From Climate Risk to Cyber Resilience: Dr. Tokunbo Martins on Re-engineering African Banking for a Digital, Sustainable Future
Traditional notions of banking risk are being upended by everything from aggressive Fintech adoption to the escalating threat of climate change.
We had the privilege of sitting down with Dr. Tokunbo Martins, PhD, a seasoned financial expert and former Director of Banking Supervision for the Central Bank of Nigeria (CBN), to discuss the pivotal shifts facing the banking sector.
From her unique perspective spanning the CBN, GTB Board, and her work with EFInA on financial inclusion, Dr. Martins provides a clear-eyed look at what is truly underpriced in risk management, how boards must adapt their technology oversight, and the non-negotiable foundations required to build trust and genuine inclusion across the West African financial landscape.
“Many banks do not yet appreciate how floods, droughts, or even energy transition policies can affect their borrowers, particularly in agriculture, manufacturing, and infrastructure. It’s not just a sustainability issue; it’s a credit and operational risk issue.”
Her answers offer a vital roadmap for regulators, bank executives, and GRC professionals seeking to move beyond simply enforcing rules and instead, leverage governance and risk management as an accelerant for secure and resilient innovation.
Q&A with Dr. Tokunbo Martins
Q: As the former Director of Banking Supervision for the CBN, you were responsible for banking system stability. If you could pinpoint one emerging systemic risk that Nigerian commercial banks are currently underpricing or under-managing, what would it be, and what is the Board’s role in mitigating it?
A: During my time at the CBN, I noticed that climate and environmental risks are still underpriced in our banking system. The CBN introduced the Nigerian Sustainable Banking Principles during my tenure in 2012 to guide financial institutions in integrating ESG into their operations and decision-making. While many financial institutions have made notable progress in governance and social responsibility, the environmental aspect of ESG remains comparatively underdeveloped. Many banks do not yet appreciate how floods, droughts, or even energy transition policies can affect their borrowers, particularly in agriculture, manufacturing, and infrastructure. It’s not just a sustainability issue; it’s a credit and operational risk issue. Climate shocks cut across sectors. In agriculture, they destroy crops and incomes; in manufacturing, they raise costs and disrupt supply chains; and in infrastructure, they damage physical assets and cash flows. So, climate risk is not abstract; it directly affects borrowers’ ability to repay and, by extension, banks’ portfolio quality. Boards need to start treating climate risk as a core part of their risk management and strategy discussions.
Q: You are an expert in Governance, Risk, and Compliance (GRC). In a world of aggressive Fintech adoption and rapid digital expansion, how does your approach to GRC shift from a compliance-first model to one that is an accelerant for secure innovation?
A: In my experience, GRC works best when it stops being the ‘police’ and starts being a partner. My years in risk, compliance, and audit underscore the notion. With fintech growth and digital expansion, compliance can’t be an add-on or afterthought. You have to build it into innovation from the start. I’ve found that when you embed risk thinking early in product or process design, automate controls, and use real-time data, GRC actually accelerates innovation. It gives management the confidence to move fast, but safely.
Q: As Chair of the GTB Board, what is the single most critical governance function you believe has changed for bank boards in the last five years, specifically regarding cyber resilience and technology oversight?
A: The biggest shift has been that technology and cyber resilience are now core boardroom issues, not matters left to IT departments. In the past, oversight meant ensuring systems worked. No one cared about the IT department or the CISO as long as business was going well. Today, considering the value and disruption it could bring, it means understanding digital risks, resilience, and data governance at a strategic level. Boards must ask the right questions about cyber readiness, third-party exposure, and recovery capability, not just compliance. Are our systems as efficient and effective as possible? Is our data well protected? If we are attacked, what recovery mechanisms are in place, and how long will it take to recover? What evidence and assurances can you provide? The necessary competencies and capabilities must be in place. In short, technology oversight has evolved from technical assurance to strategic resilience.
Q: Given your background in Audit and Risk, how do you ensure that internal audit functions effectively challenge the decisions of the risk management division, rather than simply confirming compliance, especially when reviewing new digital financial products?
A: In my 20+ years as an auditor, I have found that the internal audit team must be both independent, competent, courageous and forward-looking. They must have enquiring minds, assess how well risks are being anticipated and ensure effective mitigation measures are in place. They should operate under the assumption that everything that could go wrong will go wrong and ensure robust controls are implemented. When reviewing new digital products, I encourage audit teams to engage early to understand the business model, data flows, control design and ensure every potential logical failure is tested. That way, their challenge will be informed rather than reactive. They should test assumptions, not just processes. Ultimately, audit provides the most value when it constructively questions whether risk management genuinely protects innovation, rather than merely documenting it.
Q: Your work at EFInA focuses on financial inclusion. What is the most significant non-technology barrier (regulatory, infrastructural, or cultural) currently preventing the deep penetration of truly inclusive digital finance across Nigeria and the broader West African region?
A: From my experience at EFInA, the primary non-technology barrier is a lack of trust due to insufficient consumer protection and financial literacy. EFInA’s surveys have indicated that many low-income users remain cautious about digital finance due to fraud, limited recourse mechanisms, and a lack of understanding of the products. Technology is no longer the main obstacle; it is the human and institutional ecosystem surrounding it. Many customers who suffer losses feel they have nowhere to turn. Building trust through improved consumer protection, stronger regulatory enforcement, and financial education will foster genuine inclusion.
Q: Your book addresses the impact of banking reforms. Looking back at the last decade of reforms in Nigeria, what is one unintended consequence, positive or negative, that has had the biggest effect on the ability of Micro, Small, and Medium Enterprises (MSMEs) to access credit?
A: One unintended consequence of the last decade of banking reforms in Nigeria, particularly the implementation of Basel II/III capital accord and the associated tightening of prudential standards, is the reduction in banks’ appetite for lending to MSMEs due to higher capital charges and risk-weighting requirements. This was revealed by the survey I conducted among regulators and the banking industry operators, which is contained in the book you referred to.
While these reforms which commenced during my tenure, were designed to strengthen the banking system’s stability and resilience, they had an unintended effect: MSME loans became relatively more expensive for banks to hold on their balance sheets. Under Basel II/III, loans to smaller, riskier borrowers attract higher risk weights, which in turn require banks to hold more capital. Faced with this, many banks shifted their credit portfolios toward lower-risk, higher-collateral, and shorter-tenor assets such as government securities, large corporates, and multinationals.
On the positive side, but also unintended, the reforms indirectly accelerated innovation in alternative credit channels, including digital lenders and non-bank MSME finance platforms. As banks pulled back, fintechs and microfinance institutions filled the gap with cash-flow-based lending, psychometric scoring, and digital credit algorithms.
Q: You have executive certificates from Harvard and affiliations with Oxford and INSEAD. How do you translate global best practices in public policy and finance regulation into pragmatic, effective solutions that work within the unique context and constraints of the Nigerian economy?
A: My global training is helpful, but the real skill lies in translation, adapting what is considered best practice to Nigeria’s political economy, capacity, and constraints. I follow three principles. First, I start from Nigeria’s reality – analysing our incentive structures, data gaps, and capacity before applying any global model. That was the approach we used when introducing the Basel Capital Framework. Second, proportionality is crucial. We must simplify, prioritise, and phase reforms so they are ambitious yet achievable for our institutions. Finally, it’s essential to co-create with stakeholders, including regulators, banks, MFIs, and fintechs, so policies are practical, locally owned, and can be quickly adjusted if data reveals unintended effects. Essentially, I view global insights as a toolkit, but the solutions are always customised to what will truly work on the ground in Nigeria.
Q: Your experience includes using technology for supervisory processes. Looking ahead, what is the Next Generation of supervisory technology that the CBN or other African central banks should prioritize to improve real-time risk monitoring and market transparency?
A: The next generation of supervisory technology for the CBN and other African central banks should focus on real-time, API-based regulatory data feeds that replace slow, periodic returns with continuous visibility into liquidity, capital, large exposures, conduct issues, and operational incidents. It should also incorporate AI-enabled early-warning systems that use advanced analytics to detect anomalies in lending patterns, FX positions, mobile-money flows, AML/CFT, fraud, cybersecurity telemetry, and other emerging risks before they escalate. In addition, automated supervisory triggers should be built in to flag breaches, prioritize inspections, and initiate proportionate corrective actions. Together, these capabilities transition supervision from reactive, backward-looking compliance to proactive, predictive, data-driven oversight, enabling supervisors to issue forward-looking composite risk ratings and take pre-emptive action to safeguard financial stability.
Q: As a leader who has helped shape an industry, what is your philosophy on developing the next generation of regulatory and finance experts? What core skill is missing in today’s young professionals entering the GRC fields?
A: My philosophy is that technical competence must be matched with character and judgment. I focus on exposing young professionals to real problems early, so they learn to think critically, use data well, and understand the public-interest purpose behind regulation. The biggest gap I see today is systems thinking, the ability to connect governance, risk, compliance, technology, and business strategy into a coherent whole. Many are strong technically but struggle to see the wider implications of their decisions.
