Increasing global risks, economic uncertainty, and the evolving financial industry are having an unprecedented impact on risk managers’ function, skillset, and expertise. A keen understanding of global issues, technology skills, strategy and leadership qualities, being innovative and able to anticipate events are becoming hugely important. Based partly on a panel discussion held at Risk Europe 2023, in this paper we provide an analysis of the changing role of the Chief Risk Officer (CRO).
A lot of attention was placed on the CRO function during the failure of Silicon Valley Bank (SVB), which resulted in the destruction of over $40 billion in shareholder value and forcing unprecedented government intervention to protect depositors. SVB had been without an active CRO for approximately eight months before its collapse and this was considered a main contributor to the bank’s downfall.
That was a real eye-opener, and while it put a spotlight on the CRO role, it was not the event that launched the transformation of the function over the last several years. Going back to the global financial crisis and events thereafter, the job has seen growing complexity and a rapidly expanding set of tasks.
Traditionally, the CRO function was seen as a business support position whose focus was mainly on traditional financial risk types, such as credit, liquidity and market risks, as well as on ensuring compliance with regulators. But the role of the CRO has evolved and continues to move from the traditional risk types and the mandates that were imposed pre-global crisis to other types of risks and new regulatory requirements.
According to the panel at Risk Europe, these are the ways the CRO role has transformed.
Strategic adviser
Since the CRO is best positioned to identify risks that present threats and even those that may present opportunities, the CRO can influence strategy with respect to both the C-suite and board levels and help them make the right decisions. For this reason, the CRO needs to take the time to cultivate a partnership with the business leaders to earn their trust. This way the CRO becomes more powerful and begins to gain free and unfettered access to the C-suite and the board, e.g., having a seat at the table. When the CRO reaches the level of strategic partner and trusted adviser, people will listen to the CRO and say, “Yes, that sounds right.” Eventually, this could evolve into having the independence to make decisions.
Builder of the risk culture
In addition to being a strategic adviser, the CRO also has the responsibility to raise a risk-awareness culture. At an organisation, risk has to be fundamental to everything it does and it should be everyone’s responsibility to share that culture of risk awareness—to share a common understanding of what the firm’s risk appetite is and what are the risk-taking limits. The CRO also needs to have the right team in place to have the right risk culture.
Team leader
When you look at the scope of the CRO’s role today, it's far reaching and it's probably impossible for one person to have all of the necessary skills to successfully and holistically manage an organisation’s risk. So, it should be made a requirement for the CRO to build, manage and lead a team that can cover the scope of increasing risks.
The more capable people you have around you with in-depth knowledge of the subject matter in particular areas, the better off the CRO will be. This is because the idea that you could be an “all-rounder” doesn’t really work anymore.
Technology embracer
As mentioned, the role of CROs is changing for good, and technology will help them succeed through this change.
With the advancement in emerging technologies, next-generation tools, and the greater availability of real-time data, and higher volumes of it, this has enabled risk managers to enhance their capabilities to deliver not only an efficient risk function, but an enhanced understanding of the sources and causes of business risks. Examples of these technologies and tools include AI, machine learning, the cloud, and predictive analytics.
Empowered to say “No.”
The last issue the panel discussed was regarding what is the most important aspect of a CRO’s role. One panellist answered by saying it is the ability to manage emerging risks, another said the use of AI is most important because AI has the potential to affect everything across every risk discipline. While a third panelist indicated it is the ability to say “Yes,” because that opens a firm to opportunities, a fourth panelist emphatically said the most important thing is for the CRO to be empowered to say “No.”
For additional Numerix thought leadership content, please visit: https://www.numerix.com/white-papers-articles-reports