There is a pattern in financial services that rarely appears in board packs or regulatory submissions. It shows up when you observe how decisions are actually made, rather than how the framework says they should be made. Every institution has a governance framework. Very few of them live it.
This is not an accusation. It is a structural observation, consistent enough across sectors and institution types to feel less like a critique and more like a feature of how large organisations work. The documentation is thorough. The policies are current. The committees meet. And yet, when a decision needs to be made under genuine pressure, what governs the outcome is rarely the framework. It is habit, hierarchy, and whoever is available at the time.
The gap between documented governance and lived governance is among the most consequential problems in financial services today, and among the least examined. It does not surface in audits or regulatory reviews. It surfaces when something goes wrong, and even then the instinct is to update the documentation rather than ask why the documentation was not what governed the decision in the first place.
What the gap actually looks like
The gap is not visible in the committee structure or the approval matrix. It appears when you observe decisions in practice: the person holding authority over a decision may not always be the person best equipped to make it well. The approval chain exists on paper; in practice, the decision was made two levels down, two days earlier, and the formal approval was a ratification.
Across financial services, the pattern is familiar. A credit risk model is reviewed by a committee appointed for seniority rather than quantitative depth. A product launch decision sits with a leader whose expertise is distribution rather than operational risk. A technology control is signed off by someone whose last technical role was many years ago. None of this reflects bad intent. The structure simply did not keep pace with what the decisions now require.
Authority was allocated when the institution was smaller, the product simpler, or the person in the role was also the one who had built the underlying knowledge. Those conditions may no longer apply, but the authority structure was never revisited. What was once earned authority has gradually become inherited authority. The two are not the same, and the difference matters most precisely when a decision is genuinely difficult.
Why frameworks fail under pressure
Governance frameworks are built by imagining the decisions that were already made well. They codify existing practice. This is a reasonable starting point. It is not a stress test.
The real test is whether the framework holds when something it was not designed for arrives: when the approval chain is unclear, when the risk owner is unavailable, when the product is already live, or when the commercially convenient answer and the right answer are not the same thing. In those moments, governance retreats to habit. Habit is faster, more comfortable, and completely undocumented.
When you trace a failed decision backwards, the pattern is consistent. Everyone approved. Nobody owned it. Each individual can point to someone else. The framework, technically, was followed. The accountability, substantively, was absent.
This is not a compliance failure. It is a structural failure in how accountability was designed: a framework built to satisfy a review, not to govern a real decision under pressure. The two requirements are not the same, and designing for one does not deliver the other.
The distance between who should own a decision and who does
Beneath the framework gap sits a more specific problem, harder to surface because it requires observation rather than documentation review. It is the distance between who should own a decision and who actually does.
In a well-functioning structure, decision authority sits with the person who has the knowledge, the mandate, and the accountability to own the outcome. In practice, authority tends to sit with whoever held it last time, whoever is most senior in the room, or whoever the organisation defaults to when ownership is genuinely ambiguous. These are not the same person, and the distance between them compounds as institutions grow, products multiply, and decisions become more technically complex.
Institutions that govern well are not the ones with the most comprehensive policy libraries. They are the ones that have genuinely answered a prior question: who owns this decision, what does ownership actually mean, and how does the institution verify that authority is sitting with the right person for this particular class of problem? That assessment requires observing how decisions are made, not reading how the framework says they should be. Most institutions have not conducted it, partly because it is uncomfortable, and partly because the documentation gives a false impression that the question has already been answered.
What technology makes visible
Technology does not create this problem. It raises the cost of leaving it unresolved. AI adoption, product velocity, and digital distribution are generating new decision nodes faster than governance frameworks can be written to cover them. Each new model deployment, each automated decision pathway, each API integration that adds a third party to a customer journey, creates a governance question the existing framework was not designed to answer.
The institutions best placed to navigate this are not the ones focused primarily on model explainability or algorithmic fairness as the leading governance concern. They are the ones that have already addressed the structural question underneath: who owns a decision when it is made at a speed and scale that no individual can fully supervise, and what does the governance architecture look like when the answer to that question is genuinely unclear?
That question is not new. The technology has simply made it much more expensive to leave unanswered.
The framework is not the governance
The gap between a governance framework and the decisions it was meant to govern rarely arrives dramatically. It accumulates through small shortcuts, inherited authorities, and the institutional tendency to review documents rather than behaviour. By the time it becomes visible, it has usually already shaped outcomes the institution would not have chosen.
The question worth sitting with: when did you last observe how a genuinely difficult decision was made in your institution, not how the framework says it should have been made, and what did that observation tell you?
The framework is not the governance. The governance is what happens when the framework is not enough.
I write about governance, risk, and the decisions institutions find hardest to make at asifahmednoor.com. If this is relevant to a problem you are working through, reach me at aan@asifahmednoor.com.
← Back to writing