The Narrow Corridor in Banking: Maintaining the Balance between Business and Risk Management

In the face of global geopolitical uncertainty that could affect Indonesia’s banking stability, the national banking industry, particularly community lending banks (Bank Perkreditan Rakyat or BPR), faces a rather unfavourable reality. In recent years, the Financial Services Authority (Otoritas Jasa Keuangan or OJK) has revoked operating licences for 31 BPRs between 2024 and early 2026.

The most recent closure involved BPR Kamadana, headquartered in Batur Utara, Kintamani, Bangli Regency, Bali Province. Whilst this represents a firm step by OJK to maintain banking industry health and protect customer funds through the Deposit Insurance Corporation (LPS) guarantee mechanism, the phenomenon is often perceived merely as individual bank failures unable to maintain capital or regulatory minimum requirements.

However, upon closer examination, this series of closures actually reflects more structural and fundamental problems: many BPRs are unable to maintain balance between business growth and risk management.

The Narrow Corridor: Banking Perspective

In The Narrow Corridor by Daron Acemoglu and James A. Robinson, the concept of Leviathan describes state power in relation to society. The authors argue that liberty can only emerge within a “narrow corridor”—a condition where state and societal power are equally strong, mutually watchful, and in dynamic balance.

When this balance breaks down, two extremes emerge: Absent Leviathan, when the state is too weak to enforce rules and protect public interest; and Despotic Leviathan, when the state is too dominant and suppresses society, eroding individual freedom.

By analogy to The Narrow Corridor, banking can grow healthily when business function and risk management operate in balance. The tension between business expansion pressure and risk management demands represents a natural dynamic that must be managed to keep banks within a safe growth corridor.

For instance, in digital banking, a business function might propose launching a Digital Loan product (Instant Approval) with funds disbursed in approximately ten minutes using only identity cards. If Despotic Leviathan conditions prevail—or if the risk function is weak or deliberately weakened—product applications could be approved without adequate risk analysis, potentially exposing the bank to severe problems including fraud, soaring non-performing loans, capital depletion, and investigative audits.

Conversely, if Absent Leviathan conditions exist—with an overly dominant risk function imposing rigid rules—loan approval processes become protracted, requirements excessively complex, and no constructive solutions are offered. The result: stunted business growth, uncompetitive products, and the bank perceived as inflexible or “outdated.”

In contrast, Shackled Leviathan conditions create healthy balance between functions, allowing risk management to “run at the same pace” as business in creating a safe growth corridor through adaptive regulation—such as clear Risk Acceptance Criteria, e-KYC implementation using face recognition linked to population databases, and integrated credit scoring systems connecting to transaction data.

Necessary Conditions

Achieving Shackled Leviathan in a bank requires: First, top management ensuring that the risk function has equal voice with the business function in strategic decision-making.

Second, the risk function must not merely serve as an obstacle, but as an intelligent partner capable of defining clear “rules of play” allowing safe business growth. Banks should thus have high capacity whilst remaining under control.

Third, the business function must fully understand its business model and recognise associated risks when pursuing growth targets. As a risk owner, this awareness should be reflected in carefully considering external and internal conditions—such as sales team resource capacity, span of control, and policy applicability that can be effectively implemented.

As the most fundamental risk mitigation or control, policies must be integrated into systems preventing violation, rather than remaining merely administrative documents. Equally important is deeper understanding of customer profiles served: whether preferences have changed, or remain the same with certain adjustments. Notably, within the three lines of business/process framework, both business and risk functions stand on equal footing before the audit function, required to justify their processes and risk management models for sustainable company growth.

Constructive collaboration is therefore essential for maintaining company sustainability—yet this collaboration must occur within a “narrow corridor.”