What's required of a modern CRO?
Perhaps no role has changed in recent years quite as much as that of the CRO – the Chief Risk Officer. CROs are no longer the back-office workers they once were in the 1990s when the role was popularized, having moved well beyond a technical role to one that encompasses all manner of skills and capabilities. Technology remains central to CRO responsibilities, though, and as technology continues to advance and play a larger role in bank strategies, CROs need to make sure they stay afoot of developments.
So, what should a modern CRO look like?
Soft skills in high demand
Risk management draws on a blend of specialised statistical, actuarial, financial and economic modelling skills, and while it is crucial for a CRO to have this technical expertise, it’s the soft skills like relationship management, clear communication and having the ability to earn trust on the board that are essential to separate a risk analyst from CRO.
In many organisations, the risk team encompasses multiple people with a broad range of capabilities and areas of speciality, from information security specialists, regulatory compliance professionals to lawyers and actuaries. The CRO needs to have the capability to bring those people together, to manage them and to motivate them.
Recent years have seen increasing shareholder engagement, whether it is activist hedge funds or institutional investors who see interactions with their portfolio companies as an important part of their fiduciary duty. Investors are looking for warning signs that signal downside risk—CROs should have a role in crafting responses to shareholder engagement where risk factors are at issue, perhaps even working more closely with investor relations to craft outreach and keep their company’s shareholder base happy.
Peter Grewal, Group Chief Risk Officer at QBE Insurance adds that a CRO also has to be able to deliver information, "It's straight forward to produce a report which captures facts, issues and events, but what people are really looking for is your opinion. You have to have the courage and the right capabilities to be able to deliver that opinion in a way that makes it relevant.”
Managing the risk landscape
How can CROs manage the shifting risk landscape of today? Fabrice Brossart, Chief Risk Officer at AIG EMEA highlights the challenge, "we all know what the threats are, the question is how do you go about analysing them and how do you go about prioritising them? That should be something that changes on a regular basis.”
Where CROs could add value to the board is in connecting the dots of emerging risks, keeping in mind that rarely are threats so tidily categorizable as “IT” or “culture” or “compliance.” A crucial part of the CROs role is understanding the interconnectedness of risks, filtering, prioritising and highlighting how relevant they are to the organisation.
Crisis management versus strategic driving
Dealing with a crisis when it happens is a key role for the CRO, but the success or failure of this management has strong ties to how the company prepared itself. As with most things, being proactive rather than reactive ensures that any crisis is much more manageable (or perhaps completely avoidable).
The nature of potential crises is constantly shifting, but there are some which banks have on high priority, including cyber-attacks, regulatory compliance, and macroeconomic trends.
When it comes to preparation, the CRO also carries a lot of the burden. War-gaming, simulation exercises—the bread and butter of risk management—are crucial aspects of the CROs job, ones that have not seen their importance diminish. Being a CRO remains a deeply practical role, one that requires constant planning and execution.
On the other side of the coin, driving strategy and identifying opportunities are functions the CRO is becoming more and more involved in. This is where soft skills come in handy, as building trust with the C-suite and board is crucial. Fabrice continues, "it doesn’t always mean that the CRO ends up shaping the strategy, but we help management have a clear view – they make their decisions with more information, even if we say go left and they end up going right."
And it isn’t just the quantitative aspect that the CRO brings to the table, real value is being found by bringing risk managers to assess the achievability of a plan and the quality of the assumptions that have been made during its formation.
“Equally, you have to be able to prepare the board in case their strategic assumptions don't work out," explains Alex Duncan, Chief Risk Officer at Just. "Being able to have a conversation about possible futures is a powerful tool to help bring about a richer conversation in the boardroom."
Tomorrow's CRO talent
CROs need to prepare for the future and ensure they are finding the right talent for their teams, something which can prove difficult to do. It is an unfortunate reality for banks that they are struggling in the competition for talent with fintech start-ups and the general tech sphere, even consulting. At least in the U.S., consulting has become the prime destination for top business school talent, leaving many banks to wonder how to continue attracting talent. Finding junior talent should concern banks that are looking to groom the next generation of risk leadership.
Duncan thinks, "where do we fish for the future CROs? What I'm looking for goes beyond the technical; it's a breadth of experience. Ideally it includes some commercial knowledge as well as interpersonal skills.” Meanwhile, Brossart believes a key skill to recruit for is flexibility to be able to plan in the medium term as well as helping a business manage a crisis. For Grewal, leadership skills have to be top notch, because the CRO has a massive influence on organizational culture.
