FAQs

What does Encina Consulting do?

Encina Consulting provides senior-level Chief Risk Officer (CRO) advisory and risk governance expertise to CEOs, boards, and growing businesses.

​

We design, assess, and strengthen:

• Enterprise Risk Management (ERM) frameworks

• Risk appetite frameworks and statements

• Governance structures (Board, Risk Committees, senior accountability)

• Regulatory and stakeholder engagement strategies
   

Our work ensures that risk frameworks are technically robust, scalable, and effective in practice—not just well documented.

 

What is your expertise in the CRO function?

We specialise in building, supporting, and enhancing the CRO function as a core strategic capability.

​

This includes:

• Defining CRO mandate, independence, and reporting lines

• Embedding the three lines of defence model

• Strengthening risk oversight at Board and Committee level

• Developing risk reporting that drives decision-making

 

We ensure the CRO function is not symbolic, but credible, influential, and embedded in how the business is run.

 

How do you support risk governance frameworks?

We take a deep technical approach to governance design and effectiveness, including:

• Board and Risk Committee structure and effectiveness

• Risk taxonomy, policies, and standards architecture

• Risk appetite calibration and linkage to strategy

• Management Information (MI) and Key Risk Indicators (KRIs)

• Internal challenge, escalation, and accountability mechanisms
   

The focus is on designing and evidencing effective governance in practice, not just documentation.

 

Do you help firms meet regulatory expectations?

Yes. We align firms to the practical expectations of regulators and stakeholders, including:

• Governance effectiveness (not just structure)

• Demonstrable Board oversight and challenge

• Clear accountability under senior manager regimes

• Coherent and consistently applied risk frameworks
   

We prepare firms for regulatory scrutiny, skilled person reviews, investor diligence, and ongoing supervision.

 

Can you support businesses outside of insurance and financial services?

Yes. While much of our work is in regulated sectors, our approach is directly applicable to any organisation seeking to build or strengthen a risk function.

​

We support businesses that:

• Are establishing a formal risk management capability for the first time

• Require more structured governance and oversight

• Are scaling rapidly and need stronger control frameworks

• Want to align risk more closely with strategy and decision-making
   

Our approach includes:

• Designing proportionate enterprise risk management (ERM) frameworks

• Establishing governance structures and reporting lines

• Defining risk appetite and accountability

• Embedding risk into executive and operational decision-making
   

The outcome is a practical, scalable risk capability that improves resilience, decision quality, and stakeholder confidence.

 

Do you work with private equity or investor-backed businesses?

Yes. We work with private equity-backed and investor-led businesses where there is a need to rapidly strengthen risk, governance, and control frameworks.

​

This is particularly relevant:

• Pre- and post-investment

• During periods of rapid scaling or transformation

• Ahead of regulatory scrutiny or market entry

• In preparation for exit or liquidity events
   

We support management teams and investors by:

• Assessing the maturity of existing risk and governance frameworks

• Identifying gaps that could impact valuation, scalability, or execution risk

• Designing and implementing proportionate ERM capabilities

• Strengthening Board oversight, reporting, and accountability
   

Our focus is on ensuring the business has a credible, scalable risk infrastructure that supports growth, withstands diligence, and enhances investor confidence.

​

​

 

​
 

​ 

​

​

 

 

FAQs (cont.)

​

What solutions do you offer?

Our work is structured around four core scenarios:

​

Pre-Authorisation & Start-Up Readiness

• End-to-end risk and governance build-out

• CRO function design

• Regulatory application support

• Risk framework documentation and implementation

 

Scaling & Growth Governance

• Evolving risk frameworks in line with business complexity

• Strengthening Board and Committee oversight

• Aligning risk appetite to growth strategy

• Enhancing MI, controls, and oversight

 

Regulatory & Supervisory Pressure

• Independent review of risk and governance frameworks

• Identification of gaps against regulatory expectations

• Remediation planning and execution support

• Board-level advisory during regulatory engagement

 

Crisis & Intervention

• Immediate stabilisation of governance and control

• Direct support in regulatory or stakeholder response

• Credible remediation design and delivery

• Rebuilding regulatory and stakeholder confidence

 

How do you support start-ups and newly authorised firms?

We build risk and governance frameworks from the ground up, ensuring they are proportionate, credible, and scalable.

​

This includes:

• Risk registers, policies, and control frameworks

• Governance maps and committee structures

• CRO role definition (including fractional or evolving roles)

• Documentation aligned to regulatory and investor expectations

• CEO and CRO coaching where necessary

 

The focus is on getting authorised, investor-ready, and building a foundation that scales with the business.

 

How do you help scaling businesses?

As organisations grow, risk frameworks often lag behind operational and strategic complexity.

 

We address:

• Governance structures that no longer fit the business

• Weak or inconsistent risk reporting

• Lack of clarity in accountability and ownership

• Gaps between documented frameworks and actual practice

 

We ensure risk management evolves into a scalable, decision-supporting capability that enables growth, not constrains it.

 

What is your role during a regulatory crisis?

We operate as a senior, hands-on advisor to leadership during periods of acute pressure.

 

This includes:

• Diagnosing governance and control failures

• Supporting direct engagement with regulators and stakeholders

• Designing credible, regulator-aligned remediation plans

• Stabilising internal risk and control environments

 

Our focus is on restoring control, credibility, and confidence quickly.

 

How is your approach different from traditional consulting firms?

We do not deliver generic frameworks or theoretical models.

​

Our approach is:

• Technically grounded in CRO and governance practice

• Focused on what regulators, investors, and boards actually test

• Built for real-world implementation under pressure

• Delivered at Board and executive level

 

We prioritise effectiveness, evidence, and credibility.

 

What is Jon Macdonald’s role and expertise?

Encina Consulting is led by Jon Macdonald, an experienced Chief Risk Officer and board-level advisor.

​

His expertise includes:

• Leading CRO functions in complex and regulated environments

• Many years of direct experience with regulatory approval, supervision, and intervention

• Managing risk through periods of growth, transformation, and crisis

• Advising Boards on governance effectiveness and accountability

• CEO and Advanced Leadership coaching 

 

This ensures clients receive practical, senior-level insight grounded in real-world experience.

 

Do you provide CEO or CRO coaching?

Yes. We provide specialist CEO and CRO coaching to those wanting to uplevel their impact in the boardroom and beyond.

​

This is not general executive coaching. It is grounded in real-world experience and designed for leaders operating in complex, high-stakes environments.

​

Coaching is highly bespoke and typically focuses on:

• Navigating regulatory and stakeholder relationships

• Strengthening decision-making under uncertainty

• Leading risk and governance at Board level

• Managing personal effectiveness in high-pressure roles

 

This is particularly valuable for:

• First-time CEOs

• Newly appointed CROs or those wanting to solidify within their role

• Senior executives stepping into high-accountability roles

 

The focus is on practical judgement, credibility, and leadership effectiveness.

 

Do you work alongside existing CROs and risk teams?

Yes. We strengthen and support internal capability by:

​

• Providing independent challenge and validation

• Reviewing and enhancing existing frameworks and governance structures

• Supporting CROs in Board and stakeholder engagement

• Acting as a trusted advisor on complex or high-stakes issues

 

We integrate seamlessly while maintaining independence and objectivity.

 

What outcomes should we expect?

Clients typically achieve:

• A credible and effective CRO function

• Governance frameworks that withstand scrutiny

• Clear, decision-useful risk reporting

• Stronger Board oversight and accountability

• Increased confidence from regulators, investors, and stakeholders

 

How do your engagements typically work?

We tailor our approach depending on the situation, but most engagements fall into three models:

• Advisory: Ongoing support to CEOs, Boards, and CROs

• Project-based: Defined scope (e.g. framework build, remediation, readiness)

• Crisis support: Intensive, hands-on involvement during periods of pressure

 

We work at pace and with senior visibility, ensuring outputs are understood, adopted, and effective in practice.

 

When should we engage Encina Consulting?​

We are happy to see how we can help at every stage, however typically we find people contact us when they are:

• Preparing for authorisation, investment, or regulatory approval

• Scaling beyond existing governance capability

• Facing regulatory, investor, or stakeholder scrutiny

• Experiencing breakdowns in risk oversight or control

• Requiring senior CRO-level expertise

​​​

​

Need clarity on your Risk and Governance framework, or expert CEO

or CRO Coaching?

​

​

​