I Build Enterprise Risk Management Functions From Scratch For Banks and Insurance Companies
Over 24 years, I've designed and implemented complete risk management departments for financial institutions across 14 countries—not just frameworks on paper, but fully operational functions with trained staff, working processes, and board governance that meet regulatory requirements and actually protect your business.
Most Consultants Deliver Frameworks. I Build Functioning Departments
Your Big 4 consultant delivered a beautiful ERM framework. 400 pages. Board approved it. Regulator acknowledged it.
But when your regulator asks "show us evidence this actually works," you realize you have documentation, not risk management.
This is the gap I close.
​
I don't hand you a binder and disappear. I design, implement, staff, and operationalize your complete risk function:
​
→ Board risk committee design and governance structures
→ Operational risk, fraud, and internal control departments built from zero
→ Policies and procedures that staff actually use
→ Risk frameworks that integrate across your organization, not sit in silos
→ Training and capability building so your team can sustain it
​
What Makes My Approach Different
​
I see the whole, not silos.
Most risk consultants focus on one area. I understand how every component of your organization connects. A weak process creates operational risk AND fraud opportunity AND compliance failure simultaneously. My frameworks reflect this reality.
​
I cut through regulatory theater.
I determine what actually protects your institution versus what's just expensive box-checking. You get effective risk management that satisfies regulators AND protects your business—not performative compliance.
​
I've built this across 14 countries.
I know what works in different markets, regulatory environments, and organizational cultures. I've created board risk committees for regional banks, built fraud departments from scratch, and designed governance structures that function across borders.
​
I implement, not just advise.
When I finish, you have a functioning risk department with trained people doing real work. Not a consultant's report gathering dust.
Built Risk Functions For Financial Institutions Across 14 Countries
✓ Designed and implemented complete ERM frameworks from scratch for banks and insurance companies.
​
✓ Created board risk committees and governance structures meeting SAMA, CBB, CBO, QFCRA, and CBUAE requirements.
​
✓ Built operational risk, fraud risk, and internal control departments—from zero to fully operational.
​
✓ Developed policies and procedures frameworks for financial institutions across GCC markets.
​
✓ Led enterprise risk management functions for multi-billion dollar organizations.
​
✓ Trained and developed risk management teams capable of sustaining the function after implementation.
​
What I've built:
​
-
Board risk committees with proper governance, charters, and reporting structures
-
Operational risk departments including risk assessment, KRI frameworks, and loss databases
-
Fraud risk management functions from detection to investigation to prevention
-
Internal control frameworks integrated with business processes
-
Policies and procedures departments that actually improve operations
-
Enterprise-wide risk registers and reporting systems boards can actually use
I Work With Financial Institutions​
That Need To:
​
Build risk management functions from scratch
You're a growing bank, new digital bank, or insurance company that needs a complete risk infrastructure—not just policies, but functioning departments.
Meet SAMA, CBB, CBO, QFCRA, or CBUAE regulatory requirements:
Your regulator has issued findings, or you need to demonstrate a mature risk function. You need someone who knows what regulators actually look for.
​
Rebuild broken or performative risk functions:
Your risk function exists on paper but doesn't work in practice. You have frameworks but no functioning processes. You need implementation, not more documentation.
​
Expand across GCC countries with proper risk governance:
You're expanding into new markets and need risk infrastructure that works across borders and satisfies multiple regulators.
​
Strengthen risk infrastructure after regulatory findings:
You've received critical audit or regulatory findings about risk management gaps. You need experienced leadership to remediate properly.
​
Create board risk committees that actually provide oversight:
Your board needs proper risk governance, not just compliance meetings. You need committees with real oversight capability.
​
If your risk function exists mainly to satisfy regulators but doesn't actually protect your business, let's talk.
Three Ways We Can Work Together
1. Risk Function Build
Complete Design & Implementation | 6-12 Month Engagement
I design and implement your complete enterprise risk management function from zero to fully operational.
​
What you get:
​
-
Complete ERM framework designed for your organization and regulatory environment
-
Departments built and staffed (operational risk, fraud, internal controls, policies)
-
Board risk committee structure, charter, and governance processes
-
Risk policies, procedures, and operational processes
-
Staff hired and trained to sustain the function
-
Integration with your existing business processes and systems
​
Deliverable: A functioning risk department, not just documentation.
​
Ideal for: New banks, growing institutions, organizations with broken risk functions, or those facing serious regulatory pressure.
​
2. Fractional Chief Risk Officer
Executive Leadership | Ongoing Retainer
I serve as your part-time Chief Risk Officer, providing executive-level risk leadership without the cost of a full-time hire.
What you get:
​
-
Strategic risk leadership and board reporting
-
Risk function oversight and development
-
Regulatory relationship management
-
Staff mentoring and capability building
-
2-4 days per month (remote + periodic on-site)
Ideal for: Organizations building permanent risk capacity, managing through regulatory remediation, or in rapid growth requiring senior risk expertise.
​
Minimum commitment: 6 months
​
3. Risk Function Assessment & Roadmap
Diagnostic & Implementation Plan | 4-6 Weeks
I audit your existing risk function, identify what's broken or missing, and deliver a detailed implementation roadmap.
What you get:
​
-
Comprehensive gap analysis against regulatory requirements
-
Assessment of current risk function effectiveness
-
Detailed remediation roadmap with priorities, timelines, and resource requirements
-
Recommendations on organizational structure, staffing, and capabilities needed
-
Clear view of what "good" looks like for your specific situation
Deliverable: Blueprint for building or rebuilding your risk function.
​
Ideal for: Organizations that know something is wrong but need clarity on what to fix and how to prioritize.
About Jaffar Mohammed
​
I've spent over 19 years building risk management functions for banks and financial institutions. My expertise comes from actually doing the work—designing frameworks, hiring and training teams, implementing systems, and ensuring everything functions in practice, not just on paper.
​
I've held senior risk leadership roles including Head of Enterprise Risk Management, building complete risk departments from zero and creating board risk committees across 14 countries. I understand not just what regulators require, but what actually works in different organizational cultures and markets.
What drives my work is this: most organizations have risk management that looks good in presentations but doesn't protect the business. I build the real thing—functioning departments with trained people doing effective work.
Education:
Doctorate in Risk Management
Certifications:
-
Certified Fraud Examiner (CFE)
-
Financial Risk Manager (FRM)
​
Geographic Focus:
Based in Bahrain, working with financial institutions across the GCC: Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and United Arab Emirates.
How We'll Work Together
1. Discovery Conversation
We discuss your situation, what's broken or missing, regulatory pressure you're facing, and whether I can help. No pressure, no sales pitch—just a professional conversation.
2. Detailed Assessment (1-2 weeks)
If it makes sense to proceed, I conduct a thorough assessment of your current state, regulatory requirements, and what you actually need. I deliver a clear proposal with scope, approach, timeline, and investment required.
3. Implementation
We execute the plan. I'm hands-on, working directly with your team. You get regular updates, clear milestones, and functioning deliverables—not just reports.
4. Transition & Sustainability
I don't just build and leave. I ensure your team can sustain the function, provide training, and create knowledge transfer so you're not dependent on consultants long-term.
Ready To Build A Risk Function That Actually Works?
​
If you're a CEO, CRO, or board member at a GCC bank or insurance company facing:
​
-
Regulatory pressure to mature your risk function
-
A risk department that exists on paper but doesn't function
-
Expansion requiring proper risk infrastructure
-
The need to build risk management from scratch
Let's have a confidential conversation about your specific situation.
​
Reach me directly:
Email: jaffar@jaffarmohammed.com