A new report by professional services firm Kreston Pedabo says tightening regulation is forcing Nigerian organisations to adopt more structured and disciplined approaches to risk management, as regulators move away from informal and fragmented practices.

The report noted that Nigeria’s business environment has become significantly more complex due to macroeconomic volatility, foreign exchange pressures, high inflation, cyber risks, and increasing scrutiny of environmental, social and governance (ESG) practices.

According to the authors, these pressures are now compounded by stricter regulatory oversight across key sectors, with regulators demanding clear evidence of enterprise-wide risk management frameworks that are fully embedded in governance and decision-making.

The rise of Enterprise Risk Management (ERM)

“Regulators are no longer satisfied with risk management policies that exist only on paper. They now expect demonstrable, effective Enterprise Risk Management (ERM) systems that actively guide strategic and operational decisions,” said the report authored by Albert Folorunsho, the managing consultant; Killian Khanoba, senior partner, tax compliance and advisory; Tyna Adediran, Lead, Management Consulting; and Farida Danjuma, assistant manager, management consulting.

Enterprise Risk Management provides a systematic approach to identifying, assessing, managing and monitoring risks that could affect organisational objectives. Unlike traditional risk management, which is often siloed across departments, ERM integrates risk considerations into strategy, operations and performance management.

Read also:Nigeria targets share of Africa’s $50bn petroleum investment boom

In Nigeria, regulators are increasingly insisting that ERM frameworks align with international standards such as COSO ERM and ISO 31000. Regulatory reviews now focus less on whether organisations have risk policies and more on the quality of governance, effectiveness of controls and robustness of risk reporting.

Regulatory reviews rocus on governance and controls

Regulators across financial services, capital markets and insurance have also adopted risk-based supervision models that place greater responsibility on boards and senior management. This approach is reflected in the governance frameworks of the Central Bank of Nigeria (CBN), the Securities and Exchange Commission (SEC) and the National Insurance Commission (NAICOM).

Typical regulatory expectations include clear board accountability for risk oversight, defined risk appetite statements, attention to emerging risks, strong internal controls and continuous monitoring and reporting. The report warns that failure to meet these expectations increasingly results in regulatory sanctions or reputational damage.

AI and automation introduce new risks

The report also highlights artificial intelligence and automation as a growing source of enterprise risk. AI tools are now widely used in Nigeria across financial services, telecommunications, healthcare, professional services and the public sector for activities such as credit scoring, fraud detection and predictive analytics.
While these technologies offer efficiency and strategic benefits, the authors caution that they introduce complex risks relating to data privacy, bias, explainability, ethics, regulatory compliance and third-party dependencies.

“In the absence of dedicated AI regulation, Nigerian organisations must manage these risks through existing governance and sector-specific rules,” the report said, adding that boards and management need to explicitly integrate AI risks into ERM frameworks.

Related News

Drawing on global advisory perspectives, including McKinsey, the report stressed that AI should be treated as a strategic and resilience issue rather than a purely technical matter.

Sector-specific regulatory expectations

It outlines how regulatory expectations are driving ERM adoption across sectors. In financial services, the CBN requires banks and other financial institutions to maintain comprehensive ERM frameworks covering credit, liquidity, market, operational and cyber risks, with a strong focus on governance, stress testing and capital planning.

Read also: CBN cautions governors against election-year spending spree
In the capital market, they noted that the Securities Exchange Commission views enterprise-wide risk management as a core element of good corporate governance, requiring market operators to demonstrate effective controls, regular risk reporting and audit-ready documentation to protect investor confidence.

NAICOM, meanwhile, is strengthening the link between ERM, solvency and capital adequacy, requiring insurers to demonstrate clear understanding and active management of underwriting, investment and operational risks.

Although the Nigeria Revenue Service does not mandate specific ERM frameworks, the report noted that organisations with mature ERM systems tend to perform better during tax audits due to stronger governance and documentation.

Donors are also placing greater expectations on non-governmental organisations, making formal risk management processes a prerequisite for funding and long-term credibility.

In response to these trends, Kreston Pedabo has introduced its DAPM™ ERM Framework, designed to align regulatory requirements with international standards. The framework follows four stages: Discover, Analyse, Protect and Monitor.

The Discover stage focuses on identifying and profiling risks through workshops, regulatory reviews and the development of board-approved risk appetite statements.
Analyse prioritises risks using impact assessments, heat maps and scenario analysis. Protect centres on designing and embedding effective controls, while Monitor emphasises continuous oversight through key risk indicators, dashboards and board reporting.

Effective ERM is no longer optional

“Effective ERM is no longer optional in Nigeria’s regulatory landscape,” the authors said, adding, “Organisations that adopt structured frameworks will be better positioned to manage uncertainty, meet regulatory expectations and sustain long-term value.”

Temiloluwa, the Online Editor of BusinessDay, is a transformative editorial leader with over 10 years of experience driving digital growth and innovation in media. He leads initiatives in leveraging technology to enhance storytelling and build high-performing teams. Temi is passionate about harnessing tech to inform, engage, and empower communities, with a demonstrated history of creating award-winning solutions that bridge the gap between media and technology.

Join BusinessDay whatsapp Channel, to stay up to date

Open In Whatsapp