Leading Beyond the Risk Horizon
Dr Nabeel Abdul Hour Tomman
Chief Risk Officer
Bank of Baghdad
Leading Beyond the Risk Horizon
Dr Nabeel Abdul Hour Tomman
Chief Risk Officer
Bank of Baghdad
From looking backward to looking forward, Dr Nabeel Abdul Hour Tomman has built a career around one guiding principle: preparing institutions for tomorrow’s uncertainties. He began his career in audit, building a strong foundation in governance, controls, and financial accountability before transitioning into risk management. The move broadened his expertise across credit, market, liquidity, and operational risk while sharpening his ability to translate complex risk insights into practical guidance for senior management and the board.
Today, as Chief Risk Officer (CRO) at the Bank of Baghdad, Dr Nabeel leads the bank’s enterprise-wide risk function across financial and non-financial risks. He has played a pivotal role in building and embedding the bank’s risk framework, integrating risk appetite, capital planning, stress testing, governance, and business continuity into strategic decision-making. His work reflects the transformation of risk management from a traditional control function into a strategic partner that strengthens resilience, supports informed leadership, and enables sustainable growth.
Talking exclusively with TradeFlock, Dr Nabeel discusses how his transition from audit shaped his leadership philosophy, the lessons learned from managing risk in Iraq during periods of significant change, and the challenge of embedding a strong risk culture. He also reflects on the evolving role of today’s CRO in shaping resilient, future-ready institutions.
When I first stepped into the CRO role, the focus was largely on traditional risk oversight like monitoring credit quality, ensuring regulatory compliance, and maintaining effective controls. Over the years, however, the role has become far more strategic and deeply integrated into business decision-making.
Today, risk management extends well beyond preventing losses or managing regulatory expectations. CROs are expected to help shape strategy, optimise capital allocation, strengthen resilience, and guide institutions through an increasingly complex risk landscape that includes cyber threats, technology disruption, ESG considerations, geopolitical developments, and business continuity challenges.
What has surprised me most is how central the risk function has become to the direction of the organisation. Risk management was once viewed primarily as a control function; today it has become a strategic partner, helping leadership make informed decisions, strengthen organisational resilience, and support sustainable growth. It is also expected to play a much greater role in strategy, transformation, regulatory dialogue, and stakeholder confidence. The modern CRO is no longer expected only to challenge decisions but also to help create sustainable opportunities while ensuring the institution remains resilient and prepared for the future.
The most challenging part of building the Bank of Baghdad’s risk framework was not designing policies, limits, or governance structures, but something bigger. It was embedding risk thinking into the bank’s culture. Early on, risk management was often seen primarily as a control or compliance function. Changing that perception required demonstrating that effective risk management supports sustainable growth and better decision-making rather than restricting business activity.
We achieved this through continuous engagement with management, business teams, and the board while improving the quality and relevance of risk reporting. By linking the risk appetite framework to strategy, strengthening governance, and making risk discussions more forward-looking, risk became an integral part of decision-making. The experience reinforced that frameworks succeed only when they become part of an institution’s mindset, not just a set of approved documents.
Working in Iraq during periods of significant change taught me that risk extends far beyond financial metrics and regulatory requirements. Political uncertainty, liquidity pressures, regulatory developments, security conditions, customer confidence, and access to international banking relationships all influence an institution’s resilience. These experiences reinforced the importance of combining robust risk frameworks with sound judgement and adaptability.
While policies, models, and controls provide structure, they must be continuously reassessed as circumstances evolve. The most enduring lesson has been that resilience is built over time through discipline, preparedness, diversification, and transparent communication. Ultimately, effective risk management is not only about protecting a bank from losses but also about preserving trust, stability, and its ability to support the broader economy.
Absolutely. My experience across audit, internal controls, taxation, and banking risk has given me a broader perspective on how organisations operate and where risks truly originate. Audit and controls instilled discipline and a strong appreciation for governance, while taxation and financial work strengthened my analytical and commercial understanding.
As I moved into banking risk, that foundation helped me view challenges not in isolation but within their wider business context. It has also enabled me to connect the perspectives of business, finance, operations, compliance, and the board, making risk management more practical and strategically aligned.
Had I not pursued a career in audit and risk, I would likely have found my way into advisory, teaching, or strategic consulting. I’ve always been drawn to analysis, problem-solving, and helping organisations make better decisions.
While I occasionally wonder what an entrepreneurial or academic path might have looked like, I have no regrets. My career has provided continuous learning opportunities and the chance to navigate real-world challenges. Regardless of the profession, I believe the underlying theme would have remained the same: understanding complexity, bringing structure to decisions, and helping others manage uncertainty.