By Laksh Vaswani
It wasn’t a rogue trade. It wasn’t a phishing attack. It was the silence.
I once consulted for a bank where a critical operational risk sat quietly in the background—well-documented in an internal system, yet untouched. It had been marked “non-priority” for over 18 months, despite several lower-level employees flagging it. Why? Because nobody wanted to challenge the hierarchy. The result? A small control failure that spiraled into a multi-million-dollar client compensation event and, yes, a regulatory “conversation” we all could’ve done without.
That moment stuck with me. Not because of the fallout, but because it was entirely preventable.
This is where Enterprise Risk Intelligence (ERI) earns its place. ERI isn’t just a dashboard or a Governance, Risk, and Compliance (GRC) tool. It is your organization’s emotional intelligence at scale. It’s how you listen, interpret, and respond to risk signals across your business. And more than that, it’s the courage to act on what you’re hearing—even if it’s uncomfortable.
What ERI means
ERI is not just about tools, software, processes, or the people assigned to this. It is about creating a connected nervous system that spans departments, time zones, and titles. It means seeing the know your customer (KYC) backlog in your offshore team and connecting it to a potential reputational risk with your institutional clients.
It means understanding that a disgruntled employee in the IT department could be your biggest insider threat—not just an HR problem. In short, ERI turns scattered noise into symphonic awareness.
Lesson from a tech outage that didn’t need to happen
A few years ago, I was advising a mid-sized international bank when a seemingly minor database upgrade went sideways, crippling several client-facing applications. What was shocking wasn’t the outage but how unprepared everyone was.
The Business Continuity Plan (BCP) existed. The risk was on the register. But nobody in operations had practiced the manual processes in over a year. The risk management department assumed that tech had it covered. And tech assumed it was a compliance drill.
Sound familiar?
What we did next wasn’t revolutionary. We didn’t overhaul systems or buy new software. We just got people talking. We held “risk storytelling” sessions across departments. We revisited processes from a user’s lens, not just a compliance one. And we embedded mini-stress tests in monthly team meetings. It was low-budget, high-impact.
The payoff? The next time an unexpected outage occurred, the recovery time was under 30 minutes. And no regulatory reporting was triggered.
That’s ERI. Not because it lives in a system, but because it lives in people.
Culture still rules, as does clarity
Peter Drucker said, “culture eats strategy for breakfast.” In risk management, culture eats frameworks for dessert too.
Let me give you a different example this time— one that’s more uplifting.
At a previous client, an internal risk analyst flagged a rising pattern in late reconciliations across multiple business lines. Instead of brushing it off as “ops noise,” the CRO personally invited that analyst to a risk committee meeting. That spark turned into an enterprise-wide review of post-trade processes, eventually saving the bank over $2.7M in potential break exposures and penalties. That analyst is now a VP.
What changed? Not the tech. Not the policy. Just the willingness to listen and elevate overlooked insights.
ERI’s ROI is trust across the board
Most of us are familiar with the usual risk metrics: loss event frequency, control effectiveness, and audit rating. But ERI delivers something even more powerful: organizational trust.
Trust from:
- Employees who believe their voices matter
- Regulators who sense transparency instead of box-ticking
- Clients who know you can handle turbulence
- Executives who can finally sleep at night
A Deloitte study found that companies with strong ERI cultures are 43% more likely to anticipate market disruptions and pivot successfully.
ERI tools are not the solution
You’ll hear about tools like RSA Archer, IBM OpenPages, and ServiceNow IRM. They’re all great, but ERI doesn’t begin with software. It begins with psychological safety, cross-functional empathy, and strategic curiosity.
Our most successful implementations didn’t start with data mapping. They started with leadership alignment workshops. With mapping risk appetite to strategy, not just compliance. With asking, “Where are we flying blind?”
The real challenge: Turning knowledge into influence
You might know your top five enterprise risks. But can you influence decision-makers to prioritize them over pet projects or quarterly fire drills?
That’s the bridge we must build.
Risk intelligence isn’t valuable unless it moves people. It needs stories. It needs timing. And yes, it needs relationships.
ERI isn’t just for CROs and compliance teams. It’s for product heads, HR leaders, technologists, and the C-suite. Everyone has a role to play in raising the organization’s collective awareness—and its ability to act.
The human side of ERI
If we want organizations to be risk-intelligent, we need to treat people as human sensors, not just risk owners. We must train them, empower them, and most importantly, listen to them.
ERI isn’t a project. It’s a muscle. One built through listening, learning, and leading with humility. In an age of artificial intelligence, the most powerful risk intelligence still comes from human intelligence.
About the Author
Laksh Vaswani is a senior financial services executive, recognized globally for his expertise in risk transformation, regulatory strategy, and operational resilience. Over his 20+ year career, he has helped institutions across the Americas, EMEA, and APAC build smarter, human-centric governance frameworks. A best-selling author and recipient of the International Achievers Award, he is passionate about bridging strategy, culture, and compliance. When he’s not writing or mentoring future leaders, he’s likely sharing risk jokes over coffee (yes, they exist).
