Increasing global risks, economic uncertainty, and the evolving financial industry are having an unprecedented impact on risk managers’ function, skillset, and expertise. A keen understanding of global issues, technology skills, strategy and leadership qualities, being innovative and able to anticipate events are becoming hugely important. Generally based on a panel discussion on this topic at Risk Europe 2023, in this blog we provide an analysis of the changing role of the Chief Risk Officer (CRO).
A lot of attention was placed on the CRO function during the failure of Silicon Valley Bank (SVB), which resulted in the destruction of over $40 billion in shareholder value and forcing unprecedented government intervention to protect depositors. SVB had been without an active CRO for approximately eight months before its collapse and was considered a main contributor to the bank’s downfall.
That was a real eye-opener, and while it put a spotlight on the CRO role, it was not the event that launched the transformation of the function over the last several years. Going back to the global financial crisis and events thereafter, the job has seen growing complexity and a rapidly expanding set of tasks.
Before we go there, what was the traditional focus of the CRO? According to one panelist at the discussion session titled “The Changing Role of the Chief Risk Officer” at Risk Europe 2023, the function was seen as a business support position whose focus was mainly on traditional financial risk types, such as credit, liquidity and market risks, as well as on ensuring compliance with regulators. But the role of the CRO has evolved and continues to move from the traditional risk types and the mandates that were imposed pre-global crisis to other types of risks and new regulatory requirements.
The role of a risk officer, of course, has always been there, but with changes in regulation, the onset of new technologies, the emergence of different types of risk, the development of more dynamic and complicated global financial markets, and the need for better and more effective communications at the top management, decision-making levels, the role of the CRO is changing for good.
According to the panel at Risk Europe, these are the ways the CRO role has transformed:
Strategic Adviser. Since the CRO is best positioned to identify risks that present threats and even those that may present opportunities, the CRO can influence strategy with respect to both the c-suite and board levels and help them make the right decisions. For this reason, the CRO needs to take the time to cultivate a partnership with the business leaders so as to earn their trust. This way the CRO becomes more powerful and begins to gain free and unfettered access to the c-suite and the board, e.g., having a seat at the table. When the CRO reaches the level of strategic partner and trusted adviser, people will listen to the CRO and say, “Yes, that sounds right.” Eventually, this could evolve into having the independence to make decisions.
The panel added that the CRO is also becoming a strategic partner to the fund manager or financial manager and an enabler of the business.
Builder of the risk culture. In addition to being a strategic adviser, the CRO also has the responsibility to raise a risk-awareness culture. A strong risk culture is extremely important. At an organization, risk has to be fundamental to everything it does and it should be everyone’s responsibility to share that culture of risk awareness—to share a common understanding of what the firm’s risk appetite is and what are the risk-taking limits. The CRO also needs to have the right team in place to have the right risk culture.
Team leader. The role of the CRO has evolved and continued to move on from the traditional risk types that were and still are mandated by regulators, to other types of risk that are more emerging. As a result, we have seen the CRO’s workload change.
When you look at the scope of the CRO’s role today, it's far reaching and it's probably impossible for one person to have all of the necessary skills to successfully and holistically manage an organization’s risk. So, it should be made a requirement for the CRO to build, manage and lead a team that can cover the scope of increasing risks.
The more capable people you have around you with in-depth knowledge of the subject matter in particular areas, the better off the CRO will be. This is because the idea that you could be an “all-rounder” doesn’t really work anymore.
Technology Embracer. As mentioned, the role of CROs is changing for good, and technology will help them succeed through this change.
Now, with the advancement in emerging technologies and the greater availability of real-time data, and higher volumes of data at much greater levels of granularity than ever before, using all the various innovative techniques and next-generation tools available to risk managers is enhancing their capabilities to deliver not only an efficient risk function but an enhanced understanding of the sources and causes of business risks, as well as being able to better identify and measure risk management processes. Examples of these technologies and tools include AI, Machine Learning, the cloud, and predictive analytics.
Empowered to say “No.” The last question posed to the panel was what is the one key thing that is fundamentally the most important aspect of a CRO’s role. One panelist answered by saying it is the ability to manage emerging risks, another said the use AI is most important because AI “has the potential to affect everything across every risk discipline.” While a third panelist indicated it is the ability to “Yes,” because that opens a firm to opportunities, a fourth panelist emphatically said the most important thing is for the CRO to be empowered to say “No.”
