Risk · Governance · MFS · MFI · Retail Banking · Product & Campaign Risk · Emerging-Market Finance

Asif Ahmed Noor.

The governance framework, for what the financial institutions are building, with frontier technology, does not exist yet.   As the technology moves faster than the rules that were built to contain it, frameworks are being written from the inside, in real time.   This is where my work lives.

Vice President · Head of Product & Campaign Risk, bKash Limited
Ten years of multinational banking experience prior to bKash Limited
More than fifteen years of risk management experience in the Financial Industry
More than seven years of advisory experience in Microfinance Industry
Risk · Governance · Banking · Mobile Financial Systems · Micro Finance Institutions · Frontier Technology · asifahmednoor.com
Scroll
The observation
Risk frameworks are written in conditions of clarity, with time to think, variables that are known, and outcomes that can be anticipated. They are rarely used in those conditions.

Under pressure, in disruption, in transition, in the moments the institution did not plan for - the framework that seemed sufficient begins to show its limits. Not because it was poorly designed. Because it was designed for a different set of circumstances entirely.

The presenting problem is almost never the actual problem.
It is a symptom of a gap that opened earlier, quietly, and was never named.

Institutions do not fail because they had no framework. They fail because the framework and the behaviour gradually diverged and no one thought to measure the distance.
A four-phase methodology

The LITUp Framework

Most interventions address the symptom.

The LITUp Framework was built from the experiences gathered after working at the intersection of these pressures for more than fifteen years, not observing them, but governing through them, inside institutions that were building and adapting simultaneously through the ever changing landscapes. The methodology is grounded in that experience.

It works in four phases, each one beginning where the previous phase ended, following the sequence in which the problem reveals itself, not the sequence in which it is most convenient to address.

The evidence is simple. If the institution cannot operate what was built, without the person who built it, the work is not finished.
Phase 01
L
Locate
The accountability gap — where decisions are genuinely made versus where the documentation claims they are.
Phase 02
I
Illuminate
The real failure mode — the structural, behavioural, and systemic factors that intersect to produce it.
Phase 03
T
Transfer
A governance structure the institution can operate independently — role-dependent, not person-dependent.
Phase 04
Up
Uplift
The people who carry it forward — capability, confidence, and the judgment the framework required.

The framework is the method.
Once understood, used and imbibed, the transfer of knowledge is permanent.

Read the framework
Recent writing

Notes on the governance gap

All writing
29 April 2026
The governance gap: what institutions document and what they live.
Governance Gap
06 May 2026
Decisions without owners — accountability distributed until it disappears.
Governance Gap
13 May 2026
Knowledge-authority misalignment — invisible in documentation.
Mental Models
Working paper · April 2026
The LITUp Framework — a methodology for closing the governance gap.
Read paper →

If my work, my writing and my LITUp Framework strikes a note with you
or the work you are doing, feel free to reach out.

Let's exchange ideas and help each other grow.

About

I am drawn to the edge, where the technology has outrun the governance.

Where the institutions are building and governing simultaneously. Where the frameworks do not exist yet, because nobody has been here before. That is the work, I feel is worth doing. That is the work I do.

My career began at Standard Chartered Bangladesh. I started in credit collections, moved into risk management for the branch network, then spent time as a Relationship Manager for small and medium enterprises before returning to risk management in the lead-up to my departure. Those early years built the foundation: understanding how credit behaves under stress, how the branch network actually functions as a risk environment, and how clients experience the institution from the outside. After roughly five years, I left for NRB Bank Limited.

NRB Bank was a different kind of education entirely. It was a new bank in formation, and the mandate was proportionally broader. I supported the Head of Retail as Head of Risk and as his Business Performance Manager, which meant I was not managing risk in a defined lane. I was in Treasury for budget discussions, in meetings with the CFO to launch new products including credit cards, and learning how branch licensing works from the inside. For someone still building their career, that kind of institutional breadth is rare. You learn what building looks like, not just what operating looks like.

I returned to Standard Chartered Bangladesh as Risk Manager for Products, taking responsibility for the risk governance of the entire retail banking product portfolio. Over time I took over the full team and left as Senior Business Risk Manager, reporting to the Head of Business Risk. A decade across both stints at Standard Chartered, and each phase demanded something different.

bKash was an entirely different ball game. I joined during COVID, stepping into a risk function at an institution that had already changed how the country moves money, its name having become synonymous with a verb rather than a noun. bKash was still building the governance architecture to match its ever increasing size and complexity of scale, and I have been fortunate to be a part of that.

Today bKash serves over seventy million customers and growing. The unbanked population that had no access to formal financial services now has a wallet, a payment rail, a savings mechanism, and increasingly, a credit profile. That is not a product metric. It is a structural shift in how a country participates in its own economy. Being part of this growing story as it unfolds, helping manage product and campaign risks and govern them responsibly at a scale without precedent, is no small feat.

My current role is Vice President and Head of Product & Campaign Risk within the Enterprise Risk Management Division at bKash. I work at the intersection of every new product, every campaign, and every AI-adjacent initiative, helping build the governance architecture that ensures things scale responsibly.

The failure is rarely a missing framework. It is a framework written for conditions that no longer exist.

AI is the current version of that question and the most consequential one. I am not a technologist. But I read the field seriously: the capabilities, the failure modes, the governance debates happening at the frontier. Because the institutions I work with are already operating in AI-adjacent territory, and a risk function that cannot think clearly about AI is already behind. Western, Gulf and Asian markets understand this more acutely than most. The appetite for AI infusion in financial services is real, and so is the growing awareness that the governance architecture for it does not yet exist at the scale required.

The LITUp Framework emerged from fifteen years of pattern recognition across retail banking, digital financial services, and microfinance. The central question was this: why do governance frameworks hold in stable conditions and fail at the precise moments they are most needed? The answer was shaped and enriched through seven years of ongoing pro-bono applied work inside one of Bangladesh's largest microfinance institutions, running parallel to my full-time roles at Standard Chartered and later bKash. The breadth of that engagement, spanning product frameworks, risk management frameworks, process universe design, pricing, communication management, a core banking system PRD, and internal software development, gave the thinking a live institutional surface to work against. Four phases, each addressing what the previous phase uncovered. The measure of success is whether the institution can govern itself when the engagement ends, not whether the engagement continues.

In addition to my work in the advisory space and role in bKash Limited, I publish thought leadership content on LinkedIn and write longer-form here. I am based in Dhaka, with keen interest in industries and regions where institutional growth has consistently outpaced governance architecture, and where the next decade of AI-driven disruption will make that gap more consequential.

Experience

More than fifteen years · Retail Banking, Risk & Governance
2021 — Present
Vice President · Head of Product & Campaign Risk, ERM Division · bKash Limited
Risk governance for Bangladesh's largest digital financial service provider. Responsible for product risk and campaign risk across seventy million accounts — mobile financial services, payments, lending, savings. Voting member on key strategic risk committees. Reporting to the Chief Risk Officer.
2011 — 2015
2016 — 2021
Associate Director — Senior Business Risk Manager · Standard Chartered Bangladesh
Two stints across a decade, each with a different mandate. The first covered credit collections, branch risk management, and relationship management for small and medium enterprises. The second focused on product risk governance across the full retail banking portfolio, with progressive responsibility until leading the full team as Senior Business Risk Manager, reporting to the Head of Business Risk.
2015 — 2016
Head of Risk, Retail · NRB Bank Limited
Joined a bank in formation as Head of Risk supporting the Head of Retail, with additional responsibility as Business Performance Manager. Broad exposure beyond a defined risk lane: Treasury for budget planning, CFO-level engagement for new product launches including credit cards, and direct involvement in branch licensing and management structure. A steep learning curve by design.
2018 — Present
Pro-Bono Advisory Role · Third-largest microfinance institution, Bangladesh
Seven years of sustained engagement running parallel to full-time employment, and the live institutional context in which the LITUp Framework was developed and validated. Work has spanned annual reports, product and risk management frameworks, process universe design, pricing, communication management, a core banking system PRD, and internal software development. Each year uncovered a new layer of the same structural question.
Certification
ISO 31000 Senior Lead Risk Manager · PECB
The international risk management standard, held at the senior practitioner tier. The technical discipline behind the LITUp diagnostic.

The writing is here. The framework is here. The conversation starts whenever you are ready.

Start a Conversation Follow on LinkedIn
A four-phase methodology

LITUp

Most governance interventions fix the symptom. LITUp addresses the structure that produced it, built from fifteen years of pattern recognition across retail banking, mobile financial services, and microfinance, at the intersection of ever evolving business and technological landscape and challenges.

Read the working paper
L
Phase One

Locate the accountability gap.

The first phase is diagnostic. Before any intervention, the actual map of accountability needs to be established not the one in the documentation, but the one that operates when a decision genuinely needs to be made. The two maps are rarely the same.

This is not a review of governance documentation. It is a structured examination of actual decision behaviour: who decides what, who defers to whom, where information flows, and where it stops. Documentation is the starting point, not the evidence.

What surfaces most often is a single point of failure operating beneath the formal structure. Authority is distributed on paper, but in practice it concentrates in one relationship, one individual, or one unwritten arrangement. When that single point moves or disappears, the entire governance architecture is exposed.

Phase outputs
  • Accountability map
  • Control universe assessment
  • Person-dependency register
  • Knowledge-authority misalignment map
I
Phase Two

Illuminate the real failure mode.

Once the gap is located, the second phase names what is actually producing it. Not the presenting problem, but the underlying failure mode. This is where cross-domain pattern recognition matters most. Governance failures are almost never the product of a single cause. They are the intersection of a structural factor, a behavioural factor, and a systemic factor. Addressing one without the others does not close the gap.

What this phase consistently surfaces is a knowledge and authority misalignment. The people with the most accurate information about a problem rarely hold the authority to act on it. The people who hold authority are often the last to receive the relevant data. The presenting failure looks like a decision problem. The actual failure is a structural one.

Phase outputs
  • Root cause analysis
  • Failure pattern description
  • Intervention design brief
  • Cross-domain synthesis
T
Phase Three

Transfer a structure the institution can operate.

The third phase builds and hands over the governance structure itself. Accountability frameworks. Decision authorities. Control architectures. The difference from a conventional consulting deliverable is the test applied at every stage: not does this document the right answer, but can the institution operate this without assistance.

The test is unambiguous. If the advisor disappeared tomorrow, could the institution continue to operate the structure that was built? The deliverable is not a document. It is an institutional capability.

In practice, this phase produces a decision authority matrix across functional areas, a restructured governance architecture with defined escalation rules, and reporting protocols that formalize what previously operated informally. The measure is simple: well after delivery, the structure holds, and authority has not drifted back to any single point.

Phase outputs
  • Governance framework
  • Decision authority matrix
  • Role definitions
  • Leadership continuity plan
Up
Phase Four

Uplift the people who carry it forward.

A governance structure is only as durable as the judgment of the people running it. The fourth phase assesses where the gaps are: in knowledge, in confidence, in the reasoning behind design decisions, and fills them with targeted capability work, not generic training.

Uplift is not generic training. It is targeted capability development mapped to the specific structure that was transferred. The people who operate the framework need to understand not just what it says, but why it was designed that way, so they can exercise judgment in scenarios the documentation did not anticipate.

In practice, this means structured sessions with the incoming leadership covering the logic behind each decision boundary, and at least one session run entirely by the team without the advisor present, to confirm that the judgment transferred, not just the procedure.

Phase outputs
  • Capability gap assessment
  • Targeted knowledge transfer
  • Operational confidence building
  • Continuity of judgment

The measure of success is institutional independence — whether the institution can govern itself when the engagement ends.

Read the full working paper
Writing

Writing on risk, governance, and the frontier where technology outpaces the frameworks built to govern it.

The same structural questions surface across retail banking, mobile financial services, and AI-driven products — in different contexts, at different scales, with different stakes. These essays name the patterns and examine what governance looks like when no precedent exists.

Working paper · available now
April 2026
The LITUp Framework — a four-phase methodology for closing the governance gap.
Read paper →
Working Paper
Forthcoming · weekly · tuesdays 8:00 Dhaka
29 April 2026
The governance gap — what institutions document and what they live.
Publishes 29 April
Governance Gap · No.01
06 May 2026
Decisions without owners — accountability distributed until it disappears.
Scheduled
Governance Gap · No.02
13 May 2026
Knowledge-authority misalignment — invisible in documentation, surfaced only by observation.
Scheduled
Mental Models · No.01
In draft · spine locked
Coming later Q2
Testing frameworks by designing the scenario they were not built for.
Mental Models
Coming later Q2
Documentation is the starting point — not the evidence.
Governance Gap
Coming later Q2
The transfer test — could the institution operate without the advisor?
Governance Gap
Contact

The right conversation starts with a question, not a pitch.

The writing is the work. If something here named a problem you have been inside — in your institution, in your thinking, in a room you are about to walk into — that is reason enough to be in touch. A question by email or LinkedIn is where it starts.

Email
aan@asifahmednoor.com
The most reliable channel. I reply within two working days.
LinkedIn
linkedin.com/in/aanoor
Public writing and professional network. Open to connection requests with a note.
Based in
Dhaka, Bangladesh
GMT +6. Comfortable with early-morning and late-evening calls for counterparts in the Gulf, Europe, and North America.
What works well
A specific question before the call.
The more concrete the framing, the more useful the conversation. A sentence or two about the problem you are working on is enough.