How Chief Risk Officers Have Become ‘Beacons of Trust’

Balancing regulatory adherence with strategic business initiatives, CROs are increasingly recognized as trusted, integral leaders within their organizations, and are naturally in high demand.

In this two-part article, Odgers Berndtson’s Robin Farley, Emily McGonigle and Martine Klutz examine the advancement of the CROs in the UK, Canada and Belgium - drawing comparisons across their respective countries.

The CRO’s role evolution

UK

We have seen the role of the CRO evolve significantly since the 2008 financial crisis, and the pace of that evolution has only increased in the past five years. While expertise in key financial and non-financial risk disciplines is important, the ability to adapt to change, navigate an increasingly digital landscape, and support commercial decision making are seen as essential skills. 

There seems to be significant risk in the system at the moment. The geopolitical landscape has become more complicated, the world more polarised and the ensuing risks more unpredictable. The skills required for these key executive committee level roles are evolving as are the mandates. The role is incredibly varied as some CROs are brought in to help support remediation, while others position organizations for growth. 

They need to be curious, commercial and calm under pressure. What is very clear, even in 2025, is that the best CROs still remain in short supply. 

Canada

After the 2008 financial crisis, the focus was on managing financial risks like credit and market risks. While models in this area are now well developed, there has been a huge shift towards managing non-financial risk in recent years. The issues facing CROs are constant, and risks are volatile and potent; the risk function needs to advance and mature to handle these effectively. 

A CRO must be skilled in managing technical and financial risks but also influential in areas like cyber security, third-party and operational risk. Given the large-scale market disruptions in recent years - including cyber-attacks, COVID-19 and environmental disasters - it is key that organisations ensure they can withstand disruptions to critical services and processes.

When an organization’s risk culture is weak, people will find ways to circumvent controls. A strong risk culture is essential to supporting an effective control environment as it sets expectations for behaviors and fosters adherence to controls. It is important for risk leaders to be embedded within the organization by “being at the table” to discuss and manage risk and ultimately deliver shareholder value and preserve trust.  

Belgium

The role of the CRO has developed significantly. Modern CROs must possess expertise in both financial and non-financial risks, adapt to rapid changes, navigate a digital landscape, and support commercial decision-making. The geopolitical landscape has become more complex, increasing the unpredictability of risks. CROs now need to build strong relationships with regulators and provide strategic guidance. 

Specifically, the focus has shifted from managing financial risks to addressing non-financial risks such as cyber security, operational risks, and regulatory compliance. The CROs we interviewed emphasized the speed of new legislation, the influence of Joint Supervisory Teams (JST), and the need for a much higher level of governance across all regulatory areas. New regulations significantly affect the audit trail, making thorough documentation essential. Banks receive numerous recommendations, complicating management. 

Regulations are becoming faster, more complex, and more voluminous. Regulation was previously more integrated into operational teams but has now shifted towards risk and compliance functions. Compared to a few years ago, business and operations are more willing to work together with the CRO and their teams. Accessing internal information is more acceptable, and the CRO is more proactively embedded into operations, which is a positive development. 

However, the regulatory agenda and pressure are becoming more stringent and complex. CROs find it challenging to balance understanding these requirements, ensuring they are respected, and clearly defining the playing field for the business to continue operating. This sometimes requires pushback to find a safe, profitable, and sufficiently large space for business. The role has certainly become more technical than before.

International demand for CROs

UK

Demand for the best leaders remains very high and succession planning continues to be a challenge for these roles. Increasingly, we are seeing CROs step into Board, CFO and CEO roles, showing how in demand their skills and perspectives are, particularly in large, highly regulated institutions.   

Canada  

CROs now need to bring different skills to the table. Technical skills used to be the key focus, and is still essential, representing a core part of the role, but soft skills are increasingly more important. Persuasiveness and influencing skills are key to gaining buy-in from the business and respect for the function - successful integration results in a stronger ability to manage risk collaboratively. The role requires a broader range of skills and experience and the ability to adapt in an area that is constantly evolving with new risks emerging at increasing speed.    

Organizations have shifted from looking within their organization to develop CROs, to looking out in the market to bring in new skillsets and experience. The priority on having a strong risk function and the increased complexity of the role has put focus on bringing top talent to lead this area.   

Belgium

The international demand for CROs, including those with compliance responsibilities, has been growing significantly. Traditionally, risk and compliance roles were seen as less attractive compared to business roles, which offer more direct returns. However, these roles are becoming increasingly critical, and there is now a more favorable perception of these positions. 

The European Central Bank, for example, places significant importance on these roles, scrutinizing the CRO, CFO, and CEO more closely. This increased scrutiny has broadened the scope of CRO roles to cover a wide range of areas, including non-financial risks such as cyber security and operational risks, as well as regulatory compliance. 

There is a shift in the profiles required for CRO functions, bringing new talent into the market. Banks and other organizations are now more interested in hiring individuals who align with ethical standards and are committed to doing better for their clients. This shift reflects a broader trend where people are increasingly considering the purpose and values of a company when choosing their careers. 

Beyond technical responsibilities, these roles require individuals who can navigate the fast-evolving regulatory landscape, build strong relationships with regulators, and provide strategic guidance to support business growth. The ability to balance regulatory compliance with commercial decision-making is essential. 

In summary, the role of the CRO has evolved to become more strategic and integral to business operations, making it a critical function within organisations worldwide.

The second part of this article, due to be published shortly, will explore how CROs deal with regulation, the influence of technology and the main challenges they face. 

______________________________________________________

Get in touch. Follow the links below to discover more or contact our dedicated leadership experts from your local Odgers Berndtson office here.