corporate roles. Working across product design, core banking systems, and process mapping provided a live surface to test how governance transfers. The framework operates in four phases (Locate, Illuminate, Transfer, Uplift), ensuring an institution can operate independently once the design is complete.

I write about these operational realities here and on LinkedIn, focusing on regions where rapid institutional growth outpaces legacy governance frameworks.

Experience

More than fifteen years · Retail Banking, Risk & Governance
2021 – Present
Vice President · Head of Product & Campaign Risk, ERM Division · bKash Limited
Risk governance for Bangladesh's largest digital financial service provider. Responsible for product risk and campaign risk across seventy million accounts, covering mobile financial services, payments, lending, and savings. Voting member on key strategic risk committees. Reporting to the Chief Risk Officer.
2011 – 2015
2016 – 2021
Associate Director · Senior Business Risk Manager · Standard Chartered Bangladesh
Two stints across a decade, each with a different mandate. The first covered credit collections, branch risk management, and relationship management for small and medium enterprises. The second focused on product risk governance across the full retail banking portfolio, with progressive responsibility until leading the full team as Senior Business Risk Manager, reporting to the Head of Business Risk.
2015 – 2016
Head of Risk, Retail · NRB Bank Limited
Joined a bank in formation as Head of Risk supporting the Head of Retail, with additional responsibility as Business Performance Manager. Broad exposure beyond a defined risk lane: Treasury for budget planning, CFO-level engagement for new product launches including credit cards, and direct involvement in branch licensing and management structure. A steep learning curve by design.
2018 – Present
Pro-Bono Advisory Role · Third-largest microfinance institution, Bangladesh
Seven years of sustained engagement running parallel to full-time employment, and the live institutional context in which the LITUp Framework was developed and validated. Work has spanned annual reports, product and risk management frameworks, process universe design, pricing, communication management, a core banking system PRD, and internal software development. Each year uncovered a new layer of the same structural question.
Certification
ISO 31000 Senior Lead Risk Manager · PECB
The international risk management standard, held at the senior practitioner tier. The technical discipline behind the LITUp diagnostic.

The writing is here. The framework is here.
The conversation starts whenever you are ready.

Start a Conversation Follow on LinkedIn
A four-phase methodology

LITUp

Most governance interventions fix the symptom. LITUp addresses the structure that produced it, built from pattern recognition across retail banking, mobile financial services, and microfinance, where scale continuously challenged the governance built to contain it.

Read the working paper
L
Phase One

Locate the accountability gap.

The first phase is diagnostic. Before any intervention, the actual map of accountability needs to be established not the one in the documentation, but the one that operates when a decision genuinely needs to be made. The two maps are rarely the same.

This is not a review of governance documentation. It is a structured examination of actual decision behaviour: who decides what, who defers to whom, where information flows, and where it stops. Documentation is the starting point, not the evidence.

What surfaces most often is a single point of failure operating beneath the formal structure. Authority is distributed on paper, but in practice it concentrates in one relationship, one individual, or one unwritten arrangement. When that single point moves or disappears, the entire governance architecture is exposed.

Phase outputs
  • Accountability map
  • Control universe assessment
  • Person-dependency register
  • Knowledge-authority misalignment map
I
Phase Two

Illuminate the real failure mode.

Once the gap is located, the second phase names what is actually producing it. Not the presenting problem, but the underlying failure mode. This is where cross-domain pattern recognition matters most. Governance failures are almost never the product of a single cause. They are the intersection of a structural factor, a behavioural factor, and a systemic factor. Addressing one without the others does not close the gap.

What this phase consistently surfaces is a knowledge and authority misalignment. The people with the most accurate information about a problem rarely hold the authority to act on it. The people who hold authority are often the last to receive the relevant data. The presenting failure looks like a decision problem. The actual failure is a structural one.

Phase outputs
  • Root cause analysis
  • Failure pattern description
  • Intervention design brief
  • Cross-domain synthesis
T
Phase Three

Transfer a structure the institution can operate.

The third phase builds and hands over the governance structure itself. Accountability frameworks. Decision authorities. Control architectures. The difference from a conventional consulting deliverable is the test applied at every stage: not does this document the right answer, but can the institution operate this without assistance.

The test is unambiguous. If the advisor disappeared tomorrow, could the institution continue to operate the structure that was built? The deliverable is not a document. It is an institutional capability.

In practice, this phase produces a decision authority matrix across functional areas, a restructured governance architecture with defined escalation rules, and reporting protocols that formalize what previously operated informally. The measure is simple: well after delivery, the structure holds, and authority has not drifted back to any single point.

Phase outputs
  • Governance framework
  • Decision authority matrix
  • Role definitions
  • Leadership continuity plan
Up
Phase Four

Uplift the people who carry it forward.

A governance structure is only as durable as the judgment of the people running it. The fourth phase assesses where the gaps are: in knowledge, in confidence, in the reasoning behind design decisions, and fills them with targeted capability work, not generic training.

Uplift is not generic training. It is targeted capability development mapped to the specific structure that was transferred. The people who operate the framework need to understand not just what it says, but why it was designed that way, so they can exercise judgment in scenarios the documentation did not anticipate.

In practice, this means structured sessions with the incoming leadership covering the logic behind each decision boundary, and at least one session run entirely by the team without the advisor present, to confirm that the judgment transferred, not just the procedure.

Phase outputs
  • Capability gap assessment
  • Targeted knowledge transfer
  • Operational confidence building
  • Continuity of judgment
AI
Application

LITUp and the governance of artificial intelligence.

AI in financial services is typically approached as a model risk problem. The more consequential question is whether the institution's governance architecture is ready to own what the model does. LITUp applies directly: locating where accountability for AI decisions actually sits, illuminating the structural gap between model deployment and decision ownership, transferring a governance structure that can operate at machine speed, and uplifting the people who must exercise judgment when the model produces outcomes nobody anticipated.

The institutions best positioned to govern AI are not the ones with the most sophisticated model risk frameworks. They are the ones that have answered the prior question: who owns the decision the AI is making, and what happens when that decision is wrong?

How LITUp applies
  • Locate where AI decision authority actually sits versus where it is documented
  • Illuminate the failure mode: governance gap, not model error
  • Transfer a governance structure that operates at machine speed
  • Uplift the people who exercise judgment when the model surprises

The measure of success is institutional independence: whether the institution can govern itself when the engagement ends.

Read the full working paper
Writing

Writing on risk, governance, and the frontier where technology outpaces the frameworks built to govern it.

The same structural questions surface across retail banking, mobile financial services, and AI-driven products. The contexts differ. The stakes compound. These essays name the patterns and examine what governance looks like when no precedent exists.

Working paper · available now
April 2026
The LITUp Framework: A methodology for closing the governance gap.
Read paper →
Working Paper
Essays · available now
29 April 2026
The Governance Gap: Why institutions have frameworks nobody lives.
Read essay →
Governance Gap · No.01
06 May 2026
AI Is a Governance Problem: Wearing a technology costume.
Read essay →
AI Frontier · No.01
13 May 2026
Product Velocity: The governance architecture that cannot keep up.
Read essay →
Digital Risk · No.01
20 May 2026
Adversarial Empiricism: Why the most useful tool in risk comes from trying to destroy your own conclusions.
Read essay →
Mental Models · No.01
Forthcoming · weekly · tuesdays 8:00 Dhaka
20 May 2026
What changes when you govern seventy million users.
Scheduled
Digital Risk · No.02
In draft · spine locked · 18-post series
Coming Month 2
Knowledge-authority misalignment: invisible in documentation, surfaced only by observation.
Mental Models · No.01
Coming Month 2
Documentation is the starting point, not the evidence.
Governance Gap · No.03
Coming Month 3
The transfer test: could the institution operate without the person who built it?
Digital Risk · No.02
Contact

The right conversation starts with a question, not a pitch.

Not every problem that brings someone to a page like this has a clear solution waiting on the other side. Sometimes you are just looking for someone who has been in a similar room, who does not need the full context to understand what you are pointing at, and who has thought carefully about what tends to happen inside it.

That is a reasonable place to start. If something here felt close to home, write. It does not need to be a fully formed question, and there is no agenda expected on your end. Email or LinkedIn both work.

Reach
Elsewhere
LinkedIn
linkedin.com/in/aanoor
Public writing and professional network. Open to connection requests with a note.
Based in
Dhaka, Bangladesh
GMT +6. Comfortable with early-morning and late-evening calls for counterparts in the Gulf, Europe, and North America.
What works well
A specific question before the call.
The more concrete the framing, the more useful the conversation. A sentence or two about the problem you are working on is enough.