The Business Partner Dilemma: When Risk Partners own the risk and why it’s too heavy

Mei led Risk & Compliance partnering for a complex organisation. 

On paper, her role was to help the business understand and manage risk. In practice, it often felt as though she was expected to own the risk on everyone’s behalf. 

Leaders would come to her with questions like: 

• “Is this compliant?” 

• “Can you sign off that the risk is acceptable?” 

• “Can you make sure we don’t get in trouble for this?” 

In incident reviews, people would say, “Risk didn’t catch this,” as if her team had a crystal ball. When regulators or auditors arrived, the spotlight turned to Mei, even when the underlying issues sat in business practices and decisions far beyond her direct control. 

Mei took her responsibilities seriously. She cared about integrity, safety and doing the right thing. Over time though, she noticed a pattern: 

• Business leaders were treating risk as something that lived in the “Risk function” 

• People were making decisions first, then asking her to “bless” them 

• The same types of findings kept showing up in audits, despite new policies and training 

In a conversation with a colleague she trusted, Mei said: 

“I’m working harder every year, and yet the system doesn’t feel any stronger. It just feels like more of the risk lives on my shoulders.” 

Mei began to think about her role differently. Instead of asking, “How can I cover more risk?”, Mei started asking, “How can I help others see and own more of the risk they already hold?” She experimented with a few small shifts.  

First, she changed the tone of conversations. When leaders asked, “Is this compliant?”, she responded with questions like: 

• “What risks do you already see in this approach?” 

• “How would you explain this decision to a customer, regulator or board member?” 

• “Where do you feel confident, and where are you less sure?” 

This slowed the conversation down. It invited leaders to surface their own thinking instead of outsourcing judgement. 

Second, she made patterns more visible. Rather than treating each incident or near‑miss as an isolated event, she and her team looked across cases: 

• Where were controls consistently bypassed? 

• In which parts of the organisation were near‑misses under‑reported? 

• What beliefs about “getting things done” were putting pressure on safe or compliant practice? 

She took these themes into cross‑functional forums, as shared questions rather than accusations: 

“What do you notice in this pattern? What might it be telling us about how we work?” 

Third, Mei became more deliberate in how she used language. She started talking less about “risk ownership in Risk” and more about “risk stewardship in the business, with Risk as a partner”. 

In one leadership offsite, she shared a simple image, a triangle with “Business”, “Risk & Compliance” and “Audit” at each point, and “shared accountability” in the centre. It became a reference point for conversations about who held what, and how they might work together differently. 

Mei still did technical risk work. She still wrote policies and contributed to controls. But the way she saw her role changed, and gradually, so did the way others related to her. 

She was less the person who “owned the risk” and more the person who helped others face and work with the risks inherent in their choices. 

Mei’s story is another expression of the Business Partner Dilemma. 

Risk & Compliance partners are often positioned as the guardians of integrity and safety. When the system unconsciously hands them responsibility for risk, several things happen: 

• Leaders feel less accountable for the consequences of their decisions 

• Issues get escalated late, when options are narrow and emotions are high 

• The risk function becomes overloaded, while the wider system doesn’t learn 

The seven practices we’ve named in the Business Partner Dilemma show up here too: 

• Staying with questions long enough to surface a leader’s own view of risk 

• Clarifying what is really at stake, beyond the immediate compliance question 

• Noticing patterns across incidents and audits 

• Building influence through grounded, relationship‑based challenge 

• Turning risk reports into shared understanding and dialogue, not just documents 

• Supporting leaders to take ownership rather than “passing the risk to Risk” 

• Attending to the underlying (risk) culture, not only the formal (structural) framework 

These aren’t techniques to make Risk “nicer” or “easier”. They are developmental moves that help shift responsibility back into the system, where it belongs and strengthens. 

If Mei’s experience feels familiar in your Risk & Compliance function, or in how you relate to it, you might find resonance in our Business Partner Dilemma paper. 

It explores this pattern across functions and offers developmental practices that can support Risk partners and business leaders to work with risk more consciously, without leaving it on one person’s shoulders. 

Our Business Partner Dilemma greenpaper explores these ideas further. You can read and download it here: Greenpaper - The Business Partner Dilemma