Executive Governance, Risk & Resilience Advisory
Kingwall & Company Inc. is an executive governance and risk advisory firm. We bring 20+ years of senior C-suite leadership directly to boards and executive teams navigating their most consequential governance, risk and resilience challenges.
Our Firm
Kingwall & Company Inc. was founded by Muhammad Waqas Agha, MBA, CRM — a former Group Chief Risk & Compliance Officer and Managing Director of Enterprise Risk Management with 20+ years leading risk functions at global institutions managing up to $300 billion in assets. Every engagement is led personally by the founder. Clients are not buying a methodology — they are buying direct access to executive-level judgment that no internal function can replicate.
What We Do
A focused suite of executive governance and risk advisory services — each delivered at the principal level, with the depth and independence that only a dedicated specialist can provide. Click any service to explore in detail.
How We Work
Every engagement follows a proven methodology — shaped by 20+ years of leading enterprise-wide risk programs at the most senior levels. Bespoke to your context, rigorous in execution, and relentless in delivering outcomes that actually change how decisions get made.
Deep immersion in your risk landscape, governance structures, and strategic priorities to establish a precise baseline.
Crafting bespoke frameworks and solutions proportionate, actionable, and aligned to your organization's culture.
Hands-on implementation alongside your team — from board presentations to operational embedding.
Ongoing monitoring, periodic review, and responsive advisory support ensuring enduring effectiveness.
Why Kingwall
Kingwall is not a consulting firm that happens to offer risk services. It is an executive advisory practice built around one founding principle: that governance and risk counsel at the highest level must be delivered by someone who has held that responsibility — not just studied it. Every client engagement reflects that standard.
Every engagement is directed personally by Muhammad Waqas Agha. No junior analysts. No bait-and-switch. The person you meet is the person who does the work.
20+ years as Group Chief Risk Officer, Managing Director of ERM, and leader of 100+ risk professionals across Canada, the USA, the Middle East, and Asia.
Fully independent — no financial relationships with vendors, no conflicts of interest, no institutional agenda. The advice is always in the client's interest, not the firm's.
Engagements are scoped around outcomes — not hours. We measure success by the quality of the decision made, the governance strengthened, or the risk resolved.
Get in Touch
We welcome enquiries from boards, chief executives, and senior leadership teams seeking independent executive advisory counsel. All initial conversations are strictly confidential and without obligation.
You may also reach us directly at waqas@kingwallco.ca
Service — Enterprise Risk
Most organizations carry far more risk than their boards realise — and far less capability to manage it than they believe. We build the frameworks, culture and governance that close that gap.
Client Challenges
Risk registers sit in spreadsheets, updated annually, disconnected from live strategy. Emerging threats — geopolitical shifts, supply chain fragility, cyber vulnerabilities — arrive faster than reporting cycles can capture.
Boards struggle to distinguish risk oversight from operational management. Risk committees meet quarterly but lack the information architecture to challenge executive risk-taking in real time.
A beautifully written risk appetite statement exists — but no one in the business can translate it into a decision on whether to pursue that acquisition or enter that new market.
When risk management is perceived as the department that says no, it fails. The real cost is the risks that go unreported because people fear the consequences of surfacing them.
How We Respond
Bespoke frameworks anchored to your strategic plan, calibrated to your risk appetite, and structured for practical use at every organizational level.
Translating board-level appetite statements into operational tolerances, KRIs, and decision thresholds that business units can actually apply.
Developing a common risk language across the organization and visualising exposure through dynamic heat maps that evolve with the business.
Clarifying roles, eliminating duplication, and ensuring the three lines work together rather than around each other.
Diagnosing the informal norms, incentives, and behaviors that determine how risk is actually managed — and redesigning them.
Designing risk reporting packs, facilitating risk deep-dives, and coaching board members on effective risk oversight.
What You Gain
Concise, forward-looking risk reporting that equips directors to exercise genuine oversight.
Risk appetite embedded in strategic and operational decision-making across the enterprise.
A workforce that surfaces, escalates, and manages risk as a natural part of doing business.
Frameworks that satisfy regulators, auditors, and rating agencies — without becoming bureaucratic burdens.
Every engagement begins with a confidential conversation. Tell us what you're facing — we'll tell you how we can help.
Explore Further
Service — Strategic Risk
Every strategic decision carries embedded risk. The question is whether that risk has been identified, quantified, and priced — or whether it has simply been ignored in the pursuit of growth.
Client Challenges
Due diligence teams scrutinise financials but frequently underweight integration risk, cultural mismatch, regulatory exposure, and hidden liabilities buried in target companies. Value destruction begins before ink dries.
Boards approve geographic expansions based on market-sizing spreadsheets — without adequately stress-testing the political, competitive and operational risks of unfamiliar terrain.
When risk is not systematically incorporated into portfolio decisions, capital flows toward initiatives that present best — not those that create value under a range of scenarios.
Large-scale transformation — digital, operational, organizational — routinely generates new exposures not in scope when the business case was approved. Delivery risk becomes existential risk.
Our Strategic Advisory Services
Comprehensive identification and quantification of risks embedded in current and proposed strategy, including scenario modelling across macro and micro risk factors.
Independent risk review of target companies spanning operational, regulatory, reputational, ESG, and integration dimensions — with actionable findings for deal structuring.
In-depth assessment of political, regulatory, competitive and operational risks in new geographies or segments, with go/no-go recommendations and mitigation roadmaps.
Analysing the aggregate risk profile of your strategic portfolio and advising on allocation decisions that balance growth ambition with acceptable exposure.
Identifying, monitoring, and mitigating risks generated by major change programmes — ensuring delivery risk does not silently become enterprise risk.
Structured intelligence on emerging strategic threats — technological disruption, competitor moves, geopolitical shifts — before they reach the boardroom agenda.
What You Gain
Strategic choices tested against a full risk picture, not just an optimistic base case.
M&A transactions where risk is identified early enough to be priced, mitigated, or walked away from.
Plans that perform not just in the base case but across the scenarios that actually tend to materialise.
Investment decisions underpinned by rigorous risk-adjusted return analysis.
Every engagement begins with a confidential conversation. Tell us what you're facing — we'll tell you how we can help.
Explore Further
Service — Regulatory & Compliance
The regulatory environment has never been more demanding, more fragmented, or more consequential. We help organizations move from reactive compliance to proactive regulatory mastery.
Client Challenges
Operating across jurisdictions means managing overlapping, sometimes conflicting regulatory frameworks. Most compliance functions were built for one regulator — not the complex multi-regulatory environment organizations now inhabit.
Regulatory visits surface documentation gaps, control weaknesses and governance failures invisible internally. By the time the examiner arrives, the opportunity to remediate has passed.
Regulatory enforcement has escalated from financial penalties to personal liability for directors and executives. Non-compliance now includes careers and institutional licenses — not just balance-sheet items.
Regulatory reform programmes in financial services, ESG, data protection, and operational resilience generate volumes of new obligation that overwhelm compliance teams operating with fixed resources.
Our Regulatory Advisory Services
Building or redesigning compliance programmes that are proportionate to your regulatory obligations, operationally practical, and genuinely embedded in business processes.
Systematic assessment of your compliance posture against applicable requirements — identifying gaps, prioritizing remediation, and creating defensible audit trails.
Preparing organizations for supervisory examinations — mock visits, documentation reviews, management briefings, and examination strategy.
Tracking, interpreting, and operationalising regulatory change — translating complex new rules into practical compliance obligations embedded in business processes.
Supporting organizations in direct engagement with regulators — from routine correspondence to contentious supervisory discussions and application processes.
Designing conduct risk frameworks and culture programmes that address the informal behaviors regulators now scrutinise as closely as formal controls.
What You Gain
Compliance documentation, controls and governance that withstand regulatory scrutiny on any given day.
Constructive, credible engagement with regulators that builds trust and reduces supervisory friction.
Regulatory reform translated into operational obligations before deadlines create crisis.
Clear accountability frameworks that protect directors and senior managers as regulatory expectations escalate.
Every engagement begins with a confidential conversation. Tell us what you're facing — we'll tell you how we can help.
Explore Further
Service — Financial Risk
Financial risk is the category that turns strategic miscalculation into existential crisis. Our advisors bring the quantitative rigor and commercial judgment to keep organizations solvent, stable, and strategically flexible.
Client Challenges
Most organizations only discover their liquidity risk framework is inadequate when a stress event occurs. By then, options are far fewer and far more expensive. Pre-crisis planning is consistently underinvested.
FX, interest rate, and commodity exposures sit outside treasury hedging programmes — often embedded in operational contracts, supply chains, or long-term commitments where nobody thought to look.
Credit portfolios and supplier bases carry counterparty concentration that looks manageable until it doesn't. Correlation between counterparty failures in stress scenarios is systematically underestimated.
Internal capital adequacy assessments anchored to benign scenarios and historical data — rather than the severe but plausible scenarios that actually test an organization's resilience.
Our Financial Risk Services
Assessing credit risk policies, rating methodologies, concentration limits, and portfolio quality — with recommendations calibrated to your risk appetite and business model.
Designing liquidity risk frameworks, stress testing liquidity positions, reviewing contingency funding plans, and advising on optimal liquidity buffer strategies.
Identifying and quantifying market risk exposures across FX, rates, commodities, and equities — including tail risks and non-linear exposures often missed by standard VaR models.
Designing and executing stress tests that challenge comfortable assumptions — reverse stress tests, macroeconomic scenarios, and idiosyncratic shock analysis.
Supporting the design, execution, and documentation of internal capital adequacy assessments — building the analytical rigor that regulators and rating agencies expect.
Advising on asset and liability management strategy, hedging programme design, and the governance of treasury risk — including policies, mandates and reporting.
What You Gain
Confidence that the organization can meet its obligations under a wide range of stress scenarios.
Complete visibility of financial risk exposures, with governance and hedging programmes fit for purpose.
Capital allocation decisions informed by rigorous risk-adjusted return analysis rather than intuition.
Leadership teams and boards that understand how the organization performs under adversity — and have plans to manage it.
Every engagement begins with a confidential conversation. Tell us what you're facing — we'll tell you how we can help.
Explore Further
Service — Operational Risk
Operational failures do not announce themselves. They accumulate quietly — in process gaps, human error, system vulnerabilities and third-party dependencies — until they trigger an event that is visible to regulators, boards and clients simultaneously. We identify, assess and manage operational risk before it reaches that point.
Client Challenges
Control frameworks documented for audit purposes that bear little resemblance to how work actually gets done. The gap between the documented process and the actual process is where operational losses originate.
Critical processes that depend entirely on specific individuals — whose absence, departure or error would create immediate operational failure. This risk is systematically underestimated until the person is gone.
Legacy systems, manual workarounds and shadow IT that have quietly become operationally critical. Technology risk that sits outside the IT risk framework because nobody mapped the dependency.
Risk that has been contracted out but not transferred. Vendors and outsourced service providers who carry operational risk on behalf of the organization — without adequate oversight, contractual protection or fallback arrangements.
Our Operational Risk Services
Designing or overhauling the operational risk management framework — risk taxonomy, RCSA methodology, loss event capture, control assessment standards and escalation protocols. Built for use, not for audit.
Facilitating a structured RCSA process that produces an honest picture of the operational risk landscape — identifying control gaps, process weaknesses and emerging risk themes across business lines.
Assessing the operational risk embedded in third-party relationships — reviewing contracts, service level agreements, concentration risk and exit strategies. Designing the governance model for ongoing vendor risk oversight.
End-to-end mapping of critical business processes to identify failure points, control gaps and key person dependencies. Producing actionable findings for process owners and risk committees.
Analyzing historical loss events and near-misses to identify systemic patterns, root causes and control weaknesses. Converting loss data into forward-looking risk intelligence.
Advising on the governance of technology and cyber risk — risk appetite setting, control framework assessment and board-level reporting on technology risk. Working alongside technical teams, not replacing them.
What You Gain
Operational risk frameworks that identify and close gaps before they become loss events — not after.
A clear, evidence-based picture of where controls are effective and where they are not — with a prioritized remediation plan.
An operational risk framework that satisfies regulatory expectations and supports a credible story in examination.
Board-level operational risk reporting that gives directors the information they need to exercise genuine oversight — not just a summary of what management already knows.
Service — Crisis & Resilience
Crises do not announce themselves. What distinguishes organizations that emerge stronger from those permanently diminished is not luck — it is preparation. We build the capability to survive and lead through disruption.
Client Challenges
Business continuity plans sit in folders, never tested by the people who would actually execute them. The first real test is the first real crisis — and plans written in calm conditions rarely survive contact with reality.
In the first hours of a crisis, the absence of clear, coordinated communication destroys more value than the crisis itself. Stakeholder trust — with regulators, investors, customers, and media — is lost faster than it can be rebuilt.
Organizations invest in their own resilience while carrying unexamined concentration risk in critical suppliers, technology providers, and outsourced functions. A single third-party failure can trigger cascading disruption.
Crisis leadership requires a different skillset from normal management. Executives highly effective in stable conditions frequently freeze or make irreversible decisions under the cognitive load of an acute crisis.
Our Resilience Advisory Services
Building or overhauling BCPs that are operationally credible, regularly tested, and owned by the people responsible for executing them — not just filing them.
Designing and facilitating realistic crisis simulations for executive teams and boards — testing decision-making, communications, and escalation under pressure.
Developing end-to-end operational resilience frameworks aligned with regulatory expectations — identifying important business services, mapping dependencies, and setting impact tolerances.
Systematically assessing the resilience of critical third parties and outsourced functions — identifying concentration risk and designing contingency arrangements.
Developing pre-approved communications frameworks and decision trees for common crisis scenarios — so the organization leads the narrative rather than reacting to it.
Independent review of the organization's response to a crisis event — identifying what worked, what failed, and what systemic changes are required to prevent recurrence.
What You Gain
Continuity arrangements that have been tested, challenged, and refined — not just documented.
Executive teams who have practiced crisis decision-making and know their roles before a crisis demands it.
Communications capability that maintains trust with regulators, investors, and customers through disruption.
Operational resilience that minimises the impact and duration of disruption.
Every engagement begins with a confidential conversation. Tell us what you're facing — we'll tell you how we can help.
Explore Further
Service — Board Advisory
The quality of risk governance at the top of an organization sets the ceiling for everything below it. We provide direct, candid, and independent counsel to the individuals who carry ultimate responsibility.
Client Challenges
Non-executive directors receive risk reports filtered through three layers of management. By the time risk information reaches board level, it has often been sanitised to the point of uselessness.
Audit, risk, and remuneration committees operate in silos, creating gaps in oversight and duplication of effort. Interaction effects between risk categories fall between committee mandates.
In high-performing organizations, challenging the consensus view on risk is socially costly. CROs who surface uncomfortable truths find themselves marginalised. The board hears what management wants it to hear.
As risk complexity has grown — cyber, ESG, geopolitical, operational resilience — many boards carry directors whose risk literacy predates the landscape they are now required to oversee.
Our Board Advisory Services
Independent assessment of the effectiveness of board-level risk oversight — covering committee structure, information flows, director behaviors, and the quality of risk challenge.
Attending risk committee meetings as an independent advisor, reviewing papers, shaping agendas, and providing the challenge function that internal teams cannot always provide.
Bespoke education for boards and senior executives — building the conceptual fluency and practical toolkit to exercise effective risk oversight across all modern risk categories.
Providing independent counsel to Chief Risk Officers on strategy, positioning, and the management of complex internal dynamics.
One-to-one coaching for executives navigating high-stakes risk decisions — a confidential sounding board and structured decision support.
Comprehensive assessment of governance structures, board composition, committee architecture, executive accountabilities, and the informal dynamics that determine how power and risk actually flow.
What You Gain
Directors who ask the right questions, receive unfiltered information, and exercise substantive challenge.
Committee architecture and accountability frameworks that eliminate gaps and duplication.
Executive teams and boards with the capability to understand and manage the risks that actually face the organization.
A trusted advisor who says what needs to be said — without the political constraints that inhibit internal challenge.
Every engagement begins with a confidential conversation. Tell us what you're facing — we'll tell you how we can help.
Explore Further