CROs AS RISK GOVERNANCE ACTORS

The role of Chief Risk Officer ("CRO") is gaining greater importance as banks increasingly adopt risk governance practices, as defined by the FSB (2013) as the framework through which the board and management establish the firm's strategy, articulate and monitor adherence to risk appetite and risk limits, and identify, measure and manage risks. CROs are key actors because of the accountability and single focus on risk that they often bring to the table. That isn't to say risk level considerations should always drive the totality of every decision (return for taking risk, fitting risk appetite to strategy, and the like) are important too; but boards should have direct access to the views and opinions of the CRO.  

Moreover, the roles of the CRO are evolving as well as they begin to face strategic issues such as M&A considerations, product offerings and client-based considerations as well. The WSJ ran an article recently (by Mara Lemos Stein, April 1st 2016) which highlights the role of CROs working in tandem with compliance chiefs to manage conduct risk and by extension reputation risk.  Another sign of the growing importance of this role is its positioning vis-a-vis the board and the CEO, with some 68% of CROs now reporting directly to the CEO and 46% reporting to the board directly according to a Deloitte 2014 report. I also note research conducted by Aebi, Sabato and Schmid (2011) which identifies the relationship between US BHC performance and this reporting line to the top.  However, the role of the CRO must also not been seen as the BPU (business prevention unit) either, as pointed out by the WSJ.  They can be important facilitators of doing business and ensuring the risk infrastructure and culture develops to support growing firms too. 

Comments